Mayra Group
Mayra Group
Holding
Legal

Privacy policy

This is a convenience translation. In case of discrepancies, the German version is legally binding.

Last updated: June 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Mayra Group GmbH
represented by the Managing Director Burak Okumus
Achalmstraße 38
71088 Holzgerlingen
Germany

Email: info.mg@wearemayra.com

2. General information on data processing

As a matter of principle, we process the personal data of our users only to the extent necessary to provide a functional website as well as our content and services. Processing takes place only with the user's consent or where the processing is permitted by statutory provisions.

3. Provision of the website and server log files

Each time our website is accessed, our hosting provider automatically collects information that your browser transmits (so-called server log files):

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the file retrieved
  • Volume of data transferred
  • Notification of successful retrieval
  • Browser type and version, operating system
  • Referrer URL

The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in security and stability). The data is deleted after a maximum of 30 days.

4. Hosting

This website is provided via Lovable (gridaco s.r.o. / Cloudflare). A data processing agreement pursuant to Art. 28 GDPR is in place with the provider. The servers are located within the European Union or operate while maintaining an adequate level of data protection.

5. Contact form and email contact

If you contact us via our contact form or by email, your details (name, email address, message) are stored and used solely to process your enquiry. The legal basis is Art. 6 (1) (b) GDPR (contract or pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in responding to the enquiry).

To protect against misuse (spam, automated requests), we also briefly store your IP address when the form is submitted in order to limit the number of requests per time period (rate limiting). The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in IT security). These IP addresses are automatically deleted after 24 hours at the latest.

To ensure the traceability of confirmation and notification emails, we keep a technical sending log (recipient email, template, status, timestamp). These logs are automatically deleted after 12 months.

The remaining data is deleted as soon as it is no longer required to fulfil the purpose and no statutory retention obligations conflict with deletion.

5a. Processors / recipients

To provide the website and to send emails, we use the following service providers, with each of whom a data processing agreement pursuant to Art. 28 GDPR is in place:

  • Lovable / Cloudflare – hosting and provision of the website
  • Supabase – database and backend infrastructure (servers in the EU)
  • Resend – sending of transactional emails (confirmations, notifications)

6. Use of web fonts (Google Fonts)

To ensure a consistent display of fonts, this website uses external fonts from Google Fonts (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). When a page is accessed, your browser loads the required fonts, which may result in your IP address being transmitted to Google. The legal basis is Art. 6 (1) (f) GDPR.

Further information: policies.google.com/privacy

7. Local storage

We use your browser's local storage solely to store your selected language (German / English) and your acknowledgement of the notice banner regarding local storage. This storage is technically necessary and takes place on the basis of § 25 (2) no. 2 TDDDG (German Telecommunications Digital Services Data Protection Act). No tracking, analytics or marketing cookies are used and no transfer to third parties takes place.

8. Your rights as a data subject

You have the following rights vis-à-vis us with regard to your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent given (Art. 7 (3) GDPR)

9. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The supervisory authority responsible for Mayra Group GmbH is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg)
Lautenschlagerstraße 20
70173 Stuttgart
baden-wuerttemberg.datenschutz.de

10. SSL/TLS encryption

For security reasons, this site uses SSL/TLS encryption. You can recognise an encrypted connection by the lock symbol in your browser’s address bar and by the "https://" prefix.

11. Validity and amendment of this privacy policy

This privacy policy is currently valid. As our website develops further, or due to changes in statutory or regulatory requirements, it may become necessary to amend this privacy policy.