MH | Privacy Policy

Privacy Policy

Published on 04.12.2024

Status: December 4, 2024

Responsible Party

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

Usage data.
Meta, communication and process data.

Categories of Data Subjects

Users.

Purposes of Processing

Provision of our online services and user-friendliness.

Applicable Legal Bases

Applicable legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) – The data subject has given consent to the processing of personal data relating to him or her for one or more specific purposes.
Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

Transmission of Personal Data

In the context of our processing of personal data, it happens that the data are transmitted to other bodies, companies, legally independent organizational units or persons or that they are disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and in particular conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third party services or disclosure or transmission of data to other persons, bodies or companies, this is done only in accordance with legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal provisions as soon as the underlying consents are revoked or there are no other legal bases for processing. This applies to cases where the original purpose of processing no longer applies or the data are no longer required. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.

Rights of Data Subjects

Data subjects have various rights, in particular arising from Articles 15 to 21 GDPR:

Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.
Right to Withdraw Consent: You have the right to withdraw consent at any time.
Right of Access: You have the right to request confirmation as to whether the data concerned are being processed and to information about these data and to further information and a copy of the data in accordance with legal requirements.
Right to Rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with legal requirements.
Right to Erasure and Restriction of Processing: You have the right to request that data concerning you be erased without delay or, alternatively, to request restriction of processing of the data in accordance with legal requirements.
Right to Data Portability: You have the right to receive data concerning you which you have provided to us in a structured, commonly used and machine-readable format in accordance with legal requirements or to request their transmission to another controller.
Complaint to Supervisory Authority: You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online service that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may, for example, be graphics, videos or city maps (hereinafter uniformly referred to as “content”).

Integration always requires that the third-party providers of this content process the IP address of users, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the presentation of this content or functions. We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content.

Legal basis: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data are processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services).

Processed data types: Usage data (e.g. page views and dwell time, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Provision of our online service and user-friendliness.
Retention and deletion: Deletion in accordance with information in the section “General information on data storage and deletion”. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of two years.).
Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR). Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

Integration of third-party software, scripts or frameworks (e.g., jQuery): We integrate software into our online service that we retrieve from servers of other providers (e.g., function libraries that we use for the presentation or user-friendliness of our online service). The respective providers collect the IP address of users and can process it for the purposes of transmitting the software to the users’ browsers and for security purposes, as well as for evaluating and optimizing their service; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Google Fonts (provision on own server): Provision of font files for user-friendly presentation of our online service; Service provider: Google Fonts are hosted on our server, no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Created with free privacy policy generator by Dr. Thomas Schwenke

Martina Hartmann