Privacy policy

We are delighted by your interest in our site. Data protection is a particularly important matter for the management of our site. Use of our website is generally possible without providing any personal data; however, if a data subject wishes to use specific services offered through our site, processing of personal data may become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally seek the consent of the data subject.

The processing of personal data — such as a name, address, email address or telephone number — will always be carried out in line with the General Data Protection Regulation (GDPR) and with any applicable country-specific data protection rules. By means of this privacy statement, our site wishes to inform the public of the nature, scope and purpose of the personal data we collect, use and process, and to set out the rights to which data subjects are entitled.

As the controller, our site has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions may have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, e.g. by telephone.

1. Definitions

This privacy statement is based on the terms used by the European legislator for the adoption of the GDPR. It is intended to be readable and understandable for the general public, as well as for our customers and business partners. We use, among others, the following terms:

a) Personal data — any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

b) Data subject — any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing — any operation performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing — the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling — any form of automated processing of personal data consisting of the use of personal data to evaluate personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person’s performance at work, economic situation, health, preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation — the processing of personal data in such a manner that it can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organisational measures.

g) Controller — the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

h) Processor — a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient — a natural or legal person, public authority, agency or another body to which personal data is disclosed, whether a third party or not.

j) Third party — a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons authorised to process personal data under the direct authority of the controller or processor.

k) Consent — any freely given, specific, informed and unambiguous indication of the data subject’s wishes, by which they signify, by a statement or a clear affirmative action, agreement to the processing of personal data relating to them.

2. Name and address of the controller

The controller for the purposes of the GDPR and other applicable data protection laws in the Member States of the European Union is MAYRAH, registered office in Sharjah, United Arab Emirates. Contact email: contact@mayrah.fr.

3. Cookies

Our website uses cookies. Cookies are text files that are stored in a computer system via an internet browser. Many websites and servers use cookies, which often contain a so-called cookie ID — a unique identifier consisting of a character string through which websites and servers can be associated with the specific browser in which the cookie is stored.

Cookies allow our site to provide users with more user-friendly services that would not be possible without cookies, and help us recognise users of our site. The purpose of this recognition is to make it easier for users to use our website (e.g. avoiding the need to re-enter login data on each visit, or remembering items placed in a shopping cart).

You can prevent the setting of cookies through our website at any time by adjusting your browser settings, and previously set cookies may be deleted at any time using a browser or other software. This is possible in all common browsers. If you deactivate cookies in your browser, not all features of our website may be fully usable.

4. Collection of general data and information

Our website collects a series of general data and information when a data subject or automated system calls up the website. These data and information are stored in the server log files. The following may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimise the content of our website and the advertising for it, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. The anonymous server log file data is stored separately from any personal data provided by a data subject.

5. Registration on our website

The data subject has the option of registering on the controller’s website with the indication of personal data. Which personal data is transmitted to the controller is determined by the respective input mask used for the registration. Personal data entered by the data subject is collected and stored exclusively for internal use by the controller.

When registering on the controller’s website, the IP address allocated by the internet service provider (ISP) and used by the data subject is also stored, together with the date and time of registration. This is necessary to prevent the misuse of our services and, where applicable, to enable the investigation of any offences committed. The data is not transmitted to third parties unless there is a legal obligation to do so or unless the transfer is required for criminal prosecution.

Registered data subjects are free at any time to modify the personal data given during registration or to have it completely deleted from the controller’s data stock. The controller will provide information at any time, on request, on which personal data is stored about the data subject, and will rectify or erase personal data at the data subject’s request, in so far as there are no statutory storage obligations to the contrary.

6. Subscription to our newsletters

On our website, users have the opportunity to subscribe to our company’s newsletter. The input mask used for this purpose determines which personal data is transmitted, as well as when the newsletter is ordered from the controller.

Our site informs its customers and business partners at regular intervals about company offers by means of a newsletter. The newsletter can only be received if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter shipping. A confirmation email is sent to the email address registered by a data subject for the first time for the newsletter, for legal reasons, in the double opt-in procedure. This confirmation email serves to prove that the owner of the email address is authorised to receive the newsletter.

When registering for the newsletter, we also store the IP address of the computer system assigned by the ISP and used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to understand any (possible) misuse of an email address at a later date.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. The subscription can be cancelled at any time by the data subject. The consent for the storage of personal data given for sending the newsletter may be revoked at any time. For the purpose of revoking consent, a corresponding link is included in each newsletter. It is also possible to unsubscribe from the newsletter directly on our site’s website at any time, or to communicate this to our site in a different way.

7. Newsletter tracking

Our site’s newsletters contain so-called tracking pixels — a miniature graphic embedded in such emails sent in HTML format to enable log file recording and analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns.

Based on the embedded tracking pixel, our site can see if and when an email was opened by a data subject, and which links in the email were called up by data subjects. Such personal data collected in the tracking pixels contained in the newsletters is stored and analysed by the controller in order to optimise the shipping of the newsletter and to adapt the content of future newsletters even better to the interests of the data subject.

This personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double opt-in procedure. After a revocation, this personal data will be deleted by the controller. Our site automatically regards a cancellation from the receipt of the newsletter as a revocation.

8. Contact possibility via the website

Our website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address for electronic mail. If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis is stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

9. Routine erasure and blocking of personal data

The controller processes and stores the data subject’s personal data only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject. If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with the legal requirements.

10. Rights of the data subject

a) Right of confirmation — the right to obtain from the controller confirmation as to whether or not personal data concerning them is being processed.

b) Right of access — the right to obtain, free of charge, information about the personal data stored at any time and a copy of this information, as well as information about: the purposes of the processing; the categories of personal data concerned; the recipients to whom the personal data has been or will be disclosed; where possible, the envisaged storage period; the existence of the right to request rectification or erasure of personal data, or restriction of processing, or to object to such processing; the existence of the right to lodge a complaint with a supervisory authority; where the personal data is not collected from the data subject, any available information as to its source; and the existence of automated decision-making, including profiling.

c) Right to rectification — the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them.

d) Right to erasure (“right to be forgotten”) — the right to obtain from the controller the erasure of personal data concerning them, without undue delay, where one of the grounds set out in the GDPR applies.

e) Right of restriction of processing — the right to obtain restriction of processing where one of the conditions set out in the GDPR applies.

f) Right to data portability — the right to receive personal data concerning them, which has been provided to a controller, in a structured, commonly used and machine-readable format, and the right to transmit that data to another controller without hindrance from the original controller, where the processing is based on consent or on a contract, and the processing is carried out by automated means.

g) Right to object — the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them, where the processing is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions. If personal data is processed for direct marketing purposes, the data subject has the right to object at any time.

h) Automated individual decision-making, including profiling — the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision is necessary for entering into or performing a contract, is authorised by Union or Member State law, or is based on the data subject’s explicit consent.

i) Right to withdraw data protection consent — the right to withdraw consent to the processing of personal data at any time.

To exercise any of these rights, the data subject may contact our site at any time by email at contact@mayrah.fr.

11. Legal basis for the processing

Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, processing is based on Article 6(1)(b) GDPR. The same applies for processing operations necessary for the implementation of pre-contractual measures.

Where our site is subject to a legal obligation requiring the processing of personal data, for example to comply with tax obligations, processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person; in that case, processing is based on Article 6(1)(d) GDPR.

Finally, processing operations could be based on Article 6(1)(f) GDPR (legitimate interest), provided that the interests, fundamental rights and freedoms of the data subject are not overridden.

12. Legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out our business in favour of the well-being of all our employees and our shareholders.

13. Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

14. Provision of personal data as a statutory or contractual requirement

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our site signs a contract with them. Non-provision of the personal data would mean that the contract with the data subject could not be concluded.

15. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

This privacy policy has been adapted into English from the original French version for the convenience of English-speaking customers. In case of discrepancy, the French version prevails for matters governed by French law.

For any question regarding our privacy practices, please contact us by email at contact@mayrah.fr.