As the operator of this website, we take the protection of your personal data very seriously, treat it confidentially and in accordance with the current statutory data protection regulations and this data protection declaration. In the following, we will inform you about the processing of your personal data (hereinafter referred to as "data") in accordance with Article 13 of the EU General Data Protection Regulation (EU GDPR).
1. Definition of terms
The following data protection declaration is based on the terms used by the European legislator for directives and regulations when the EU GDPR was adopted. In order to ensure easy readability and comprehensibility, we would like to explain the terminology used in advance.
We use the following terms in this data protection declaration:
a) personal data
Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"). A natural person is regarded as identifiable if he or she is directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
b) data subject (user)
The data subject is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.
Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation, or change, reading, querying, use, disclosure through transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular to assess aspects relating to work performance, to analyze or predict the economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or change of location of this natural person.
Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
g) Controller or responsible person for processing
The controller or the person responsible for the processing is the natural or legal person, authority, institution, or other body that alone or jointly with others decides on the purposes and means of processing personal data. Are the ends and means of this processing prescribed by Union law or the law of the member states, the person responsible or the specific criteria for his nomination can be provided for, in accordance with Union law or the law of the member states.
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.
Recipient is a natural or legal person, authority, institution, or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation under Union law or the law of the member states are not considered recipients.
j) Third party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, the person responsible, the processor and the persons who are authorized under the direct responsibility of the person responsible or the processor who process personal data.
Consent is any voluntary, informed, and unambiguous declaration of intent given by the person concerned for the specific case in the form of a declaration or other unequivocal affirmative action with which the person concerned indicates that they consent to the processing of their personal data.
2. Responsible for the processing
MH-IT + Service GmbH
30855 Langenhagen, Germany
Legal representative: Ulf Meckbach
3. General information on data processing
a) Scope of data processing
In principle, we only process personal data of our users insofar as this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
b) Legal basis for data processing
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the General Data Protection Regulation (EU GDPR) serves as the legal basis. When processing personal data, which is necessary for the performance of a contract in which its contracting party is the person to relate to, Article 6 (1) (b) EU GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) EUDSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) of the EU GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) (f) EU GDPR serves as the legal basis for processing.
c) Duration of processing
We only process your data for as long as is necessary to fulfill the contract, to maintain our relationship or in accordance with applicable legal provisions.
Different retention periods apply to the storage of business documents. For data with tax relevance, a retention period of 10 years generally applies in accordance with the tax code, and 6 years for other data in accordance with the provisions of the Commercial Code.
As long as you do not object, we will use your data within the framework of our trusting business relationship for mutual benefit.
If you want your data to be deleted, we will delete it immediately, provided that the deletion does not conflict with any legal retention requirements.
4. SSL encryption
This website uses SSL encryption (Secure Socket Layer) for the transmission of data from your browser to our server and to servers that provide files that we integrate on our website. You can recognize the presence of SSL encryption by the preceding text "https" in front of the address of the website that you call up in the browser.
5. Google fonts (web fonts)
a) Scope of data processing
Our website uses certain fonts from Google to display it. When a page is called up, the user's browser loads these fonts. The IP address of the user including the page (Internet address) that the user has visited is sent to a Google Inc. server (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). Further information on Google fonts can be found at https://developers.google.com/fonts/faq and in Google's data protection declaration at https://www.google.com/policies/privacy/.
b) Legal basis for data processing
The legal basis for the processing of the user's personal data is Article 6 (1) (f) EUDSGVO.
c) Purpose of data processing
The use of Google fonts is used for the visual representation of text content.
6. Your rights as a data subject
According to the EU GDPR, you have the following rights:
a) Right to information
You can request confirmation from the person responsible as to whether we are processing personal data relating to you.
If this is the case, you can request the following information from the person responsible:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or the categories of recipients to whom the personal data relating to has been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to correct or delete your personal data, a right to restrict processing by the person responsible or a right to object to this processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data if the personal data are not collected from the data subject;
(8) The existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 EU GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the person concerned.
You have the right to request information about whether the personal data relating to you be transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Article 46 EU GDPR in connection with the transmission.
b) Right to correct your data
You have a right to correction and / or completion vis-à-vis the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
c) Right to restrict the processing of your data
Under the following conditions, you can request that the processing of your personal data be restricted:
(1) if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to check the accuracy of the personal data;
(2) the processing is unlawful, and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) if you have lodged an objection to the processing in accordance with Art. 21 Paragraph 1 EU GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of your personal data has been restricted, this data - apart from its storage - may only be used with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest processed by the Union or a Member State.
If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
d) Right to have your data deleted
aa) Obligation to delete
You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
(1) The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) EU GDPR, and there is no other legal basis for the processing.
(3) You object to the processing in accordance with Art. 21 Paragraph 1 EU GDPR and there are no overriding legitimate reasons for the processing, or you object in accordance with Art. 21 Paragraph 2 EU GDPR Processing a.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.
(6) The personal data relating to you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 EU GDPR.
bb) Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 Para. 1 EU GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, in order to ensure that the data processing to inform those responsible who process the personal data that you, as the data subject, has requested them to delete all links to this personal data or copies or replications of this personal data.
The right to deletion does not exist if processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) To fulfill a legal obligation that requires processing under the law of the Union or of the Member States to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority which the person responsible is responsible for was transferred;
(3) for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) EU GDPR;
(4) For archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 EU-GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impairs it, or
(5) for the establishment, exercise or defense of legal claims.
e) Right to be informed
If you have asserted the right to correction, deletion, or restriction of processing against the person responsible, the person responsible is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this turns out to be impossible or involves a disproportionate effort. You have the right vis-à-vis the person responsible to be informed about these recipients.
f) Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, common, and machine-readable format. You also have the right to transfer this data to another person in charge without being hindered by the person being responsible to whom the personal data was provided, to transmit, if
(1) The processing is based on consent in accordance with Article 6 (1) (a) EU GDPR or Article 9 (2) (a) EU GDPR or is based on a contract in accordance with Article 6 (1) (b) EU GDPR and
(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible. Freedoms and rights of other people are not allowed to be affected. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible.
g) Right to object
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f EUDSGVO; this also applies to profiling based on these provisions.
The person responsible will no longer process the personal data relating to you unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling, insofar as it involves such direct mail related. If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
In connection with the use of information society services - regardless of Directive 2002/58 / EC - you have the option of exercising your right of objection by means of automated procedures that use technical specifications.
h) Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal.
i) Right to complain to the data protection supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data violates the EU GDPR. The supervisory authority to which the complaint was lodged informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 EU GDPR
The responsibility of the supervisory authority depends on your place of residence. A list of the supervisory authorities can be found here:
This data protection declaration was created by ASG Attorneys.