Privacy

Privacy Statement

We manage our websites pursuant to the principles detailed in the following:
We undertake to comply with the statutory regulations for data protection and do our best to avoid the collection of data and to minimize the data volume at all times.

1. Name and address of the Controller and the Data Security Officer

a) The Controller

The Controller in the sense of the General Data Protection Regulation and other national privacy acts of the Member States of the European Union and of other privacy laws is:

HMI Project GmbH
Frankfurter Str. 92
97082 Würzburg

Email: datenschutz@hmi-project.com
Phone: 0931 / 45 32 97 70

www.hmi-project.com

b) The Data Security Officer

The address of the Controller’s Data Security Officer is:
SiDIT GmbH
Langgasse 20
97261 Güntersleben

info@sidit.de

2. Terms

We designed our Privacy Statement in keeping with the principles of clarity and transparency. If you are uncertain regarding the use of specific terms, please refer to the respective definitions here.

3. Legal basis for processing of personal data

We process your personal data, such as your name and first name, email address and IP address etc., only if there is a legal basis for such processing. According to the General Data Protection Regulation, processing primarily takes place pursuant to the following regulations:

• Point (a) of Article 6(1) S. 1 GDPR: The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
• Point (b) of Article 6(1) S. 1 GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Point (c) of Article 6(1) S. 1 GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Point (d) of Article 6(1) S. 1 GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
• Point (e) of Article 6(1) S. 1 GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• Point (f) of Article 6(1) S. 1 GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

In the respective places of this Privacy Statement, we will point out to you once more the legal basis on which your personal data will be processed.

b) Consent of the legal guardian pursuant to Art. 8 para. 1 sentence 2 alt. 2 GDPR

A legal guardian must consent to all data processing within the scope of this website for which the consent of a minor who has not yet reached the age of 16 is required.
Information on the individual data processing operations, their purposes and the categories of data concerned for which the consent of the data subject is required can be found in the privacy policy.

You can revoke your consent at any time by sending a declaration of revocation in text form to the contact details of the controller. The processing remains lawful until revocation.

c) Processing of information in accordance with §25 (1) TTDSG

We also process information in accordance with §25 (1) TTDSG by storing information on your terminal equipment or accessing information that is already stored on your terminal equipment. This may involve both personal information and non-personal data, e.g. cookies, browser fingerprints, advertising IDs, MAC addresses and IMEI numbers. Terminal equipment is any equipment directly or indirectly connected to the interface of a public telecommunications network for sending, processing or receiving messages, Section 2 (2) No. 6 TTDSG.

As a rule, we process this information on the basis of your consent, §25 (1) TTDSG.

Insofar as an exception according to §25 para. 2 no. 1 and no. 2 TTDSG is given, we do not require consent. Such an exception is given if we only access or store the information in order to transmit a message via a public telecommunications network or if this is absolutely necessary so that we can provide a telemedia service expressly requested by you. You can withdraw your consent at any time.

We inform you that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4. Forwarding of personal data

The disclosure of personal data is also considered processing in the sense of the above paragraph 3. However, at this point we would like to give you specific information on the subject of disclosure to third parties. The protection of your personal data is a top priority for us. For this reason, we are particularly cautious when it comes to disclosing your data to third party.

Thus, we will only allow third parties access to your data if there is a legal basis for processing. For example, we disclose personal data to persons or companies commissioned to process data on our behalf as processors pursuant to Article 28 GDPR. A processor is a party commissioned to process personal data on our behalf, i.e. subject to our instructions and supervision.

In accordance with the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus comprehensively protect your data.

5. Period of retention and erasure

We will erase your personal data as soon as they are no longer required for the purposes for which they were collected or otherwise processed, and if processing is not required for exercising the right to freedom of expression and information, for meeting a statutory obligation, for reasons of public interest, or for asserting, exercising or defending legal claims.

6. SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Cookies

We use cookies on our website. Cookies are small data packets that your browser automatically creates and that are stored on your end device when you visit our website. These cookies are used to store information in connection with the end device used.
When cookies are used, a distinction is made between technically necessary cookies and “other” cookies. Technically necessary cookies are those that are absolutely necessary in order to provide an information society service that you have expressly requested.

a) Technically necessary cookies

In order to make the use of our website more convenient for you, we use technically necessary cookies, which may be so-called session cookies (e.g. language and font selection, shopping cart, etc.), consent cookies, cookies to ensure server stability and security or similar. The legal basis for the cookies results from Art. 6 para. 1 sentence 1 lit. f) GDPR, our legitimate interest in the error-free operation of the website and the interest in providing you with our services in an optimized manner.

b) Other cookies

Other cookies include cookies for statistical, analytical, marketing and retargeting purposes.
We use these cookies for you on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

You can revoke your consent to the use of cookies at any time.
We inform you that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To do this, you can either edit your cookie settings on our website, deactivate the use of cookies in your browser settings (whereby this may also restrict the functionality of the online offer) or set an opt-out for the corresponding service in individual cases.

We will inform you of the legal basis on which this data is processed for the respective services within the privacy policy.

The legal basis results from the consent you have given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time by changing the cookie setting on our website.

Delete all HMI Project Cookies

8. Collection and storage of personal data and the nature and purpose of its use

a) External hosting

Our website is hosted by Host Europe GmbH, c/o WeWork, Friesenplatz 4, 50672 Cologne, Germany. For this reason, all personal data collected on our website is stored on the servers of our host, unless an external service of a third party is integrated. This may be the IP address, your e-mail address, communication data or similar. You can find out which specific personal data is involved below in the individual functions and services explained by us. If we use an external service from a third party, this will be made clear in the description of the respective service or tool.
The hoster only processes your data on our instructions and insofar as this is necessary to fulfill the services on the website. The hoster does not process the data for its own purposes. We have concluded an order processing contract with the hoster.

b) When you visit our website

When calling up our website via the browser you are using on your end device, information is automatically sent to the server on our website. This information is temporarily saved to a so-called log file. In this process, the following information is collected without your active involvement and saved until automated erasure:

• IP address of the inquiring computer
• Date and time of the access
• Name and URL of the called-up file
• Website from which our website is accessed (referrer URL)
• Browser used and possibly the operating system of your computer, as well as the name of your access provider

We will process these data for the following purposes:

• Fault analysis

Data allowing us to draw conclusions regarding your person, such as your IP address, will be erased after 7 days at the latest. Data stored by us beyond this time period will be pseudonymized so that they can no longer be assigned to you.

The legal basis for the data processing is point (f) of Article 6(1) S. 1 GDPR. Our legitimate interest are the above-named purposes of data collection. We will never use the collected data to draw conclusions regarding your person.

c) Newsletter

Content of the Newsletter and log-in data
We will only send you a Newsletter if you subscribed to it and have consented to receiving it pursuant to point (a) of Article 6(1) S. 1 GDPR. The information on subscription comprises a detailed description of the contents of the Newsletter. To subscribe to the Newsletter, your email address is the only mandatory information we require. Any other information you may choose to give us, such as your name and/or your sex, will only be used to personalize the Newsletter we will be sending you.

Logging
Your subscription to the Newsletter will be logged. Logging includes the storage of the subscription and confirmation time, your specified data and your IP address. If you make changes to your data, these changes will also be logged.

Revocation
You can withdraw your consent at any time with effect for the future if you no longer wish to receive our Newsletter. To unsubscribe, click on the respective link at the end of each Newsletter or send us an email to the following email address: datenschutz@hmi-project.com
Revoking your consent will not affect the lawfulness of the processing carried out based on your consent until withdrawn.

Use of rapidmail
We send our Newsletter using rapidmail (rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br.
Germany). For this reason, your data will be transmitted to rapidmail GmbH. rapidmail GmbH is prohibited from using your data for any other purposes than for sending the Newsletter. rapidmail GmbH is not allowed to sell or disclose your data. rapidmail is certified German Newsletter software provider selected by us carefully in compliance with the requirements of the GDPR and the German Data Protection Act (BDSG).
We concluded a processing contract with rapidmail.
For more information on rapidmail’s data security policy, please click here.
The use of the service provider rapidmail GmbH is based on our legitimate interests pursuant to point (f) of Article 6(1) S. 1 GDPR. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users.

Use of Hubspot
Registration takes place with the help of the newsletter service “HubSpot”, which is offered by HubSpot Inc. (25 First Street, Cambridge, MA 02141 USA).
The email addresses of our interested parties and their other data described in this notice are stored on HubSpot's servers in the USA. HubSpot uses this information to send and evaluate the participation links on our behalf. Furthermore, according to its own information, HubSpot may use this data to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the invitation or for economic purposes in order to determine which countries the recipients come from. However, HubSpot does not use the data of our interested parties to write to them itself or pass it on to third parties.
We have concluded the standard contractual clauses with HubSpot. HubSpot does not obtain the right to pass on your data.

You can find HubSpot's privacy policy here.

d) Email contact

As an alternative, you can also send us an email to the email address specified on our website. In this case, we will store and process your email address and the information you communicate to us in the email in compliance with points (b) and (f) of Article 6(1) S. 1 GDPR for the purposes of processing your communication.
The inquiries and the associated data will be erased at the latest 3 months after reception unless required for a subsequent contractual relationship.

9. Analysis and tracking tools

Our website uses the analysis and tracking tools listed below. They are intended to ensure the ongoing optimizing of our website and to design it to meet the visitors’ needs.
We use these tools based on the consent given by you pursuant to point (a) of Article 6(1) S. 1 GDPR. You can withdraw your consent at any time by changing your cookie settings. Processing remains lawful until withdrawn.
The respective data processing purposes and data categories are defined in the respective tools. Please note that we have no influence on whether and to what extent the service providers process the data further.

a) Hubspot

We work with the CRM software from Hubspot of HubSpot Inc (25 First Street, 2nd Floor, Cambridge, MA 02141, USA), which we use to manage our customer data and conduct online marketing. Among other things, landing pages are analyzed and reports are created for this purpose. Web beacons and cookies are used for this purpose. The following personal data may be processed in this context:

• IP address,
• geographical location,
• Type of browser,
• duration of the visit,
• pages viewed,
• visitor sources by means of Utm parameters.
  As a rule, the IP address is processed on Hubspot's European servers and only stored in a truncated version. Only in exceptional cases is the IP address transmitted to a HubSpot server in the USA and truncated there.
  We use the information collected to constantly optimize and improve our website and to make it more user-friendly for you. In addition, we use this information to analyze which of our company's services are of interest to customers, users and newsletter subscribers in order to contact them for advertising purposes.
  We have concluded the standard contractual clauses with HubSpot. HubSpot does not obtain the right to pass on your data.

You can find HubSpot's privacy policy here.

Matomo (formerly “Piwik”)

We use the analysis service Matomo (InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand) which generally uses cookies. However, we disabled this function for our internet page so that no cookies will be stored. Thus, Matomo will not collect session data of any kind.

10. Image, sound and video integration

a) Vimeo

We embed videos from Vimeo, LLC (555 West 18th Street, New York, New York 10011) into our website as part of iFrame.

If you play a Vimeo video during your visit, a connection to the Vimeo servers is established and the Vimeo server is informed which of our pages you have visited. This allows Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your user account before visiting our website. In addition, Vimeo sets various cookies when the service is started in order to improve the services it offers and to prevent misuse.
Further information on data processing and information on data protection by Vimeo can be found at vimeo.com/privacy.

The legal basis results from the consent you have given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time by changing the cookie setting on our website.

11. Data subject’s rights

You have the following rights:
a) Information to be provided

According to Article 15 GDPR, you have the right to obtain information concerning your personal data processed by us. This right comprises information on

• the purposes of processing
• the categories of personal data
• the recipients or categories of recipients to whom your data have been or will be disclosed
• the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of the right to rectification, erasure, restriction of or objection to processing
• the right to lodge a complaint with a supervisory authority
• where the personal data are not collected from the data subject, any available information as to their source
• the existence of automated decision-making, including profiling, and if applicable meaningful information about the details

b) Rectification

According to Article 16 GDPR, you have the right to obtain rectification without undue delay of inaccurately or incompletely stored personal data concerning you.

c) Erasure

According to Article 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay unless further processing is required for one of the following grounds:

• the personal data are still needed in relation to the purposes for which they were collected or otherwise processed
• to execute the right to freedom of opinion and information
• to meet a legal obligation requiring processing in compliance with a legal obligation in European Union or Member State law to which the controller is subject, or requiring processing to fulfill a task which is in the public interest or is carried out in the execution of the public authority vested in the controller
• for reasons of public interest in the field of public health pursuant to points (h) and (i) of Article 9(2) and Article 9(3) GDPR
• for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing
• for assertion, execution or defense of legal claims

d) Restriction of processing

Pursuant to Article 18 GDPR, you can request the restriction of processing of your personal data for one of the following reasons:

• you contest the accuracy of your personal data;
• the processing is unlawful and you oppose the erasure of the personal data;
• we no longer need the personal data for the purposes of processing, but you require them for the establishment, exercise or defense of legal claims;* you have objected to processing pursuant to Article 21(1) GDPR.

e) Information

If you have requested the rectification or erasure of your personal data or a restriction of processing pursuant to Article 16, Article 17(1) and Article 18 GDPR, we will notify all recipients to whom your personal data has been disclosed unless this proves impossible or involves a disproportionate effort. You have the right to obtain from us the names of these recipients.

f) Data portability

You have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format.
You also have the right to obtain transmission of those data to a third party provided the processing was carried out by automated processes and is based on consent pursuant to point (a) of Article 6(1) S. 1 or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) S. 1 GDPR.

g) Withdrawal of consent

According to Article 7(3) GDPR, you have the right to withdraw the consent given to us at any time. Withdrawing your consent will not affect the lawfulness of the processing carried out based on your consent until withdrawn. In future, we will not be allowed to continue data processing based on your consent which has been withdrawn.

h) Complaint

According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes this Regulation.

i) Objection

If your personal data are processed based on legitimate interests pursuant to point (f) of Article 6(1) S. 1 GDPR, you have the right to object to processing of your personal data pursuant to Article 21 GDPR if there are grounds relating to your particular situation or if the objection is related to direct marketing. In the latter case, you have a general right to object which we will comply with without you having to demonstrate your particular situation. To exercise your right to revoke or object, just send an email to datenschutz@hmi-project.com

j) Automated decision in the individual case including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

i. is required for the conclusion or execution of a contract between you and us
ii. is permitted by legislation of the European Union or the Member States to which we are subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests
iii. is made with your express consent

However, these decisions must not be based on specific categories of personal data pursuant to Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable and specific measures have been taken to safeguard your fundamental rights and freedoms and interests.
Regarding the cases i) and iii), we shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, as a minimum including the right to obtain the intervention of a person from our side, to explain your own point of view and to object against the decision.

12. Amendment of the Privacy Statement

Any amendment of our Privacy Statement will be made known by a respective note on our website.
As of: 25.04.2024