We are delighted about your visit to our websites. Below, we wish to inform you about the handling of your data in accordance with Article 13 General Data Protection Regulation (GDPR).
The unit specified in the legal notice is responsible for the data collection and processing stated below.
Storage of the IP address
We store the IP address sent by your web browser associated strictly with the purpose for the duration of seven days in the interest of identifying, limiting and rectifying attacks to our website. On expiry of this period, we delete or anonymise the IP address. The legal basis is Article 6(1)(f) GDPR.
When you visit our web pages, so-called usage data for statistical purposes are temporarily stored on our web server as a protocol in order to improve the quality of our web pages. This record consists of
- the name of the file,
- the date and time of the query,
- the amount of data transferred,
- the access status (file transfer, file not found),
- the description of the type of web browser used,
- the IP address of the requesting computer, which is shortened so that a personal link is no longer established.
The stated protocol data are saved in an anonymised manner.
Data transmission to third parties
We send your data to service providers within the framework of contract processing under Article 28 GDPR, which support us when operating our websites and the associated processes. Our service providers are bound strictly by our instructions and obligated accordingly by contract. We use the following service providers: Google Analytics, Google Adwords, Google Dynamic Remarketing, SC-Networks and Softgarden.
Data transmission to third-party countries
We occasionally transmit personal data to a third-party country outside the EU. In doing so, we ensure an appropriate data protection level: In the event of Google Analytics (USA), an appropriate data protection level follows from the participation in the Privacy Shield treaty (Article 45(1) GDPR).
Download and contact form
On our website, you may use a contact form to enter personal data. If you use the contact form, we collect and store the data you enter in the input screen (e.g. second name, first name, email address). There will be no forwarding to any third parties. If consent is given, the legal basis for the processing is Art. 6(1)(f) GPDR such as Art. 6(1)(a) GDPR. If your request has the purpose of preparing the signing of a contract, Art. 6(1)(b) GDPR is an additional legal basis. We use the data to process and answer your request only.
We process and store your data only for as long as it is required for the processing or for complying with statutory duties. Once the purpose of processing no longer exists, your data will be blocked or erased. If there are any additional statutory duties to store the data, we block or erase your data upon the lapse of the statutory storing periods.
Google Adwords Remarketing
We use cross-device remarketing technologies of Google so that target ads to other websites can be displayed to you on the basis of your visit to our websites. Data processing takes place on the basis of your consent under Article 6(1)(a) GDPR.
How does remarketing work?
When you visit our website, it is possible that Google retrieves recognition features for your browser or your end device (e.g. creates a so-called browser fingerprint), analyses your IP address or saves a recognition feature in the form of a small text file on your end device (e.g. a so-called third-party cookie). It is also possible that Google links and saves your visit to our websites with one or more of these recognition features in order to display our advertising on other pages on the internet. The above recognition features are designed as a pseudonym and can be used by Google to recognise your end device on other websites. When, for instance, you visit a website that participates in the display advertising network of Google (i.e. advertising displayed on behalf of Google), Google can recognise your end device and browser using the above features. We can also apply so-called remarketing tools to our websites. This means that we can enter keywords on our websites that contain information on the content of the pages displayed (for instance product or service categories). The keywords we use have neither personal nor sensitive information. Google receives and saves these keywords for the above recognition purposes. As such, when you visit a page that has been given keywords of a certain product category, Google saves this keyword and allocates it to your recognition features. We can thereby task Google to place ads on our websites that are guided by the pages visited at our end. Therefore, when you visit another website that participates in the display ads network of Google, Google can identify using the recognition features and the keywords stored for these recognition features whether and, if applicable, which of our ads are to be displayed to you. More information on the function of Google remarketing technologies can be found at https://www.google.com/policies/technologies/ads/.
What does cross-device marketing mean?
If you log in to Google services with your own login details or use one or more own Google accounts, Google can link the recognition features of several browsers and end devices with one another. As such, if Google has created an own recognition feature for the laptop, desktop PC or smartphone or tablet used by you, these recognition features can be allocated to one another as soon as you use or have used a Google service with your login details. This allows Google to also display our advertising campaigns via end devices in a targeted manner. However, Google will only do this if you have declared your consent to this data processing in the past.
As an AdWords customer, we also use Google Conversion Tracking, an analysis service of Google. In this process, Google Adwords places a cookie on your computer (conversion cookie), if you reached our website via a Google ad. These cookies become invalid after 30 days and are not used for personal identification. When you visit certain websites of ours and the cookie has not yet expired, we and Google can identify that someone clicked the ad and was thereby directed to our site. Each AdWords customer gets a different cookie. Cookies can therefore not be tracked over the websites of AdWords customers. The information obtained with the use of the conversion cookie serve to create the conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of users that clicked on their ad and were directed to a page featuring a conversion tracking tag. However, they do not receive any information that allows identifying the user personally. If you do not wish to participate in the tracking procedure, you can also reject the necessary setting of a cookie - for instance via browser settings, which deactivates the automatic setting of cookies in general. You can also deactivate cookies for conversion tracking by setting your browser in such a way that cookies are blocked by the googleadservices.com domain. To this end, we delete your user and event data in Google Analytics after 14 months.
We also use Google AdSense, a web display service of Google, to run adverts (text displays, banners, etc.). In this process, your browser may save a cookie sent by Google or third parties. The information stored in the cookie can also be recorded, collected and analysed by third parties. In addition, Google AdSense also uses small invisible graphics to collect information, which can be used to record, collect and analyse simple actions such as visitor traffic on the website. The information created by the cookie and/or graphics about your use of this website is transferred to a Google server in the US and stored there. Google uses the information thereby received to carry out an analysis of your usage behaviour with regards to AdSense ads. Google may also transfer this information to third parties if prescribed by law or if third parties process these data on behalf of Google. Google will not associate your IP address with other data stored by Google. You can prevent the storage of cookies on your hard disk and the display of the specified graphics. As for the other cookies described, the following also applies here: You must deactivate the acceptance of cookies in your browser settings. We delete your user and event data in Google Analytics after 14 months.
You have the possibility of making settings for advertising. You can object to this form of advertising. To do this, please go to https://support.google.com/ads/answer/2662922 and deactivate the personalised advertising. Please note that the settings may not have any effect on all end devices and browsers. Detailed information can also be found at https://support.google.com/ads/answer/2662922.
You can subscribe to our newsletter on our website to receive information about our company's products and services. We only require your e-mail address and some additional voluntary information. When you click on "subscribe", you provide your consent to receive the hmmh newsletter. If you have provided a separate consent for this, your information is processed accordingly based on Art. 6 Para. 1 (1)(a) of the GDPR. You can withdraw your consent at any time without affecting the legality of the processing up to that time. If you withdraw your consent, we will suspend the corresponding data processing. If you no longer wish to receive the newsletter in the future, you can unsubscribe at any time by clicking on the corresponding link at the end of each newsletter. We will delete your data within 3 months after you have withdrawn your consent to receive the newsletter or unsubscribed from it.
The operator of Evalanche (the SC-Networks GmbH, Starnberg) processes personal usage data exclusively for us on specially protected systems in adherence to the Germany Privacy Protection Act. The legal basis for the processing is provided by Art. 6 Para. 1 lit. f of the GDPR. Our justified interest lies in providing customised information. Under no circumstances do we sell personal data to third parties or provide it to third parties for use in any other way, unless you have separately consented to this in accordance with legal regulations.
Social media plug-ins
For reasons of data protection, we do not embed social plug-ins directly in our website. If you visit our sites, no data are therefore sent to social media services, such as Facebook, Twitter, XING or Google+. A profile creation by third parties is therefore ruled out. However, you nevertheless have the option to share selected pages by clicking on Facebook, Twitter, XING or Google+ buttons and also see where they were often shared in the past when retrieving the contributions. To this end, we use the so-called Shariff solution, which was developed by c’t magazine to offer a data protection-compliant alternative to classic social plug-ins. What is behind this? The Shariff solution results in all data and functions required for presenting the Facebook, Twitter, XING or Google+ being provided by our web server as a first step. Only once you have decided to share a contribution via the corresponding button and click on it is a data transmission made to the operator of the relevant social media service.
Automated decision making
As a webpage user, you have the right not to be subjected to full automatic processing, which takes legal effect in your relation or impacts on you considerably. The legal basis for the processing is Article 6(22) GDPR. Automatic decision making may only be carried out if it is required for the conclusion or performance of an agreement, national exceptions exist or you expressly agree to the process. If one of the exceptions applies, we guarantee appropriate measures to maintain your rights and freedoms. If you wish to assert your rights, please contact our data protection officer at firstname.lastname@example.org.
To protect your data from unwanted access as comprehensively possible, we implement technical and organisational measures. We use encryption methods on our pages. Your details are transferred from your computer to our server and vice versa via the internet using TLS encryption. You can see this by the status bar of your browser displaying a closed lock symbol and the address line beginning with .
For carrying out online applications, we use the contractor Softgarden. We process your personal data in accordance with the valid data protection provisions on the basis of Section 26 Federal Data Protection Act (BDSG-new). We process the data that you disclose to us within the framework of your online application solely for the purposes of applicant selection. Data processing for other purposes does not take place. You personally define the scope of the data that you wish to send us within the framework of your online application. Online applications are transmitted to our HR department and processed there as quickly as possible. The transmission is carried out in an encrypted form. As a rule, applications are forwarded to the head of the responsible specialist departments at our company. Your data are otherwise not disclosed. Your details are treated confidentially at our company. In the event of unsuccessful applications, your documents are deleted on expiry of 6 months.
In the event that we consider your application also for other or future job openings, we request a corresponding note in the application. We will then process your data on the basis of Article 6(1)(a) GDPR.
Facebook company page
We operate under the URL https://www.facebook.com/hmmh.de, an official Facebook page on the basis of Article 6(1)(f) GDPR. We do not collect, store or process personal data of our users on this page at any time. Furthermore, no other data processing is carried out or initiated by us. The data entered by you on our Facebook page, such as comments, videos or images, are at no time used or processed for other purposes. Facebook uses so-called web tracking methods on this page. Please be aware of the following: It cannot be ruled out that Facebook uses your profile data to analyse your habits, personal relationships, preferences, etc. We have no influence on the processing of your data by Facebook.
Your rights as a user
When processing your personal data, the GDPR grants you as a website user certain rights:
1. Right to information (Article 15 GDPR):
You have the right to request confirmation of whether personal data relating to you are processed; if this is the case, you have the right to information about these personal data and about the information specified in detail under Article 15 GDPR.
2. Right to correction and deletion (Articles 16 and 17 GDPR):
You have the right to request the immediate correction of incorrect personal data relating to you and, where applicable, completion of incomplete personal data. You also have the right to request that personal data relating to you are immediately deleted if one of the reasons specified under Article 17 GDPR applies; for instance if the data are no longer required for the purposes intended.
3. Right to restriction of processing (Article 18 GDPR):
You have the right to request processing if one of the conditions specified under Article 18 GDPR applies, e.g. if you have filed an objection against the processing, for the duration of any verification.
4. Right to data portability (Article 20 GDPR):
In certain cases that are stated in Article 20 GDPR, you have the right to obtain personal data relating to you in a structured, conventional and machine-readable format or to request the transmission of these data to a third party.
5. Right of objection (Article 21 GDPR):
If data are collected on the basis of Article 6(1)(f) GDPR (data processing for the protection of legitimate interests), you have the right to object against the processing at any time for reasons that arise from your particular situation. We will then no longer process the personal data, unless proven mandatory protected reasons exist for the processing, which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
6. Right to complain to a supervisory authority:
Under Article 77 GDPR, you have the right to appeal to a supervisory authority if you believe that the processing of the data relating to you violates data protection law provisions. The right to complain may be asserted with a supervisory authority in the member state of your place of residence, your place of work or the location of the alleged violation.
Contact details of the data protection officer
Please contact our in-house data protection officer for information or suggestions regarding the subject of data protection.
Dr. Uwe Schläger
datenschutz nord GmbH
Telephone: 0421 69 66 32 0