Privacy Statement

We manage our websites pursuant to the principles detailed in the following:
We undertake to comply with the statutory regulations for data protection and do our best to avoid the collection of data and to minimize the data volume at all times.

1. Name and address of the Controller and the Data Security Officer

a) The Controller

The Controller in the sense of the General Data Protection Regulation and other national privacy acts of the Member States of the European Union and of other privacy laws is:

HMI Project GmbH
Frankfurter Str. 92
97082 Würzburg

Phone: 0931 / 45 32 97 70

b) The Data Security Officer

The address of the Controller’s Data Security Officer is:
Langgasse 20
97261 Güntersleben

2. Terms

We designed our Privacy Statement in keeping with the principles of clarity and transparency. If you are uncertain regarding the use of specific terms, please refer to the respective definitions here.

3. Legal basis for processing of personal data

We process your personal data, such as your name and first name, email address and IP address etc., only if there is a legal basis for such processing. According to the General Data Protection Regulation, processing primarily takes place pursuant to the following regulations:

In the respective places of this Privacy Statement, we will point out to you once more the legal basis on which your personal data will be processed.

4. Forwarding of personal data

The disclosure of personal data is also considered processing in the sense of the above paragraph 3. However, at this point we would like to give you specific information on the subject of disclosure to third parties. The protection of your personal data is a top priority for us. For this reason, we are particularly cautious when it comes to disclosing your data to third party.

Thus, we will only allow third parties access to your data if there is a legal basis for processing. For example, we disclose personal data to persons or companies commissioned to process data on our behalf as processors pursuant to Article 28 GDPR. A processor is a party commissioned to process personal data on our behalf, i.e. subject to our instructions and supervision.

In accordance with the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus comprehensively protect your data.

5. Period of retention and erasure

We will erase your personal data as soon as they are no longer required for the purposes for which they were collected or otherwise processed, and if processing is not required for exercising the right to freedom of expression and information, for meeting a statutory obligation, for reasons of public interest, or for asserting, exercising or defending legal claims.

6. SSL encryption

For security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as owner of the website, this website uses SSL encryption. You can identify an encrypted connection by the address line of your browser changing from “http://” to “https://”, and by the lock icon in your browser bar.
With SSL encryption activated, third parties cannot access the data you are sending us.

7. Collection and storage of personal data, and type and purpose of their use

a) When you visit our website

When calling up our website via the browser you are using on your end device, information is automatically sent to the server on our website. This information is temporarily saved to a so-called log file. In this process, the following information is collected without your active involvement and saved until automated erasure:

We will process these data for the following purposes:

Data allowing us to draw conclusions regarding your person, such as your IP address, will be erased after 7 days at the latest. Data stored by us beyond this time period will be pseudonymized so that they can no longer be assigned to you.

The legal basis for the data processing is point (f) of Article 6(1) S. 1 GDPR. Our legitimate interest are the above-named purposes of data collection. We will never use the collected data to draw conclusions regarding your person.

b) Newsletter

Content of the Newsletter and log-in data
We will only send you a Newsletter if you subscribed to it and have consented to receiving it pursuant to point (a) of Article 6(1) S. 1 GDPR. The information on subscription comprises a detailed description of the contents of the Newsletter. To subscribe to the Newsletter, your email address is the only mandatory information we require. Any other information you may choose to give us, such as your name and/or your sex, will only be used to personalize the Newsletter we will be sending you.

Double-opt-in and logging
For security reasons, i.e. to prevent someone from logging in using another person’s email address, we use the so-called double-opt-in process for subscribing to our Newsletter. When you subscribe to our Newsletter, you will therefore first receive an email asking you to confirm your subscription. It will become effective only after your confirmation.
Furthermore, your subscription to the Newsletter will be logged. Logging includes the storage of the subscription and confirmation time, your specified data and your IP address. If you make changes to your data, these changes will also be logged.

You can withdraw your consent at any time with effect for the future if you no longer wish to receive our Newsletter. To unsubscribe, click on the respective link at the end of each Newsletter or send us an email to the following email address:
Revoking your consent will not affect the lawfulness of the processing carried out based on your consent until withdrawn.

Use of rapidmail
We send our Newsletter using rapidmail (rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br.
Germany). For this reason, your data will be transmitted to rapidmail GmbH. rapidmail GmbH is prohibited from using your data for any other purposes than for sending the Newsletter. rapidmail GmbH is not allowed to sell or disclose your data. rapidmail is certified German Newsletter software provider selected by us carefully in compliance with the requirements of the GDPR and the German Data Protection Act (BDSG).
We concluded a processing contract with rapidmail.
For more information on rapidmail’s data security policy, please click here.
The use of the service provider rapidmail GmbH is based on our legitimate interests pursuant to point (f) of Article 6(1) S. 1 GDPR. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users.

c) Email contact

As an alternative, you can also send us an email to the email address specified on our website. In this case, we will store and process your email address and the information you communicate to us in the email in compliance with points (b) and (f) of Article 6(1) S. 1 GDPR for the purposes of processing your communication.
The inquiries and the associated data will be erased at the latest 3 months after reception unless required for a subsequent contractual relationship.

8. Analysis and tracking tools

Our website uses the analysis and tracking tools listed below. They are intended to ensure the ongoing optimizing of our website and to design it to meet the visitors’ needs.
We use these tools based on the consent given by you pursuant to point (a) of Article 6(1) S. 1 GDPR. You can withdraw your consent at any time by changing your cookie settings. Processing remains lawful until withdrawn.
The respective data processing purposes and data categories are defined in the respective tools. Please note that we have no influence on whether and to what extent the service providers process the data further.

Matomo (formerly “Piwik”)

We use the analysis service Matomo (InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand) which generally uses cookies. However, we disabled this function for our internet page so that no cookies will be stored. Thus, Matomo will not collect session data of any kind.

9. Data subject’s rights

You have the following rights:
a) Information to be provided

According to Article 15 GDPR, you have the right to obtain information concerning your personal data processed by us. This right comprises information on

b) Rectification

According to Article 16 GDPR, you have the right to obtain rectification without undue delay of inaccurately or incompletely stored personal data concerning you.

c) Erasure
According to Article 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay unless further processing is required for one of the following grounds:

d) Restriction of processing

Pursuant to Article 18 GDPR, you can request the restriction of processing of your personal data for one of the following reasons:

e) Information

If you have requested the rectification or erasure of your personal data or a restriction of processing pursuant to Article 16, Article 17(1) and Article 18 GDPR, we will notify all recipients to whom your personal data has been disclosed unless this proves impossible or involves a disproportionate effort. You have the right to obtain from us the names of these recipients.

f) Data portability

You have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format.
You also have the right to obtain transmission of those data to a third party provided the processing was carried out by automated processes and is based on consent pursuant to point (a) of Article 6(1) S. 1 or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) S. 1 GDPR.

f) Withdrawal of consent

According to Article 7(3) GDPR, you have the right to withdraw the consent given to us at any time. Withdrawing your consent will not affect the lawfulness of the processing carried out based on your consent until withdrawn. In future, we will not be allowed to continue data processing based on your consent which has been withdrawn.

h) Complaint

According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes this Regulation.

i) Objection

If your personal data are processed based on legitimate interests pursuant to point (f) of Article 6(1) S. 1 GDPR, you have the right to object to processing of your personal data pursuant to Article 21 GDPR if there are grounds relating to your particular situation or if the objection is related to direct marketing. In the latter case, you have a general right to object which we will comply with without you having to demonstrate your particular situation. To exercise your right to revoke or object, just send an email to

j) Automated decision in the individual case including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

i. is required for the conclusion or execution of a contract between you and us
ii. is permitted by legislation of the European Union or the Member States to which we are subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests
iii. is made with your express consent

However, these decisions must not be based on specific categories of personal data pursuant to Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable and specific measures have been taken to safeguard your fundamental rights and freedoms and interests.
Regarding the cases i) and iii), we shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, as a minimum including the right to obtain the intervention of a person from our side, to explain your own point of view and to object against the decision.

10. Cookies

We embed videos from Vimeo, LLC (555 West 18th Street, New York, New York 10011) into our website as part of iFrame. If you play a Vimeo video during your visit, a connection will be established to Vimeo's servers and the Vimeo server will be informed which of our pages you have visited. This allows Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this if you log out of your user account before visiting our website. In addition, Vimeo sets various cookies when starting the service in order to improve the services it offers and to prevent misuse.

Further information on data processing and information on data protection by Vimeo can be found at

The legal basis arises from the consent you have given in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR. You can revoke your consent at any time by changing the cookie settings on our website.

10. Amendment of the Privacy Statement

Any amendment of our Privacy Statement will be made known by a respective note on our website.
As of: 27.09.2023