humus Privacy Policy
1. Data protection at a glance
General information
The following notes provide a quick overview of what happens to your personal data when you visit this website. Personal data means all information that can be used to identify you personally. Detailed information can be found in the privacy policy below.
Data collection on this website
Who is responsible?
The website operator is responsible for data processing on this website. The contact details can be found in the “Controller” section of this privacy policy.
How do we collect your data?
Some data is collected when you provide it to us (e.g. by entering information into a contact form). Other data is collected automatically or based on your consent by our IT systems when you visit the website (e.g. browser, operating system, time of page access). This collection starts automatically when you enter the website.
What do we use your data for?
Part of the data is used to ensure error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have?
You have the right at any time to obtain free information about the origin, recipients and purpose of your stored personal data and the right to rectification or erasure. You can revoke consent given to us at any time with effect for the future. You also have the right, under certain conditions, to request restriction of processing and the right to lodge a complaint with a supervisory authority.
Analytics tools from third parties
When you visit this website, your browsing behavior may be statistically evaluated, primarily with analytics programs. Details can be found in this privacy policy.
2. Hosting
We host the content of our website with the following provider: Hetzner
The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (“Hetzner”).
For details, please see Hetzner’s privacy policy: https://www.hetzner.com/de/legal/privacy-policy/https://www.hetzner.com/de/legal/privacy-policy/.
The use of Hetzner is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website possible. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG (German Telecommunications and Digital Services Data Protection Act), insofar as consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Processing on behalf
We have concluded a data processing agreement (DPA) for use of the above service. This contract, required by data protection law, ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
3. General notes and mandatory information
Data protection
We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. Please note that data transmission over the internet (e.g. communication by email) may have security gaps. Complete protection of data against access by third parties is not possible.
Controller
Maschinenfabrik Bermatingen GmbH & Co. KG
Kesselbachstraße 2, D-88697 Bermatingen
Phone: +49 75 44 – 95 06-0
Email: service@mabe-info.de
Storage period
Unless a more specific storage period has been stated in this policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you request deletion or revoke your consent to processing, we will delete your data unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, deletion takes place after these reasons cease to apply.
Legal bases
Depending on the purpose, we base processing on:
Art. 6(1)(a) GDPR (consent), possibly in conjunction with § 25(1) TDDDG (cookies/device access);
Art. 6(1)(b) GDPR (contract/performance of pre-contractual measures);
Art. 6(1)(c) GDPR (legal obligation);
Art. 6(1)(f) GDPR (legitimate interests).
For special categories of data: Art. 9(2)(a) GDPR; for third-country transfers based on consent: Art. 49(1)(a) GDPR.
Data Protection Officer
dsg Datenschutz GmbH – Tobias Marx
Zeppelinstraße 9, 89231 Neu-Ulm
Email: datenschutz@dsg-ulm.de
Data transfers to third countries
We also use tools from providers located in third countries that are not considered secure under data protection law, as well as US providers that may not be certified under the EU-US Data Privacy Framework (DPF). In such countries, an EU-equivalent level of data protection cannot be guaranteed. A transfer to the USA is permissible if the recipient is DPF-certified or suitable safeguards are in place. Details and specific recipients are set out in this policy.
Recipients
We transfer personal data to external parties only if this is necessary for contract performance, if we are legally obliged to do so, if we have a legitimate interest (Art. 6(1)(f) GDPR), or if you have given consent. With processors, a contract under Art. 28 GDPR is in place; in cases of joint controllership, a contract under Art. 26 GDPR applies.
Revoking your consent
You may revoke any consent you have given at any time with effect for the future. The lawfulness of processing carried out before the revocation remains unaffected.
Right to object (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. We will then no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling to the extent that it is related to such direct marketing.
Right to lodge a complaint
Data subjects have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement.
Data portability
You have the right to receive data that we process automatically based on your consent or in performance of a contract in a commonly used, machine-readable format and to have it transmitted to you or to a third party where technically feasible.
Access, rectification, erasure, restriction
Within the scope of the statutory provisions, you have the right to access, rectification, erasure, and restriction of processing of your personal data. You can contact us at any time about this.
SSL/TLS encryption
This site uses SSL/TLS encryption. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and the lock icon. Data you transmit to us cannot be read by third parties.
Objection to promotional emails
We hereby object to the use of contact data published in the legal notice for sending unsolicited advertising and information material. We expressly reserve the right to take legal action in the event of unsolicited promotional information (e.g. spam emails).
4. Data collection on this website
Cookies
Our websites use “cookies.” Cookies are small data packets that do no harm to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored until you delete them yourself or your browser deletes them automatically.
Cookies may be set by us (first-party cookies) or by third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies serve various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart or displaying videos). Other cookies may be used for analyzing user behavior or for advertising purposes.
Cookies necessary for carrying out the electronic communication process, for providing certain functions you desire (e.g. shopping cart), or for optimizing the website (e.g. audience measurement cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services. Where consent for storing cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for specific cases or in general, and to activate automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
Which cookies and services are used on this website can be found in this privacy policy.
Consent with Borlabs Cookie
Our website uses the consent technology of Borlabs Cookie to obtain your consent to store certain cookies in your browser or to use certain technologies and to document this in a manner compliant with data protection law. The provider is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (“Borlabs”).
When you enter our website, a Borlabs cookie is stored in your browser recording the consents you have given or revoked. This data is not shared with the provider of Borlabs Cookie.
The collected data is stored until you ask us to delete it or you delete the Borlabs cookie yourself or the purpose for storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Use of Borlabs Cookie consent technology serves to obtain the legally required consents for the use of cookies. The legal basis is Art. 6(1)(c) GDPR.
Consent with Consent Manager
Our website uses the consent technology of ConsentManager to obtain and document your consent for storing certain cookies on your device or for using certain technologies in a manner compliant with data protection law. The provider is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (“ConsentManager”).
When you enter our website, a connection to ConsentManager’s servers is established to obtain your consents and other statements on cookie use. ConsentManager then stores a cookie in your browser to assign the consents or their revocation. The data collected is stored until you ask us to delete it, delete the provider cookie yourself, or the purpose for storage no longer applies. Mandatory statutory retention obligations remain unaffected.
Use of ConsentManager serves to obtain the legally required consents for the use of cookies. The legal basis is Art. 6(1)(c) GDPR.
Processing on behalf
We have concluded a data processing agreement (DPA) for the use of the above service. This contract ensures processing of personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Pixelmate
Our website uses Pixelmate to obtain and document your consent to store certain cookies on your device or to use certain technologies. Pixelmate is installed locally on our servers, so no connection to the provider’s servers is established. Pixelmate stores a cookie in your browser to assign consents or their revocation. The data is stored until you ask us to delete it, delete the Pixelmate cookie yourself, or the storage purpose no longer applies. Mandatory statutory retention obligations remain unaffected. The legal basis is Art. 6(1)(c) GDPR.
Server log files
The provider of the pages automatically collects and stores information in server log files which your browser automatically transmits to us:
Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
This data is not combined with other data sources. The collection is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website; for this, the server log files must be recorded.
Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
Processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if obtained; consent can be revoked at any time.
The data you enter in the contact form remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after completion of processing your inquiry). Mandatory statutory provisions—especially retention periods—remain unaffected.
Inquiry by email, telephone or fax
If you contact us by email, telephone or fax, your inquiry, including all personal data resulting from it (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.
Processing is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if obtained; consent can be revoked at any time.
The data you send us via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for storage no longer applies (e.g. after completion of processing your request). Mandatory statutory provisions—especially statutory retention periods—remain unaffected.
5. Social media
Meta Platforms Ireland Limited, Dublin. When the social plugin is active, a direct connection to Facebook is established; assignment to your account may occur. Joint controllership (Art. 26 GDPR) for collection/transfer; agreement: https://www.facebook.com/legal/controller_addendum. Legal basis: Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. See Facebook’s notices for DPF information and data transfers.
Meta Platforms Ireland Limited, Dublin. Functionality analogous to Facebook; joint controllership under Art. 26 GDPR. Legal basis: Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Details: https://privacycenter.instagram.com/policy/
New Work SE, Hamburg. When XING elements are loaded, a connection to XING servers is established. Legal basis: Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Details: https://privacy.xing.com/de/datenschutzerklaerung
6. Analytics tools and advertising
Google Tag Manager
Google Ireland Limited. Manages/embeds other tools, creates no own profiles/cookies; IP address may be transferred to the USA. Legal basis: Art. 6(1)(f) GDPR; where consent is obtained, Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. DPF information: see Google.
Google Analytics (with IP anonymization)
Google Ireland Limited. Used to analyze user behavior (e.g. page views, dwell time, technology). Legal basis: Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Standard Contractual Clauses and DPF information: see Google. Opt-out add-on: https://tools.google.com/dlpage/gaoptout?hl=de. More: https://support.google.com/analytics/answer/6004245?hl=de
Google Signals
Use of cross-device features if activated in your Google account. Legal basis: Art. 6(1)(a) GDPR.
Google Conversion Tracking
Used to measure interactions/conversions. Legal basis: Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Details: https://policies.google.com/privacy?hl=de
7. Newsletter
Newsletter delivery with Brevo
Data processing for delivery and performance measurement (opens/clicks/conversions, segmentation). Legal basis: Art. 6(1)(a) GDPR. Unsubscribe at any time; blacklist storage to prevent future mailings may be based on Art. 6(1)(f) GDPR. DPA under Art. 28 GDPR. Details: https://www.brevo.com/de/datenschutz-uebersicht/ and https://www.brevo.com/de/legal/privacypolicy/
8. Plugins and tools
YouTube (enhanced privacy mode)
Google Ireland Limited. When embedded videos are loaded, a connection to YouTube is established; in enhanced privacy mode, no cookies are set, but local-storage elements are used. Legal basis: Art. 6(1)(f) GDPR; with consent, Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Details: https://support.google.com/youtube/answer/171780 and https://policies.google.com/privacy?hl=de
Google Fonts
For uniform display of fonts. When called, your IP address is transmitted to Google. Legal basis: Art. 6(1)(f) GDPR; where applicable, Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Details: https://developers.google.com/fonts/faq and https://policies.google.com/privacy?hl=de
Font Awesome
For displaying icons/fonts. When called, a connection to the provider’s servers is established. Legal basis: Art. 6(1)(f) GDPR; where applicable, Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Details: https://fontawesome.com/privacy
Google Maps
Displays interactive maps; your IP address is transmitted to Google. Legal basis: Art. 6(1)(f) GDPR; with consent, Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Standard Contractual Clauses/DPF: see Google. Details: https://policies.google.com/privacy?hl=de
9. E-commerce and payment providers
Processing of customer and contract data
We process personal customer and contract data to establish, perform and terminate contractual relationships (Art. 6(1)(b) GDPR). We process usage data insofar as necessary to enable and bill for use of our services. Deletion takes place after the purpose has been fulfilled and after the expiry of statutory retention periods.
10. Our own services
Handling applicant data
We process applicant data (contact/communication data, application documents, interview notes) to decide on the establishment of an employment relationship. Legal bases: § 26 BDSG (Germany), Art. 6(1)(b) GDPR; where consent is given, Art. 6(1)(a) GDPR. Internal disclosure only to persons involved in the process.
If the application is successful, the data you have submitted will be stored for the purpose of carrying out the employment relationship (§ 26 BDSG, Art. 6(1)(b) GDPR). If we are unable to offer a position, we generally store the data for 6 months after the end of the process (Art. 6(1)(f) GDPR—evidence), unless longer storage is necessary or you have consented (applicant pool; deletion at the latest two years after consent or upon revocation).