skip to content

Notes on data protection

Thank you for visiting our website. In the following, we would like to inform you about the handling of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).


The company named in the legal notice is responsible for the data collection and processing stated below.

Storage of the IP address

We store the IP address transmitted by your web browser strictly for the purpose of recognising, limiting and eliminating attacks on our websites for a period of seven days. After this period, we delete or anonymise the IP address. The legal basis is Art. 6 para. 1 lit. f GDPR.

Usage data

When you visit our web pages, so-called usage data for statistical purposes are temporarily stored on our web server as a protocol in order to improve the quality of our web pages. This record consists of

  • the page from which the file was requested,
  • the name of the file,
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (file transfer, file not found),
  • the description of the type of web browser used,
  • the IP address of the requesting computer, which is shortened so that a personal link is no longer established.

The aforementioned log data is only stored anonymously.


We use cookies on our websites. Cookies are small text files that are stored on your terminal device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Cookies can contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. We use session cookies and permanent cookies on our websites. The processing of functionally necessary cookies is based on Art. 6 Para. 1 lit. f GDPR, in the legitimate interest of being able to guarantee the presentation and usability of our website. Functionally unnecessary cookies are only integrated on the basis of your consent in accordance with § 25 para. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. 

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed optimally, and some functions may no longer be technically available.

Cookie Consent Management

hmmh uses a consent management service for the use of cookies on our website. Usercentrics GmbH is used as a processor on the hmmh website for the purpose of consent management. 

Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, e-mail address:

Data protection officer: SECUWING GmbH & Co. KG, Maximilian Hartung, Frauentorstr. 9, 86152 Augsburg, Germany, e-mail address:, telephone number: +49 821 90786450, fax: +49 821 90786459.

With the help of this tool, we collect your consent or objection regarding the use of cookies on our website. As we are obliged to document and be able to prove this, we process this data on the basis of Art. 6, Para. 1 lit. c GDPR.

The cookie layer also provides you with an overview of all the cookies we use, their purpose and their origin. There you can individually determine which use and which cookie you wish to consent to. By clicking on the fingerprint button at the bottom left of our website, you can call up the cookie layer at any time and adjust your permissions.

Data transmission to third parties

We transfer your data to service providers who support us in the operation of our websites and the associated processes within the scope of order processing pursuant to Art. 28 GDPR. Our service providers are strictly bound by instructions and contractually obligated to us accordingly. We use the following service providers: Google Analytics, Google Ads, Google Tag Manager, SC-Networks, Softgarden, Zoom, YouTube, Usercentrics and our hosting partner.
Data transfer to third countries

In some cases, we transfer personal data to a third country outside the EU. In each case, we have ensured an appropriate level of data protection. Personal data may only be transferred if the general principles of data transfer according to Art. 44 et seq. of the GDPR are complied with. Please note that there is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to appeal. If we use providers in unsafe third countries and you consent, the transfer to a third country is based on Art. 49 (1) lit. a GDPR.

Download and contact form

On our website, you can enter personal data via a contact form. When you use the contact form, we collect and store the data you enter in the input mask (e.g. surname, first name, e-mail address). This data is not passed on to third parties.
We provide forms for the registration for events of hmmh and/or hmmh partners. We store the data you provide to us there (first name, last name, function, business e-mail address and your company) in our internal CRM system. The purpose of the processing is to generate business contacts. Therefore, we also transmit your data to the respective partners involved. Access to your data within hmmh is restricted to our marketing and sales teams.

In the case of consent, the legal basis for processing is Art. 6 (1) lit. a GDPR. If your request serves to prepare the conclusion of a contract, Art. 6 para. 1 lit. b GDPR is an additional legal basis. Your name and e-mail address are processed on the basis of Art. 6 para. 1 lit. f GDPR in the legitimate interest of processing and responding to your request. If you consent, we will also use your data to formulate suitable offers for you and to contact you.
Storage period

We process and store your data only for as long as is necessary for processing or to comply with legal obligations. After the purpose of processing no longer applies, your data will be blocked or deleted. If there are additional legal obligations to store your data, we will block or delete your data when the legal storage periods expire.


We use Matomo, an open source, self-hosted software, on our website to collect anonymous usage data to optimise our internet presence. The associated processing of your personal data is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent to the processing at any time. Please use one of the following options to do so: You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Matomo's European representative, who acts as the data controller within the meaning of the GDPR, is: ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg. Matomo's data protection officer is: ePrivacy GmbH, represented by Prof. Dr. Christoph Bauer, Große Bleichen 21, 20354 Hamburg. Matomo can be reached at the email address or at

Data on the behaviour of visitors is collected anonymously, e.g. to find out about problems such as pages not found, search engine problems or unpopular pages. Matomo generates reports for hmmh as website operator from the collected data. hmmh hosts Matomo on its own servers at our hosting service provider in Germany.

Matomo sets the following cookies (with the corresponding lifetime):

  • pk_id (unique visitor ID, up to 13 months)
  • _pk_ref (referrer initially used to visit the website, up to 6 months)
  • _pk_ses, _pk_cvar, _pk_hsr (Technical cookies, up to 30 minutes)
  • mtm_consent (or mtm_consent_removed) (status of the given consent, up to 30 days)
  • mtm_cookie_consent (status of the given cookie consent, up to 30 days)
  • matomo_ignore (opt-out tracking, up to 30 years)
  • matomo_sessid (technical cookie, up to 14 days)

The following usage data is collected:

  • Anonymised IP addresses by removing the last 2 bytes (i.e. instead of
  • Location (based on the anonymised IP address
  • Date and time
  • Title of the page accessed
  • URL of the accessed page
  • URL of the previous page (if this is allowed)
  • Screen resolution
  • Local time
  • Files that have been clicked and downloaded
  • External links
  • Duration of the page layout
  • Main language of the browser
  • User agent of the browser
  • Interactions with the website and forms (but not their content) for heatmaps and session recordings

The data collected is used for internal analysis and is not passed on to third parties. 


Google Analytics, Google Tag Manager

We create pseudonymous usage profiles with the help of Google Analytics in order to design our website according to your needs. Google Analytics uses cookies that are stored on your terminal device and can be read by us. In this way, we are able to recognise returning visitors and count them as such. The data processing is based on Art. 6 para. 1 lit. a GDPR and in the interest of finding out how often our websites have been accessed by different users. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, as we have activated IP anonymisation on this website, your IP address will be shortened by Google beforehand within member states of the European Union. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and only shortened there. We have also concluded an order processing contract with Google Inc (USA) in accordance with Art. 28 GDPR. Accordingly, Google may only use all information for strictly specific purposes in order to evaluate the use of our website for us and to compile reports on website activities. We delete your user and event data in Google Analytics after 14 months.


You can withdraw your consent for processing at any given time. To this end, please use one of the following options: You can prevent the storage of cookies by making corresponding settings in your browser software; however, we would like to point out that you may not be able to use all functions of this website to their full extent. You can also prevent the entry of the data created by the cookie and relating to your use of the website (incl. your IP address) to Google as well as the processing of these data by downloading the browser plug-in available at the following link ( and installing it. You can also prevent any recording by Google Analytics by clicking on the following link: Click here to opt-out of Google Analytics processing your data. An opt-out cookie is set, which permanently prevents the future collection of your data when visiting this website. Please note: This opt-out cookie only applies to the browser you used when setting the opt-out, not for any other browser you may be using on your computer or on other devices. Should you delete all cookies in this browser, the opt-out cookie will be deleted as well.

Google Ads

As an Ads customer, we also use Google Conversion Tracking, an analysis service from Google. Google Adwords sets two double-click cookies on your computer ("conversion cookie") if you have accessed our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of ours and the cookie has not yet expired, we and Google can recognise that someone has clicked on the ad and thus been redirected to our site. Each AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Ads clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this - for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "".



We embed videos on our websites that are not stored on our servers. To ensure that calling up our web pages with embedded videos does not automatically lead to content from the third-party provider being reloaded, we only display locally stored preview images of the videos in a first step. This does not provide the third-party provider with any information.

Only after a click on the preview image, the content of the third party provider is reloaded. This provides the third-party provider with the information that you have accessed our site as well as the usage data that is technically required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us permission to upload content from the third-party provider.

The embedding is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR, provided that you have given your consent by clicking on the preview image. Please note that the embedding of many videos leads to your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to seek redress. If we use providers in insecure third countries and you consent, the transfer to an insecure third country will be based on Article 49(1)(a) of the GDPR.


Provider Adequate level of data protection Revocation of consent
YouTube / Google (USA) No adequate level of data protection. The transfer is made on the basis of Art. 49 (1) lit. a GDPR. If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click on the thumbnails any more.


hmmh Newsletter

On our website, we offer you the opportunity to subscribe to our newsletter, in which we inform you about our company's products and services. For this purpose, we only need your e-mail address and a few other voluntary details. By clicking on "Subscribe", you give us your consent to send you an hmmh newsletter. If you have given us separate consent for this, the corresponding processing is based on Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without this affecting the lawfulness of the processing carried out so far. If consent is revoked, we will cease the corresponding data processing. If you no longer wish to receive a newsletter in the future, you can unsubscribe at any time via the corresponding link at the end of each newsletter. We will delete your data within 3 months after you have revoked your consent to receive the newsletter or unsubscribed from the newsletter.

We use the product "Evalanche" from the operator SC-Networks GmbH to send our newsletters. There, we store the opening data (date/time, browser type, mail client type, mailing) for each newsletter, as well as the clicks on image and text links, so that we can tailor our information to you and provide it in the best possible way. For this purpose, we set cookies when you register and receive the newsletter, which are deleted after 24 months at the latest. This data is stored and evaluated centrally. If you click the checkbox with the reference to this data protection declaration when registering for the newsletter, you give us your consent for this personalised data processing. You can object to personalised tracking by clicking on a link provided for this purpose at the end of each newsletter. The date of subscription and unsubscription to the newsletter, as well as the consent or objection to tracking is always stored in a personalised manner with your IP address, so that hmmh can provide you with information. For security purposes, all data is stored in a backup which is deleted after 12 months.

The operator of Evalanche (SC-Networks GmbH, Starnberg) processes personal usage data exclusively for us on specially secured systems in compliance with German data protection law. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest is to provide tailored information. Under no circumstances do we sell personal data to third parties or make it available to third parties for use in any other way, unless you have separately consented to this in accordance with the statutory provisions.



hmmh offers online sessions on specialist topics by invitation. Zoom (ZOOM VIDEO COMMUNICATIONS, INC., 55 Alamden Blvd. Suite 600, San Jose, CA 95113, USA, phone: +1 888.799.96669, email: is the provider of the video conferencing tool we use to hold our online sessions.

hmmh draws your attention to the fact that zoom is a cloud-based online tool. By accepting the invitation, you agree to the terms of use of zoom ( and affirm that you have read and accepted the privacy policy of zoom ( hmmh has concluded a contract for commissioned processing and controller to processor EU standard contractual clauses with zoom to ensure the protection of your personal data.

hmmh has taken the following additional measures when configuring the tool:

  • End-to-end encryption for meetings and chats is enabled.
  • Cloud storage of chat messages is disabled.
  • Attention tracking is deactivated.
  • Access to the address book is disabled.
  • The camera image of the participants is always deactivated and can only be released by yourself.

In the case of a recording, we will ask for your consent in advance by email. The basis for data processing is your consent in accordance with Art. 6, Para. 1 lit. a GDPR.

Live chat

hmmh offers a live chat for contacting us. For this purpose, we work together with an external service provider (Userlike UG, Probsteigasse 44-46, 50670 Cologne), with whom we have concluded a contract for order processing in accordance with Art. 28 GDPR. The chat offer is aimed on the one hand at people interested in hmmh services and on the other hand at people interested in hmmh jobs. With the live chat you can communicate with an hmmh employee via text messages. When you call up and use the live chat, your browser automatically transmits the following data at the beginning of use for technical reasons, which we store separately from other data that you may transmit to us:

  • Date and time of access,
  • Duration of the visit to our website,
  • Type of web browser including version,
  • Operating system used,
  • Amount of data sent,
  • Type of event,
  • IP address (anonymised)

The legal basis for this data processing is Art. 6 (1) sentence 1 lit. f GDPR, whereby our legitimate interest is directed towards guaranteeing and maintaining the operation and security of our offer as well as the elimination of malfunctions. In this context, the data is also processed by us for analysis purposes - without assignment to a specific person. If you also provide us with further personal data within the chat, this is done on a voluntary basis and with your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Acceptance of this privacy policy and your consent are mandatory prerequisites for starting the chat. By starting the chat, you consent to the processing under the conditions stated here. If you do not give us your consent, we will unfortunately not be able to provide you with the chat function. Please then use the regular contact options of telephone, e-mail or our contact form.

If you provide us with your application documents via the chat, we will forward them to our service provider for our applicant management platform, this is softgarden e-recruiting GmbH. Your data on this platform is processed on the basis of a service provider contract between hmmh and softgarden, the servers are located at sites within the European Union. After the data transfer you will receive a separate confirmation of receipt from softgarden with the data protection conditions applicable to this platform. Your application documents on the chat server will be deleted after 3 months.

The chat about an hmmh job is in no way a substitute for an interview, but it should make it easier for you to decide whether to apply for one of our jobs at hmmh. These chat protocols are regularly deleted after 3 months, unless legal retention periods require otherwise.

The texts you enter in the input mask during the live chat are stored on our behalf on the server of an external service provider. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. a GDPR.


Social media plug-ins

For data protection reasons, we do not integrate social plugins in the form of Like or Share buttons directly into our website. When you visit our pages, no data is therefore transmitted to social media services such as Facebook, Twitter, XING or Google+. Profiling by third parties is therefore excluded.


Automated decision making

As a website user, you have the right not to be subject to any fully automated processing which produces legal effects concerning you or significantly affects you. The legal basis for this is Art. 22 GDPR. Automated decision-making may be carried out if it is necessary for the conclusion or performance of a contract, national exemptions exist or you expressly consent to the process. If any of the exceptions apply, we will ensure appropriate measures are taken to safeguard your rights and freedoms. If you wish to exercise your rights, please contact our Data Protection Officer via


Data security

In order to protect your data from unwanted access as comprehensively as possible, we take technical and organisational measures. We use an encryption procedure on our pages. Your data is transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can recognise this by the fact that the lock symbol is closed in the status bar of your browser and the address line begins with https://.


Online applications

We use the contractor Softgarden to carry out online applications. We process your personal data in accordance with the applicable data protection regulations on the basis of § 26 BDSG-neu. We process the data that you disclose to us as part of your online application solely for the purpose of selecting applicants. Data will not be processed for any other purpose. You yourself determine the scope of the data you wish to transmit to us as part of your online application. Online applications are transmitted electronically to our personnel department and processed there as quickly as possible. The transmission is encrypted. As a rule, applications are forwarded to the heads of the relevant departments in our company. Your data will not be passed on beyond this. Your details will be treated confidentially in our company. If your application is unsuccessful, your documents will be deleted after 3 months.

In the event that we may also consider your application for other or future job advertisements, we ask that you make a corresponding note on the application. We will then process your data on the basis of Art. 6 para. 1 lit. a GDPR.


Company pages on social media plattforms

We operate company pages on various social media platforms:

On Instagram via

on Facebook via

on XING via 

on Twitter via 

on LinkedIn via 

The resulting data processing is based on Art. 6 para. 1 lit. f GDPR. We do not collect, store or process any personal data of our users on these pages at any time. Furthermore, no other data processing is carried out or initiated by us. The data you enter on these company pages, such as comments, videos or images, are never used or processed by us for other purposes. The social media platforms use so-called web tracking methods on our site. Please be aware of this: it cannot be ruled out that a platform provider uses your profile data, for example to evaluate your habits, personal relationships, preferences, etc. We have no influence on the processing of your data by these providers. We have concluded contracts with these providers in accordance with Art. 28, if possible Art. 26 GDPR.


Your rights as a user

When processing your personal data, the GDPR grants you certain rights as a website user:

1. Right of access (Art. 15 GDPR):  
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to access this personal data and the information listed in detail in 
Art. 15 of the GDPR.

2. Right to rectification and erasure (Art. 16 and 17 GDPR): 
You have the right to request without undue delay the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete personal data. You also have the right to request that personal data concerning you be deleted without delay if one of the reasons listed in detail in Art. 17 of the GDPR applies, e.g. if the data is no longer required for the purposes pursued.

3. Right to restriction of processing (Art. 18 GDPR):
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 of the GDPR applies, e.g. if you have objected to the processing, for the duration of any review.

4. Right to data portability (Art. 20 GDPR):
In certain cases, which are listed in detail in Art. 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

5. Right to object (Art. 21 GDPR):
If data is collected on the basis of Art. 6 (1) (f) (data processing for the protection of legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

6. Right of revocation (Art. 7 para. 3 GDPR): 
If you have consented to the processing of your data in accordance with Art. 6 (1) a GDPR, you have the right to revoke your consent at any time. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected by this. We will immediately delete the data concerned and no longer process it, unless there are reasons to the contrary according to Art. 17 (3) GDPR.

7. Right of complaint to a supervisory authority: 
Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection provisions. The right of complaint can be asserted in particular before a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement.


Contact details of the data protection officer

Please contact our in-house data protection officer for information or suggestions regarding the subject of data protection.

Dr. Uwe Schläger
datenschutz nord GmbH

Telephone: 0421 69 66 32 0


back to top