Privacy policy

We are delighted about your visit to our websites. Below, we wish to inform you about the handling of your data in accordance with Article 13 General Data Protection Regulation (GDPR).



The unit specified in the legal notice is responsible for the data collection and processing stated below.


Storage of the IP address

We store the IP address sent by your web browser associated strictly with the purpose for the duration of seven days in the interest of identifying, limiting and rectifying attacks to our website. On expiry of this period, we delete or anonymise the IP address. The legal basis is Article 6(1)(f) GDPR.


Usage data

When you visit our web pages, so-called usage data for statistical purposes are temporarily stored on our web server as a protocol in order to improve the quality of our web pages. This record consists of

  • the name of the file,
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (file transfer, file not found),
  • the description of the type of web browser used,
  • the IP address of the requesting computer, which is shortened so that a personal link is no longer established.

The stated protocol data are saved in an anonymised manner.


Data transmission to third parties

We send your data to service providers within the framework of contract processing under Article 28 GDPR, which support us when operating our websites and the associated processes. Our service providers are bound strictly by our instructions and obligated accordingly by contract. We use the following service providers: Google Analytics, Google Adwords, Google Dynamic Remarketing, SC-Networks and Softgarden.


Data transmission to third-party countries

We occasionally transmit personal data to a third-party country outside the EU. In doing so, we ensure an appropriate data protection level: In the event of Google Analytics (USA), an appropriate data protection level follows from the participation in the Privacy Shield treaty (Article 45(1) GDPR).



We use cookies on our websites. Cookies are small text files that can be saved on your computer and read. A distinction is made between session cookies, which are deleted again as soon as you close your browser window and permanent cookies, which are stored beyond the single session. Cookies may contain data that make it possible to identify the device used. However, some cookies merely contain information on certain settings that cannot be related to specific persons. We use session cookies and permanent cookies on our websites. The processing is carried out on the basis of Article 6(1)(f) GPDR and in the interest of optimising or enabling user navigation and adjusting the presentation of our website.

You can set your browser so that it informs you of the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser settings and prevent the setting of new cookies. Please note that our websites may then no longer be displayed optimally and some functions will not be technically available.


Download and contact form

On our website, you may use a contact form to enter personal data. If you use the contact form, we collect and store the data you enter in the input screen (e.g. second name, first name, email address). There will be no forwarding to any third parties. If consent is given, the legal basis for the processing is Art. 6(1)(f) GPDR such as Art. 6(1)(a) GDPR. If your request has the purpose of preparing the signing of a contract, Art. 6(1)(b) GDPR is an additional legal basis. We use the data to process and answer your request only.

We process and store your data only for as long as it is required for the processing or for complying with statutory duties. Once the purpose of processing no longer exists, your data will be blocked or erased. If there are any additional statutory duties to store the data, we block or erase your data upon the lapse of the statutory storing periods.


Google Analytics

For the need-compliant design of our website, we create pseudonym usage profiles with the use of Google Analytics. Google Analytics uses cookies that are saved on your computer and read by us. This allows us to identify returning visitors and count them. Data processing is carried out on the basis of Article 6(1)(a) GDPR and in the interest of learning how frequently our websites are accessed by different users. The information about your use of this website generated by the cookie is generally transmitted to a server of Google in the US and stored there. As we have activated IP anonymisation on this website, your IP address is, however, first shortened by Google within the member states of the European Union. Only in exceptional cases is the full IP address transferred to a server of Google in the US (an appropriate data protection level exists under Article 45(1) GDPR from Google's participation in the Privacy Shield) and only shortened there. We have also concluded an agreement on contract processing under Article 28 GDPR with Google Inc. (USA). Google will therefore only use all information strictly for the purpose of analysing the use of our website for us and compiling reports on the website activities. You can withdraw your consent to the processing. To this end, please use one of the following options: You can prevent the storage of cookies by making corresponding settings in your browser software; however, we would like to point out that you may not be able to use all functions of this website to their full extent. You can also prevent the entry of the data created by the cookie and relating to your use of the website (incl. your IP address) to Google as well as the processing of these data by downloading the browser plug-in available at the following link and installing it. You can also prevent any recording by Google Analytics by clicking on the following link Click here to opt-out of Google Analytics processing your data. An opt-out cookie is set, which permanently prevents the future collection of your data when visiting this website. By confirming with “Yes” in the cookie layer, you give your consent to the following data processing:


Google Adwords Remarketing

We use cross-device remarketing technologies of Google so that target ads to other websites can be displayed to you on the basis of your visit to our websites. Data processing takes place on the basis of your consent under Article 6(1)(a) GDPR.


How does remarketing work?

When you visit our website, it is possible that Google retrieves recognition features for your browser or your end device (e.g. creates a so-called browser fingerprint), analyses your IP address or saves a recognition feature in the form of a small text file on your end device (e.g. a so-called third-party cookie). It is also possible that Google links and saves your visit to our websites with one or more of these recognition features in order to display our advertising on other pages on the internet. The above recognition features are designed as a pseudonym and can be used by Google to recognise your end device on other websites. When, for instance, you visit a website that participates in the display advertising network of Google (i.e. advertising displayed on behalf of Google), Google can recognise your end device and browser using the above features. We can also apply so-called remarketing tools to our websites. This means that we can enter keywords on our websites that contain information on the content of the pages displayed (for instance product or service categories). The keywords we use have neither personal nor sensitive information. Google receives and saves these keywords for the above recognition purposes. As such, when you visit a page that has been given keywords of a certain product category, Google saves this keyword and allocates it to your recognition features. We can thereby task Google to place ads on our websites that are guided by the pages visited at our end. Therefore, when you visit another website that participates in the display ads network of Google, Google can identify using the recognition features and the keywords stored for these recognition features whether and, if applicable, which of our ads are to be displayed to you.

What does cross-device marketing mean?

If you log in to Google services with your own login details or use one or more own Google accounts, Google can link the recognition features of several browsers and end devices with one another. As such, if Google has created an own recognition feature for the laptop, desktop PC or smartphone or tablet used by you, these recognition features can be allocated to one another as soon as you use or have used a Google service with your login details. This allows Google to also display our advertising campaigns via end devices in a targeted manner. However, Google will only do this if you have declared your consent to this data processing in the past.


Google Adwords

As an AdWords customer, we also use Google Conversion Tracking, an analysis service of Google. In this process, Google Adwords places a cookie on your computer (conversion cookie), if you reached our website via a Google ad. These cookies become invalid after 30 days and are not used for personal identification. When you visit certain websites of ours and the cookie has not yet expired, we and Google can identify that someone clicked the ad and was thereby directed to our site. Each AdWords customer gets a different cookie. Cookies can therefore not be tracked over the websites of AdWords customers. The information obtained with the use of the conversion cookie serve to create the conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of users that clicked on their ad and were directed to a page featuring a conversion tracking tag. However, they do not receive any information that allows identifying the user personally. If you do not wish to participate in the tracking procedure, you can also reject the necessary setting of a cookie - for instance via browser settings, which deactivates the automatic setting of cookies in general. You can also deactivate cookies for conversion tracking by setting your browser in such a way that cookies are blocked by the domain. To this end, we delete your user and event data in Google Analytics after 14 months.


Google AdSense

We also use Google AdSense, a web display service of Google, to run adverts (text displays, banners, etc.). In this process, your browser may save a cookie sent by Google or third parties. The information stored in the cookie can also be recorded, collected and analysed by third parties. In addition, Google AdSense also uses small invisible graphics to collect information, which can be used to record, collect and analyse simple actions such as visitor traffic on the website. The information created by the cookie and/or graphics about your use of this website is transferred to a Google server in the US and stored there. Google uses the information thereby received to carry out an analysis of your usage behaviour with regards to AdSense ads. Google may also transfer this information to third parties if prescribed by law or if third parties process these data on behalf of Google. Google will not associate your IP address with other data stored by Google. You can prevent the storage of cookies on your hard disk and the display of the specified graphics. As for the other cookies described, the following also applies here: You must deactivate the acceptance of cookies in your browser settings. We delete your user and event data in Google Analytics after 14 months.

You have the possibility of making settings for advertising. You can object to this form of advertising. To do this, please go to:



hmmh uses services of etracker GmbH from Hamburg, Germany ( for the analysis of usage data. It uses cookies that allow a statistical analysis of the use of the hmmh website by its visitors and the display of usage-related content or advertising.

The data generated with etracker are processed and stored by etracker exclusively in Germany and are therefore subject to the strict German and European data protection laws and standards. etracker was independently audited, certified and awarded the privacy seal ePrivacyseal.

Data processing takes place on the legal basis of Art. 6 para. 1 lit a (consent, here: your consent to the use of cookies) of the EU General Data Protection Regulation (EU GDPR). The purpose of the survey is the optimization of our online offer and our website. Since the privacy of our visitors is particularly important to us, etracker's IP address is anonymized as early as possible and log-in or device identifiers are converted into a unique, but not individual-assigned key. Any other use, combination with other data or a transfer to third parties by etracker not.


hmmh Newsletter

You can subscribe to our newsletter on our website to receive information about our company's products and services. We only require your e-mail address and some additional voluntary information. When you click on "subscribe", you provide your consent to receive the hmmh newsletter. If you have provided a separate consent for this, your information is processed accordingly based on Art. 6 Para. 1 (1)(a) of the GDPR. You can withdraw your consent at any time without affecting the legality of the processing up to that time. If you withdraw your consent, we will suspend the corresponding data processing. If you no longer wish to receive the newsletter in the future, you can unsubscribe at any time by clicking on the corresponding link at the end of each newsletter. We will delete your data within 3 months after you have withdrawn your consent to receive the newsletter or unsubscribed from it.

We use the "Evalanche" tool by the SC-Networks GmbH to send our newsletter. There, we store the following data for each newsletter: opening data (date/time, browser type, mail client type, mailing) as well as clicks on image and text links in order to be able to tailor our information and optimise delivery specifically for you. For this purpose, we use cookies when you subscribe and when you receive the newsletter which are deleted at the latest after 24 months. This data is stored and analysed centrally. If you click the check box with the note concerning this privacy protection declaration when subscribing to the newsletter, you consent to this personalised data processing. You can object to the personalised tracking by clicking on the respective link at the end of each newsletter. The newsletter subscription and cancellation date and the consent / objection to tracking is always stored with your personal IP address so that hmmh can provide you with information upon request. For security purposes, all data is backed up. The backup is deleted after 12 months.

The operator of Evalanche (the SC-Networks GmbH, Starnberg) processes personal usage data exclusively for us on specially protected systems in adherence to the Germany Privacy Protection Act. The legal basis for the processing is provided by Art. 6 Para. 1 lit. f of the GDPR. Our justified interest lies in providing customised information. Under no circumstances do we sell personal data to third parties or provide it to third parties for use in any other way, unless you have separately consented to this in accordance with legal regulations.


Social media plug-ins

For reasons of data protection, we do not embed social plug-ins directly in our website. If you visit our sites, no data are therefore sent to social media services, such as Facebook, Twitter, XING or Google+. A profile creation by third parties is therefore ruled out. However, you nevertheless have the option to share selected pages by clicking on Facebook, Twitter, XING or Google+ buttons and also see where they were often shared in the past when retrieving the contributions. To this end, we use the so-called Shariff solution, which was developed by c’t magazine to offer a data protection-compliant alternative to classic social plug-ins. What is behind this? The Shariff solution results in all data and functions required for presenting the Facebook, Twitter, XING or Google+ being provided by our web server as a first step. Only once you have decided to share a contribution via the corresponding button and click on it is a data transmission made to the operator of the relevant social media service.


Automated decision making

As a webpage user, you have the right not to be subjected to full automatic processing, which takes legal effect in your relation or impacts on you considerably. The legal basis for the processing is Article 6(22) GDPR. Automatic decision making may only be carried out if it is required for the conclusion or performance of an agreement, national exceptions exist or you expressly agree to the process. If one of the exceptions applies, we guarantee appropriate measures to maintain your rights and freedoms. If you wish to assert your rights, please contact our data protection officer at


Data security

To protect your data from unwanted access as comprehensively possible, we implement technical and organisational measures. We use encryption methods on our pages. Your details are transferred from your computer to our server and vice versa via the internet using TLS encryption. You can see this by the status bar of your browser displaying a closed lock symbol and the address line beginning with http://https://.


Online applications

For carrying out online applications, we use the contractor Softgarden. We process your personal data in accordance with the valid data protection provisions on the basis of Section 26 Federal Data Protection Act (BDSG-new). We process the data that you disclose to us within the framework of your online application solely for the purposes of applicant selection. Data processing for other purposes does not take place. You personally define the scope of the data that you wish to send us within the framework of your online application. Online applications are transmitted to our HR department and processed there as quickly as possible. The transmission is carried out in an encrypted form. As a rule, applications are forwarded to the head of the responsible specialist departments at our company. Your data are otherwise not disclosed. Your details are treated confidentially at our company. In the event of unsuccessful applications, your documents are deleted on expiry of 6 months.

In the event that we consider your application also for other or future job openings, we request a corresponding note in the application. We will then process your data on the basis of Article 6(1)(a) GDPR.


Facebook company page

We operate under the URL, an official Facebook page on the basis of Article 6(1)(f) GDPR. We do not collect, store or process personal data of our users on this page at any time. Furthermore, no other data processing is carried out or initiated by us. The data entered by you on our Facebook page, such as comments, videos or images, are at no time used or processed for other purposes. Facebook uses so-called web tracking methods on this page. Please be aware of the following: It cannot be ruled out that Facebook uses your profile data to analyse your habits, personal relationships, preferences, etc. We have no influence on the processing of your data by Facebook.


Your rights as a user

When processing your personal data, the GDPR grants you as a website user certain rights:

1. Right to information (Article 15 GDPR):
You have the right to request confirmation of whether personal data relating to you are processed; if this is the case, you have the right to information about these personal data and about the information specified in detail under Article 15 GDPR.

2. Right to correction and deletion (Articles 16 and 17 GDPR):
You have the right to request the immediate correction of incorrect personal data relating to you and, where applicable, completion of incomplete personal data. You also have the right to request that personal data relating to you are immediately deleted if one of the reasons specified under Article 17 GDPR applies; for instance if the data are no longer required for the purposes intended.

3. Right to restriction of processing (Article 18 GDPR):
You have the right to request processing if one of the conditions specified under Article 18 GDPR applies, e.g. if you have filed an objection against the processing, for the duration of any verification.

4. Right to data portability (Article 20 GDPR):
In certain cases that are stated in Article 20 GDPR, you have the right to obtain personal data relating to you in a structured, conventional and machine-readable format or to request the transmission of these data to a third party.

5. Right of objection (Article 21 GDPR):
If data are collected on the basis of Article 6(1)(f) GDPR (data processing for the protection of legitimate interests), you have the right to object against the processing at any time for reasons that arise from your particular situation. We will then no longer process the personal data, unless proven mandatory protected reasons exist for the processing, which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.

6. Right to complain to a supervisory authority:
Under Article 77 GDPR, you have the right to appeal to a supervisory authority if you believe that the processing of the data relating to you violates data protection law provisions. The right to complain may be asserted with a supervisory authority in the member state of your place of residence, your place of work or the location of the alleged violation.


Contact details of the data protection officer

Please contact our in-house data protection officer for information or suggestions regarding the subject of data protection.


Dr. Uwe Schläger
datenschutz nord GmbH

Telephone: 0421 69 66 32 0