The controller responsible for data processing within the meaning of Art. 4 No. 7 GDPR is:
MMHP Global
c/o IP-Management #5231
Ludwig-Erhard-Str. 18
20459 Hamburg, Germany
Email: impressum@mm-hp.de
Protecting your personal data is important to us. Below, we inform you about which data we process when you visit this website, for what purpose, and on what legal basis. No data protection officer has been appointed; if you have questions about data protection, you can reach us using the contact details above or via our contact form.
You can visit our website without providing any personal information. Each time you access the site, so-called server log files are processed for technical reasons, in particular: the resource accessed, date and time, amount of data transferred, notification of successful retrieval, browser type and version, operating system, referrer URL, and the IP address of the requesting device. This data is used exclusively to ensure secure, uninterrupted operation, to deliver content, and to defend against attacks. The legal basis is our legitimate interest in stable and secure operation pursuant to Art. 6(1)(f) GDPR. The log files are stored only for as long as necessary for these purposes and are then deleted.
Our website is operated by a web hosting provider that stores and delivers it on our behalf as a processor (Art. 28 GDPR). To ensure fast and secure delivery, we also use the content delivery network and security services of Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA). Cloudflare is positioned upstream of our website; in doing so, your IP address is processed in order to deliver content, distribute load, and defend against automated attacks (e.g., DDoS, bot traffic). Cloudflare uses technically necessary cookies for this purpose. The legal basis is Art. 6(1)(f) GDPR. Since Cloudflare is a US provider, data is transferred to the USA (see section 9).
To make our website usable and — after obtaining your consent — to measure reach and evaluate advertising, we use technologies, some technically necessary and some optional, that store or read information on your device (cookies, local storage, and similar techniques).
Technically necessary technologies are required for operation and are used without consent on the basis of Section 25(2) TDDDG and Art. 6(1)(f) GDPR. For optional categories (statistics, marketing, external media), we obtain your consent via a consent banner (Section 25(1) TDDDG, Art. 6(1)(a) GDPR).
The banner is our own, self-hosted solution — not a third-party consent tool. It works without a cookie wall: the website remains fully usable even without a decision. We store your selection locally in your browser (in local storage as well as, additionally, in a first-party cookie with a lifespan of approximately 180 days) so that we do not have to ask you again on every page visit. If the scope of the services we use changes, we will ask you again.
Optional services (e.g., Google Analytics, Google Ads) are technically loaded only after you have consented to the respective category. For this, we use Google Consent Mode v2 with a default setting of "denied". You can change your selection at any time via the "cookie settings" link in the footer or revoke it with effect for the future. Cookies can also be managed and deleted in your browser settings.
In order to comply with our statutory obligation to provide proof of consent given and withdrawn (Art. 7(1) GDPR), we additionally log every consent decision on our server. In doing so, we store your full IP address, the full browser identification string (user agent), the roughly determined country of origin, the page path on which the decision was made, the categories selected, the type of action, and the server-side timestamp. No cookies are set in the process, and no persistent identifier is assigned.
The legal basis is Art. 7(1) GDPR in conjunction with our legitimate interest in a robust record of consent (Art. 6(1)(f) GDPR). Storing the full IP address serves to enable proof of a specific consent to be provided in the event of a dispute. The log data is retained for three years and then deleted.
You can contact us directly via our contact form. The data you enter is processed: email address (required), subject (required), and message (required), as well as, optionally, name and item number. If you reach us via a contact-point-specific link, a brief origin or country identifier is also transmitted. Confirmation of this privacy notice is required.
Your request is transmitted by email to our support mailbox and processed there in our support system. The legal basis is Art. 6(1)(b) GDPR, insofar as your request serves to initiate or perform a contract, and otherwise Art. 6(1)(f) GDPR (our legitimate interest in responding to inquiries). Your data will be deleted once your request has been fully processed and no statutory retention obligations apply.
To protect against automated abuse (spam, bots), we technically check submissions (including a "honeypot" field, time-based checks, and a limit on requests per IP address). For this purpose, your IP address is processed only briefly and in pseudonymised (hashed) form; the IP address of a successfully submitted request is not stored permanently in plain text. The legal basis is Art. 6(1)(f) GDPR. Google reCAPTCHA is additionally used (see section 5).
To protect our contact form from automated abuse, we use the "reCAPTCHA" service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). reCAPTCHA is loaded exclusively on the contact form and only when it is used — not on other pages. In this process, your IP address as well as interaction and usage information are transmitted to Google and evaluated in order to distinguish automated access from human access. The content you enter into the form is not read out in this process.
The legal basis is our legitimate interest in a contact form protected against abuse pursuant to Art. 6(1)(f) GDPR. Further information: Google's privacy policy and Google's terms of service. Data may be transferred to Google in the USA (see section 9).
The following services are only used with your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG) and are technically loaded only after you have given your consent. You can revoke your consent at any time via "cookie settings" in the footer with effect for the future.
Google Analytics 4 ("statistics" category). The provider is Google Ireland Limited (address as above). For reach measurement and usage statistics, data such as IP address (with IP anonymization enabled), time of access, device and browser information, as well as information about your usage, is processed and aggregated into pseudonymous statistics.
Google Ads conversion tracking ("marketing" category). The provider is Google Ireland Limited. To measure the success of our advertisements, we measure whether you perform certain actions after clicking on an ad. For this purpose, cookies may be set and data (including IP address, time, device and browser information, usage information) may be transmitted to Google.
Data collected through Google services may be transmitted to servers of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (see section 9). Further information: Google's privacy policy.
On individual pages, we embed videos from YouTube (Google Ireland Limited; in extended privacy mode via youtube-nocookie.com) and Vimeo (Vimeo.com, Inc., New York, USA). This content is embedded as a "click-to-load" solution: simply visiting the page does not yet establish a connection to YouTube or Vimeo. Only when you actively load the video (or allow the "external media" category) is data — in particular your IP address — transmitted to the respective provider.
The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. In this process, data may be transferred to Google or Vimeo in the USA (see section 9). Privacy notices: Google/YouTube · Vimeo.
We only disclose personal data to the extent necessary to provide our services or where you have given your consent. The following are involved in particular as processors (Art. 28 GDPR) or recipients:
– Web hosting (storage and delivery of the website, email delivery of the contact form): ALL-INKL.COM – Neue Medien Münnich, owner René Münnich, Hauptstraße 68, 02742 Friedersdorf.
– Cloudflare, Inc. (content delivery network, security), USA.
– Google Ireland Limited / Google LLC (reCAPTCHA as well as — with consent — Analytics and Ads).
– IMPRESSUMPRIVATSCHUTZ GmbH (postal address), see section 10.
Data processing agreements pursuant to Art. 28 GDPR are in place with our processors.
Some of the services mentioned (Cloudflare, Google, Vimeo) may transfer data to the USA or process it there. Insofar as a provider is certified under the EU-US Data Privacy Framework, the transfer takes place on the basis of the European Commission's adequacy decision (Art. 45 GDPR). In addition, or otherwise, we base transfers on the European Commission's standard contractual clauses (Art. 46(2)(c) GDPR) together with suitable additional safeguards.
For managing mail addressed to us, we use the services of IMPRESSUMPRIVATSCHUTZ GmbH, Ludwig-Erhard-Str. 18, 20459 Hamburg. This service provides a postal address for our project. This is in our legitimate interest pursuant to Art. 6(1)(f) GDPR. A data processing agreement is in place with this service provider.
Under the GDPR, you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), and data portability (Art. 20), as well as the right to withdraw consent given at any time with effect for the future (Art. 7(3) GDPR). To exercise your rights, an informal notification to the contact details given above under "Controller" is sufficient.
Right to object
Insofar as we process your data on the basis of legitimate interests (Art. 6(1)(f) GDPR), you have the right to object to this processing at any time, with effect for the future, for reasons arising from your particular situation (Art. 21 GDPR). Where processing is carried out for the purposes of direct marketing, you have the right to object at any time.
You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). As a rule, you may contact the supervisory authority of your habitual residence, place of work, or our registered office.
We process personal data only for as long as necessary for the purposes stated or as required by statutory retention obligations. Server log files are deleted in the short term; data from contact inquiries after they have been finally processed; the server-side consent log after three years; your cookie selection stored in the browser after approximately 180 days or until revoked. The storage period for cookies set by Google is determined by the provider's specifications.
This privacy policy is currently valid. Further development of our website or changes to legal requirements may make it necessary to amend it. The version available on this page at any given time shall apply.