Skip to Content

Privacy policy

Thank you for visiting our website. Below, we wish to inform you about the handling of your data in accordance with Article 13 General Data Protection Regulation (GDPR).

 

Responsible

The unit specified in the legal notice is responsible for the data collection and processing stated below.

 

Storage of the IP address

We store the IP address sent by your web browser associated strictly with the purpose for the duration of seven days in the interest of identifying, limiting and rectifying attacks to our website. On expiry of this period, we delete or anonymise the IP address. The legal basis is Article 6 (1) (f) GDPR.

 

Usage data

When you visit our web pages, so-called usage data for statistical purposes are temporarily stored on our web server as a protocol in order to improve the quality of our web pages. This record consists of
 

  • the page from which the file was requested,
  • the name of the file,
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (file transfer, file not found),
  • the description of the type of web browser used,
  • the IP address of the requesting computer, which is shortened so that a personal link is no longer established.

 

The mentioned protocol data is saved in an anonymised manner.

 

Cookie Consent Tool

OneTrust (Onetrust Technology Limited,  82 St John St, Farringdon, London EC1M 4JN,

Vereinigtes Königreich (UK), Data Privacy Officer: Andrew Clearwater, e-mail: DPO@onetrust.com), is the service provider of our cookie consent tool which we use in order to gain your consent for using cookies on this website. As we are legally obliged to document and prove your consent, we ar processing this data on the basis of Article 6 (1) ) (c) GDPR.
Please click the following button in order to access the cookie consent layer and check or change the permissions you granted to us.

 

Data transmission to third parties

We send your data to service providers within the framework of contract processing under Article 28 GDPR, which support us when operating our websites and the associated processes. Our service providers are bound strictly by our instructions and obligated accordingly by contract. We use the following service providers: Google Analytics, Google Ads, Google Tag Manager, SC-Networks, Softgarden, Zoom, YouTube and our hosting partner.

 

Data transmission to third-party countries

We occasionally transmit personal data to a third-party country outside the EU. In doing so, we ensure an appropriate data protection level: A transmission of personal data will only occur if the general principles of data transmission on the basis of Article 44 ff. GDPR apply.

 

Cookies

We use cookies on our websites. Cookies are small text files that can be saved on your computer and read. A distinction is made between session cookies, which are deleted again as soon as you close your browser window and permanent cookies, which are stored beyond the single session. Cookies may contain data that make it possible to identify the device used. However, some cookies merely contain information on certain settings that cannot be related to specific persons. We use session cookies and permanent cookies on our websites. The processing is carried out on the basis of Article 6 (1) (f) GPDR and in the interest of optimising or enabling user navigation and adjusting the presentation of our website.

 

You can set your browser so that it informs you of the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser settings and prevent the setting of new cookies. Please note that our websites may then no longer be displayed optimally and some functions will not be technically available.

 

Download and contact form

On our website, you may use a contact form to enter personal data. If you use the contact form, we collect and store the data you enter in the input screen (e.g. second name, first name, email address). There will be no forwarding to any third parties.

If consent is given, the legal basis for the processing is Article 6 (1) (a) GDPR. If your request has the purpose of preparing the signing of a contract, Article 6 (1) (b) GDPR is an additional legal basis. We use the data only to process and answer your request.

 

Retention period

We process and store your data only for as long as it is required for the processing or for complying with statutory duties. Once the purpose of processing no longer exists, your data will be blocked or erased. If there are any additional statutory duties to store the data, we block or erase your data upon the lapse of the statutory storing periods.

 

Google Analytics, Google Tag Manager

For the need-compliant design of our website, we create pseudonym usage profiles with the use of Google Analytics. Google Analytics uses cookies that are saved on your computer and read by us. This allows us to identify returning visitors and count them. Data processing is carried out on the basis of Article 6 (1) (a) GDPR and in the interest of learning how frequently our websites are accessed by different users. The information about your use of this website generated by the cookie is generally transmitted to a server of Google in the US and stored there. As we have activated IP anonymisation on this website, your IP address is, however, first shortened by Google within the member states of the European Union. Only in exceptional cases is the full IP address transferred to a server of Google in the US and only shortened there. We have concluded a data processing agreement under Article 28 GDPR with Google Inc. (USA). Google will therefore only use all information strictly for the purpose of analysing the use of our website for us and compiling reports on the website activities. We delete user and event data in Google Analytics after 14 months.

 

You can withdraw your consent for processing at any given time. To this end, please use one of the following options: You can prevent the storage of cookies by making corresponding settings in your browser software; however, we would like to point out that you may not be able to use all functions of this website to their full extent. You can also prevent the entry of the data created by the cookie and relating to your use of the website (incl. your IP address) to Google as well as the processing of these data by downloading the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de) and installing it. You can also prevent any recording by Google Analytics by clicking on the following link: Click here to opt-out of Google Analytics processing your data. An opt-out cookie is set, which permanently prevents the future collection of your data when visiting this website. Please note: This opt-out cookie only applies to the browser you used when setting the opt-out, not for any other browser you may be using on your computer or on other devices. Should you delete all cookies in this browser, the opt-out cookie will be deleted as well.

Google Ads

As an Ads customer, we also use Google Conversion Tracking, an analysis service of Google. In this process, Google Adwords places two Double-click cookies on your computer (conversion cookie), if you reached our website via a Google ad. These cookies become invalid after 30 days and are not used for personal identification. When you visit certain websites of ours and the cookie has not yet expired, we and Google can identify that someone clicked the ad and was thereby directed to our site. Each Ads-customer gets a different cookie. Cookies can therefore not be tracked over the websites of Ads-customers. The information obtained with the use of the conversion cookie serve to create the conversion statistics for Ads-customers who have opted for conversion tracking. The Ads-customers learn the total number of users that clicked on their ad and were directed to a page featuring a conversion tracking tag. However, they do not receive any information that allows identifying the user personally. If you do not wish to participate in the tracking procedure, you can also reject the necessary setting of a cookie - for instance via browser settings, which deactivates the automatic setting of cookies in general. You can also deactivate cookies for conversion tracking by setting your browser in such a way that cookies are blocked by the googleadservices.com domain.

 

YouTube

We are embedding Videos on our website which are not stored on our own servers. For this, we use a YouTube Plug-In with Google YouTube as a third party supplier. We avoid the automatic upload of the third party supplier data when opening a page with an embedded video by first displaying a server stored preview image of the video. Thus, the third party supplier will not at first receive any data.

Only after you have clicked on this preview image, third party data will be uploaded. The third party supplier will then receive information about you having accessed this page as well as technical user data. He will also be able to implement tracking technology. We have no influence on this or the terms of processing your data by this third party supplier. By clicking on the preview image you give us your permission to upload third party supplier data. Video embedding is based Article 6 (1) (a) GDPR if your permission is given by clicking the preview image. Please note that video embedding leads to processing of your data in countries outside the European Union. In some of these countries there is risk of government administration and institutions having access to your data in order to monitor and ensure security, without informing you about it and without a right to appeal against this.

In case we use third party suppliers in unsafe third countries and you consent to this, data transfer to an unsafe third country is legally based on Article 49 (1) (a) DSGVO.

 

Supplier Adequate level of data protection Withdrawal of consent
YouTube / Google (USA) Inadequate level of data protection. Data transfer is legally based on
Art. 49 (1) (a) GDPR
If you have clicked on a preview image third party data will be uploaded immediately. If you do not wish this, do not click on any preview image on our website.

 

hmmh Newsletter

You can subscribe to our newsletter on our website to receive information about our company's products and services. We only require your e-mail address and some additional voluntary information. When you click on "subscribe", you provide ,our consent to receive the hmmh newsletter. If you have provided a separate consent for this, your information is processed accordingly based on Article 6 (1) (a) of the GDPR. You can withdraw your consent at any time without affecting the legality of the processing up to that time. If you withdraw your consent, we will suspend the corresponding data processing. If you no longer wish to receive the newsletter in the future, you can unsubscribe at any time by clicking on the corresponding link at the end of each newsletter. We will delete your data within 3 months after you have withdrawn your consent to receive the newsletter or unsubscribed from it.

 

We use the "Evalanche" tool by the SC-Networks GmbH to send our newsletter. There, we store the following data for each newsletter: opening data (date/time, browser type, mail client type, mailing) as well as clicks on image and text links in order to be able to tailor our information and optimise delivery specifically for you. For this purpose, we use cookies when you subscribe and when you receive the newsletter which are deleted at the latest after 24 months. This data is stored and analysed centrally. If you click the check box with the note concerning this privacy protection declaration when subscribing to the newsletter, you consent to this personalised data processing. You can object to the personalised tracking by clicking on the respective link at the end of each newsletter. The newsletter subscription and cancellation date and the consent / objection to tracking is always stored with your personal IP address so that hmmh can provide you with information upon request. For security purposes, all data is backed up. The backup is deleted after 12 months.

 

The operator of Evalanche (the SC-Networks GmbH, Starnberg) processes personal usage data exclusively for us on specially protected systems in adherence to the Germany Privacy Protection Act. The legal basis for the processing is provided by Art. 6 (1) (f) GDPR. Our justified interest lies in providing customised information. Under no circumstances do we sell personal data to third parties or provide it to third parties for use in any other way, unless you have separately consented to this in accordance with legal regulations.

 

Zoom

hmmh offers web-based trainings for business and technical topics. For this, we use our third party supplier Zoom (ZOOM VIDEO COMMUNICATIONS, INC., 55 Alamden Blvd. Suite 600, San Jose, CA 95113, USA, Telefon: +1 888.799.96669), E-Mail: privacy@zoom.us) and its video conferencing tool.  These online trainings are by invitation only.

Please note that Zoom is a cloud-based online tool. By accepting our invitation you consent to the Zoom terms of use (https://zoom.us/de-de/terms.html) and declare that you have read and accept the Zoom data privacy conditions (https://zoom.us/de-de/privacy.html). hmmh has concluded a data protection agreement with zoom including Controller to Processor EU-standard contractual clauses in order to protect your data.

hmmh made the following configurational changes to Zoom in its account:

  • Activation of end-to-end encryption ot meetings and chats,
  • De-Activation of cloud-based storage of chat messages,
  • De-Activiation of attention tracking,
  • De-Activiation of access to your contacts directory,
  • De-Activation of automatic camera access, camera use requires your action.

In case we want to record the training session we will ask you in advance for your consent via e-mail. Data processing is legally based on Article 6 (1) (a) GDPR

 

Social media plug-ins

For reasons of data protection, we do not embed social plug-ins via Like- or Share-Buttons directly in our website. If you visit our website, no data are therefore sent to social media services, such as Facebook, Twitter, XING or Google+. A profile creation by third parties is therefore ruled out.

 

Automated decision making

As a webpage user, you have the right not to be subjected to full automatic processing, which takes legal effect in your relation or impacts on you considerably. The legal basis for the processing is Article 22 GDPR. Automatic decision making may only be carried out if it is required for the conclusion or performance of an agreement, national exceptions exist or you expressly agree to the process. If one of the exceptions applies, we guarantee appropriate measures to maintain your rights and freedoms. If you wish to assert your rights, please contact our data protection officer at datenschutz@hmmh.de.

 

Data security

To protect your data from unwanted access as comprehensively possible, we implement technical and organisational measures. We use encryption methods on our pages. Your details are transferred from your computer to our server and vice versa via the internet using TLS encryption. You can see this by the status bar of your browser displaying a closed lock symbol and the address line beginning with http://https://.

 

Online job applications

For carrying out online applications, we use the contractor Softgarden. We process your personal data in accordance with the valid data protection provisions on the basis of Section 26 Federal Data Protection Act (BDSG-new). We process the data that you disclose to us within the framework of your online application solely for the purposes of applicant selection. Data processing for other purposes does not take place. You personally define the scope of the data that you wish to send us within the framework of your online application. Online applications are transmitted to our HR department and processed there as quickly as possible. The transmission is carried out in an encrypted form. As a rule, applications are forwarded to the head of the responsible specialist departments at our company. Your data are otherwise not disclosed. Your details are treated confidentially at our company. In the event of unsuccessful applications, your documents are deleted on expiry of 3 months.

In the event that we consider your application also for other or future job openings, we request a corresponding note in the application. We will then process your data on the basis of Article 6 (1) (a) GDPR.

 

Company pages on social media plattforms

We operate several different company pages on social media plattforms:

On Facebook via www.facebook.com/hmmh.de

,

on XING via www.xing.com/company/hmmh

on Twitter via www.twitter.com/hmmh_de

on LinkedIn via de.linkedin.com/company/hmmh-ag

 

Your data is processed on the basis of Article 6 (1) (f) GDPR. We do not collect, store or process personal data of our users on these pages at any time. Furthermore, no other data processing is carried out or initiated by us. The data entered by you on our social media company pages, such as comments, videos or images, are at no time used or processed by us for other purposes. The social media plattforms themselves use so-called web tracking methods on our pages. Please be aware of the following: It cannot be ruled out that these social media plattforms use your profile data to analyse your habits, personal relationships, preferences, etc. We have no influence on the processing of your data by these social media plattforms. We have concluded data processing agreements according to Article 28 or, if possible 26, GDPR.

 

Your rights as a user

When processing your personal data, the GDPR grants you as a website user certain rights:

 

1. Right to information (Article 15 GDPR):

You have the right to request confirmation of whether personal data relating to you are processed; if this is the case, you have the right to information about these personal data and about the information specified in detail under Article 15 GDPR.

 

2. Right to correction and deletion (Articles 16 and 17 GDPR):

You have the right to request the immediate correction of incorrect personal data relating to you and, where applicable, completion of incomplete personal data. You also have the right to request that personal data relating to you are immediately deleted if one of the reasons specified under Article 17 GDPR applies; for instance if the data are no longer required for the purposes intended.

 

3. Right to restriction of processing (Article 18 GDPR):

You have the right to request processing if one of the conditions specified under Article 18 GDPR applies, e.g. if you have filed an objection against the processing, for the duration of any verification.

 

4. Right to data portability (Article 20 GDPR):

In certain cases that are stated in Article 20 GDPR, you have the right to obtain personal data relating to you in a structured, conventional and machine-readable format or to request the transmission of these data to a third party.

 

5. Right of objection (Article 21 GDPR):

If data are collected on the basis of Article 6 (1) (f) GDPR (data processing for the protection of legitimate interests), you have the right to object against the processing at any time for reasons that arise from your particular situation. We will then no longer process the personal data, unless proven mandatory protected reasons exist for the processing, which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.

 

6. Right to complain to a supervisory authority:

Under Article 77 GDPR, you have the right to appeal to a supervisory authority if you believe that the processing of the data relating to you violates data protection law provisions. The right to complain may be asserted with a supervisory authority in the member state of your place of residence, your place of work or the location of the alleged violation.

 

Contact details of the data protection officer

Please contact our in-house data protection officer for information or suggestions regarding the subject of data protection.

 

Dr. Uwe Schläger
datenschutz nord GmbH

 

E-mail: office@datenschutz-nord.de
Telephone: 0421 69 66 32 0

 

www.datenschutz-nord-gruppe.de