Data protection is very important to us and we take it very seriously. In the following we would like to explain what data we collect, when we collect it and to what end we collect, process and use it.
We are very happy to welcome you to our website. Data protection holds great importance for mhe GmbH & Co. KG‘s management. Using mhe GmbH & Co. KG‘s website is generally possible without giving up any personal data. However, should an individual wish to use special features or services offered on our website, collection and processing of personal data might become necessary. Should the processing of personal data become necessary without any legally binding regulation we will ask the individual’s permission before proceeding.
a) Personal data
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Individual in question (individual)
“Individual in question” refers to any identified or identifiable natural person whose personal data is processed by the controller.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
k) Third party
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
The General Data Protection Regulation (GDPR) protects personal data of natural persons. Data of legal persons are not subject to this protection. Personal data refers to specific data that details personal or material circumstances which can be connected to your person (for example your name in connection with your phone number or e-mail address). Information that cannot be directly connected to your person (like items displayed to you on a website) are not included in this category.
Scope and applicability
Protecting your data is important to us
Personal data refers to information about your identity. This includes names, addresses, phone numbers and e-mail addresses. You do not need to disclose personal data to use our website. However, in certain situations we require your name and e-mail address as well as other information in order to provide you with your required services.
The same applies to a request for sending you required information material or for answering individual questions. Should it become necessary to acquire personal data you will be notified.
If you are requesting one of our offered service features, we will only collect such date as required for the delivery of the requested service. Processing of this data is exclusively used for providing the requested service feature.
If you are requesting additional information your data disclosure is considered voluntary.
Passing any of your personal data to third parties will not happen without first attaining your consent.
Automatic collection of non-personal data
When using our website, we collect and store the following data for organizational and technical reasons: the names of the accessed pages [on our site], the browser and operating system used for access, date and time of access, search engines used, names of downloaded files and your IP-address.
We analyse this technical data anonymously and merely for statistical purposes that help us to continuously improve and optimize our online presence and develop our website. This anonymous data is stored on secured systems where it is kept separate from personal data and cannot be connected to an individual. Your personal data and your privacy are protected at all times.
We use “cookies” [and similar tracking technologies to track the activity on our Service and hold certain information.]
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your PC or mobile device. Cookies do not cause any damage to your device, do not contain viruses and are automatically deleted when they expire. Some cookies expire when you end your current browser session while others remain for a certain amount of time.
On our website, there is a contact form, which can be used to contact us or state requests electronically. If you use this feature, then data entered into the input screen is transferred to us and stored along with any contact information you have given. We keep this information to process your requests and for future reference.
Individuals under the age of 18 should not disclose personal data on our website and its service features without a parent’s or legal guardian’s consent. Our Services does not address anyone under the age of 18.
We have taken technical and organizational security measures to protect your personal data from loss, damage, manipulation or unauthorized access. Our staff and third parties involved in our data processing must adhere to the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and are required to handle personal data confidentially.
If or when personal data is collected and processed, the information will be encrypted for transfer transferred to prevent misuse of data by third parties. Our security measures are continually revised according to technological developments.
Links to other sites
Art. 6, para. 1, letter a GDPR is our legal basis for processing procedures for which we have acquired your consent. If the processing of personal data necessary for fulfilling contractual obligations, like the delivery of goods, where the individual in question is a/the contracting party the legal basis for processing data is art. 6, para. 1, b. GDPR. The same holds true for data processing necessary for precontractual procedures such as answering inquiries about our products and services or requests for information. In case of a legal obligation that binds our company to process personal data, for example complying with tax obligations, the legal basis for processing data is art. 6, para. 1, c. GDPR. In certain exceptional situations processing of personal data can be necessary to protect the individual’s or a third person’s vital interests. Such a case would be constituted if, for example, a visitor was to injure themselves in our company and their name, age, insurance data and other vital information has to be given to doctor, hospital or other third party. In such cases art. 6, para. 1, d. GDPR constitutes the legal basis for processing data personal. Lastly processing personal data can legally be based on art. 6, para. 1, f. GDPR. This regulation encompasses all situations that are not included in the above mentioned if the processing of data is warranted for protecting legitimate interests of our company or a third party, given they do not encroach on the individual’s fundamental rights and freedoms. These processing procedures are permitted as they receive special mention by the European legislature. It is of the opinion a legitimate interest is constituted if the individual in question is a customer of the controller (Recital 47, 2, GDPR).
Legitimate interests for processing personal data as applied by the controller or a third party
If the processing of personal data is based on art. 6, para. 1, f. GDPR our legitimate interest is constituted by conducting our regular business activities for the benefit of our staff and shareholders.
Retention of personal data and duration
The storage of personal data is regulated by legally defined retention periods. After their expiration corresponding data will be deleted if it is no longer needed for the conclusion of contractual obligations or contract initiation. This includes contractual or legal obligations for giving personal data; like necessity for the conclusion of a contract; obligations of the individual in question to provide personal data; possible consequences of not providing personal data.
We wish to inform you that providing personal data is in part mandated by law (for example in tax regulations) or can also be necessary to meet legal standards of contracts (for example information about the contracting partners). It may be necessary for an individual to provide us with personal data for the conclusion of a contract that then have to be processed by our company. For example, an individual is mandated to provide us with personal data in order to conclude a contract with our company. Not providing the required personal data may result in conclusion of a contract not being possible. Prior to conclusion of a contract an individual has to contact a member of our staff who will then inform them on whether providing personal data is legally or contractually mandated, whether it is necessary for the conclusion of a contract and what possible consequences not providing the required personal data might have.
Non-use of automated decision making
Our website does not use profiling or automated decision making.
Right to information, deletion, barring and revocation
According to art. 15 to 18 in the GDPR you have the right to view all data collected regarding your person and the right to know its origin, recipients and purpose. You also have the right to bar access to it or have it deleted. Should the information be incorrect you have the right to correct it. All of the above are free of charge. You can also contact us to retract your consent to the collection of your personal data and its retention in our systems.
Should you have any further questions about this topic or other personal data related questions Please feel free to contact us by one of the following channels:
mhe GmbH & Co.KG
or send us an e-mail: