We manage our websites pursuant to the principles detailed in the following:
We undertake to comply with the statutory regulations for data protection and do our best to avoid the collection of data and to minimize the data volume at all times.
1. Name and address of the Controller and the Data Security Officer
a) The Controller
The Controller in the sense of the General Data Protection Regulation and other national privacy acts of the Member States of the European Union and of other privacy laws is:
HMI Project GmbH
Frankfurter Str. 92
Phone: 0931 / 45 32 97 70
b) The Data Security Officer
The address of the Controller’s Data Security Officer is:
We designed our Privacy Statement in keeping with the principles of clarity and transparency. If you are uncertain regarding the use of specific terms, please refer to the respective definitions here.
3. Legal basis for processing of personal data
We process your personal data, such as your name and first name, email address and IP address etc., only if there is a legal basis for such processing. According to the General Data Protection Regulation, processing primarily takes place pursuant to the following regulations:
- Point (a) of Article 6(1) S. 1 GDPR: The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Point (b) of Article 6(1) S. 1 GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Point (c) of Article 6(1) S. 1 GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Point (d) of Article 6(1) S. 1 GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
- Point (e) of Article 6(1) S. 1 GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Point (f) of Article 6(1) S. 1 GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
In the respective places of this Privacy Statement, we will point out to you once more the legal basis on which your personal data will be processed.
4. Forwarding of personal data
The disclosure of personal data is also considered processing in the sense of the above paragraph 3. However, at this point we would like to give you specific information on the subject of disclosure to third parties. The protection of your personal data is a top priority for us. For this reason, we are particularly cautious when it comes to disclosing your data to third party.
Thus, we will only allow third parties access to your data if there is a legal basis for processing. For example, we disclose personal data to persons or companies commissioned to process data on our behalf as processors pursuant to Article 28 GDPR. A processor is a party commissioned to process personal data on our behalf, i.e. subject to our instructions and supervision.
In accordance with the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus comprehensively protect your data.
5. Period of retention and erasure
We will erase your personal data as soon as they are no longer required for the purposes for which they were collected or otherwise processed, and if processing is not required for exercising the right to freedom of expression and information, for meeting a statutory obligation, for reasons of public interest, or for asserting, exercising or defending legal claims.
6. SSL encryption
For security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as owner of the website, this website uses SSL encryption. You can identify an encrypted connection by the address line of your browser changing from “http://” to “https://”, and by the lock icon in your browser bar.
With SSL encryption activated, third parties cannot access the data you are sending us.
7. Collection and storage of personal data, and type and purpose of their use
a) When you visit our website
When calling up our website via the browser you are using on your end device, information is automatically sent to the server on our website. This information is temporarily saved to a so-called log file. In this process, the following information is collected without your active involvement and saved until automated erasure:
- IP address of the inquiring computer
- Date and time of the access
- Name and URL of the called-up file
- Website from which our website is accessed (referrer URL)
- Browser used and possibly the operating system of your computer, as well as the name of your access provider
We will process these data for the following purposes:
- Fault analysis
Data allowing us to draw conclusions regarding your person, such as your IP address, will be erased after 7 days at the latest. Data stored by us beyond this time period will be pseudonymized so that they can no longer be assigned to you.
The legal basis for the data processing is point (f) of Article 6(1) S. 1 GDPR. Our legitimate interest are the above-named purposes of data collection. We will never use the collected data to draw conclusions regarding your person.
Content of the Newsletter and log-in data
We will only send you a Newsletter if you subscribed to it and have consented to receiving it pursuant to point (a) of Article 6(1) S. 1 GDPR. The information on subscription comprises a detailed description of the contents of the Newsletter. To subscribe to the Newsletter, your email address is the only mandatory information we require. Any other information you may choose to give us, such as your name and/or your sex, will only be used to personalize the Newsletter we will be sending you.
Double-opt-in and logging
For security reasons, i.e. to prevent someone from logging in using another person’s email address, we use the so-called double-opt-in process for subscribing to our Newsletter. When you subscribe to our Newsletter, you will therefore first receive an email asking you to confirm your subscription. It will become effective only after your confirmation.
Furthermore, your subscription to the Newsletter will be logged. Logging includes the storage of the subscription and confirmation time, your specified data and your IP address. If you make changes to your data, these changes will also be logged.
You can withdraw your consent at any time with effect for the future if you no longer wish to receive our Newsletter. To unsubscribe, click on the respective link at the end of each Newsletter or send us an email to the following email address: firstname.lastname@example.org
Revoking your consent will not affect the lawfulness of the processing carried out based on your consent until withdrawn.
Use of rapidmail
We send our Newsletter using rapidmail (rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br. Germany). For this reason, your data will be transmitted to rapidmail GmbH. rapidmail GmbH is prohibited from using your data for any other purposes than for sending the Newsletter. rapidmail GmbH is not allowed to sell or disclose your data. rapidmail is certified German Newsletter software provider selected by us carefully in compliance with the requirements of the GDPR and the German Data Protection Act (BDSG).
We concluded a processing contract with rapidmail.
For more information on rapidmail’s data security policy, please click here.
The use of the service provider rapidmail GmbH is based on our legitimate interests pursuant to point (f) of Article 6(1) S. 1 GDPR. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users.
c) Email contact
As an alternative, you can also send us an email to the email address specified on our website. In this case, we will store and process your email address and the information you communicate to us in the email in compliance with points (b) and (f) of Article 6(1) S. 1 GDPR for the purposes of processing your communication.
The inquiries and the associated data will be erased at the latest 3 months after reception unless required for a subsequent contractual relationship.
8. Analysis and tracking tools
Our website uses the analysis and tracking tools listed below. They are intended to ensure the ongoing optimizing of our website and to design it to meet the visitors’ needs.
We use these tools based on the consent given by you pursuant to point (a) of Article 6(1) S. 1 GDPR. You can withdraw your consent at any time by changing your cookie settings. Processing remains lawful until withdrawn.
The respective data processing purposes and data categories are defined in the respective tools. Please note that we have no influence on whether and to what extent the service providers process the data further.
Matomo (formerly “Piwik”)
9. Data subject’s rights
You have the following rights:
a) Information to be provided
According to Article 15 GDPR, you have the right to obtain information concerning your personal data processed by us. This right comprises information on
- the purposes of processing
- the categories of personal data
- the recipients or categories of recipients to whom your data have been or will be disclosed
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to rectification, erasure, restriction of or objection to processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, and if applicable meaningful information about the details
According to Article 16 GDPR, you have the right to obtain rectification without undue delay of inaccurately or incompletely stored personal data concerning you.
According to Article 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay unless further processing is required for one of the following grounds:
- the personal data are still needed in relation to the purposes for which they were collected or otherwise processed
- to execute the right to freedom of opinion and information
- to meet a legal obligation requiring processing in compliance with a legal obligation in European Union or Member State law to which the controller is subject, or requiring processing to fulfill a task which is in the public interest or is carried out in the execution of the public authority vested in the controller
- for reasons of public interest in the field of public health pursuant to points (h) and (i) of Article 9(2) and Article 9(3) GDPR
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing
- for assertion, execution or defense of legal claims
d) Restriction of processing
Pursuant to Article 18 GDPR, you can request the restriction of processing of your personal data for one of the following reasons:
- you contest the accuracy of your personal data;
- the processing is unlawful and you oppose the erasure of the personal data;
- we no longer need the personal data for the purposes of processing, but you require them for the establishment, exercise or defense of legal claims;* you have objected to processing pursuant to Article 21(1) GDPR.
If you have requested the rectification or erasure of your personal data or a restriction of processing pursuant to Article 16, Article 17(1) and Article 18 GDPR, we will notify all recipients to whom your personal data has been disclosed unless this proves impossible or involves a disproportionate effort. You have the right to obtain from us the names of these recipients.
f) Data portability
You have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format.
You also have the right to obtain transmission of those data to a third party provided the processing was carried out by automated processes and is based on consent pursuant to point (a) of Article 6(1) S. 1 or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) S. 1 GDPR.
f) Withdrawal of consent
According to Article 7(3) GDPR, you have the right to withdraw the consent given to us at any time. Withdrawing your consent will not affect the lawfulness of the processing carried out based on your consent until withdrawn. In future, we will not be allowed to continue data processing based on your consent which has been withdrawn.
According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes this Regulation.
If your personal data are processed based on legitimate interests pursuant to point (f) of Article 6(1) S. 1 GDPR, you have the right to object to processing of your personal data pursuant to Article 21 GDPR if there are grounds relating to your particular situation or if the objection is related to direct marketing. In the latter case, you have a general right to object which we will comply with without you having to demonstrate your particular situation. To exercise your right to revoke or object, just send an email to email@example.com
j) Automated decision in the individual case including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
i. is required for the conclusion or execution of a contract between you and us
ii. is permitted by legislation of the European Union or the Member States to which we are subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests
iii. is made with your express consent
However, these decisions must not be based on specific categories of personal data pursuant to Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable and specific measures have been taken to safeguard your fundamental rights and freedoms and interests.
Regarding the cases i) and iii), we shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, as a minimum including the right to obtain the intervention of a person from our side, to explain your own point of view and to object against the decision.
We embed videos from Vimeo, LLC (555 West 18th Street, New York, New York 10011) into our website as part of iFrame. If you play a Vimeo video during your visit, a connection will be established to Vimeo's servers and the Vimeo server will be informed which of our pages you have visited. This allows Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this if you log out of your user account before visiting our website. In addition, Vimeo sets various cookies when starting the service in order to improve the services it offers and to prevent misuse.
Further information on data processing and information on data protection by Vimeo can be found at vimeo.com/privacy
The legal basis arises from the consent you have given in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR. You can revoke your consent at any time by changing the cookie settings on our website.
10. Amendment of the Privacy Statement
Any amendment of our Privacy Statement will be made known by a respective note on our website.
As of: 27.09.2023