When you visit them, or contact us via contact form, email, or phone, various personal data are collected.
Personal data are data with which you can be personally identified. Unfortunately, it is generally not possible to display a website without personal data on your end device, this includes, for example, your IP address.
In the following, we provide you with detailed information about which data we collect, what we use it for, how and for what purpose this happens, as well as what rights you have.
The party responsible for data processing on these websites is the
HUM Gesellschaft für Homecare und Medizintechnik mbH
Zum Pier 79
FON +49 (0)231 880885-0
FAX +49 (0)231 880885-58
Data Protection Officer
We have appointed a data protection officer for our company:
c/o LEXDATA Consulting GmbH
Bösinghovener Str. 98
FON +49 0 21 59) 922 53 74
The authority responsible for data protection for us is the
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
FON 0211 / 38 424-0
Our websites are hosted on servers of an external hosting service provider, specifically Image Arts GmbH - IT and New Media, Otto-Hahn-Str. 2, 40670 Meerbusch.
Personal data collected on our websites are processed on these servers. This includes, for example, IP addresses, meta and communication data, website accesses, and other data generated via the websites.
Our service provider will process your data only to the extent necessary to fulfill its performance obligations and will follow our instructions regarding this data. We have concluded a contract for order processing with our service provider to ensure data protection-compliant processing.
The use of our service provider is in the interest of a secure and efficient provision of our websites by a professional provider (Art. 6 para. 1 lit. f GDPR).
Server Log Files
The hosting service provider of our websites collects and stores information in so-called server log files, which your browser automatically transmits when you visit the website. These are:
- Referrer (previously visited webpage)
- Requested webpage or file
- Browser type and browser version
- Operating system used
- Device type used
- Time of access
- IP address in anonymized form
These data are not merged with other data sources. The data collection is in the interest of a technically error-free presentation and optimization of our websites (Art. 6 para. 1 lit. f GDPR).
If you wish to receive the newsletter offered on the website with regular information about our offers and products, we require your email address as mandatory information. The provision of additional data is to address you personally in the newsletter and/or to identify you in case you want to exercise your rights as a data subject. Furthermore, as a company in the B2B sector, we need to authenticate using your customer number as proof that you are an existing customer of HUM GmbH. For the dispatch of the newsletter, we use the so-called double opt-in procedure. This means that we will only send you our newsletter by email after you have expressly confirmed that you consent to the sending of newsletters. You will receive an email with a link to confirm that you, as the owner of the corresponding email address, want to receive newsletters in the future.
By confirming, you give us your consent according to Art. 6 para. 1 lit. a GDPR to use your personal data for the purpose of sending the desired newsletter. When registering for the newsletter, we store, in addition to the email address required for sending, the IP address you used to register for the newsletter, as well as the date and time of registration and confirmation and your company customer number, to be able to trace any potential misuse at a later date.
The dispatch of our email newsletters is carried out via the technical service provider CleverReach GmbH & Co. KG, CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany, to whom we pass on your data provided at the time of newsletter registration.
This transfer is made in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in using an effective, secure, and user-friendly newsletter system. CleverReach uses this information to send and statistically evaluate the newsletters on our behalf. For evaluation, the sent emails contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This determines whether a newsletter message has been opened and which links may have been clicked. Using conversion tracking, it can also be analyzed whether a predefined action, such as a purchase, has taken place after clicking on the link in the newsletter. Technical information is also collected (e.g., time of retrieval, IP address, browser type, and operating system). The data is collected exclusively in a pseudonymized form and is not linked to your other personal data, excluding direct personal reference. These data are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Inquiries via Contact Form, Email, or Phone
If you contact us via contact form, email, phone, or fax, your inquiry, including all resulting personal data, will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in the effective handling of requests addressed to us.
The data sent to us via contact inquiries remain with us until you request us to delete them, revoke your consent to storage, or the purpose for data storage lapses (e.g., after the completion of your request). Mandatory legal provisions – in particular legal retention periods – remain unaffected.
To exercise your rights, you can contact us at any time using the contact details provided in the imprint and in the "Responsible Party" section.
Withdrawal of Your Consent to Data Processing (Art. 7 (3) GDPR)
Many data processing operations are only possible with your express consent. You can withdraw consent you have already given at any time. An informal email to us is sufficient. The legality of the data processing carried out until the withdrawal remains unaffected.
Right to Access, Rectification, Blocking, Deletion (Art. 15-17 GDPR)
You have the right at any time, within the framework of the applicable legal provisions, to free information (Art. 15 GDPR) about your stored personal data, their origin and recipients, and the purpose of data processing, and possibly a right to rectification, blocking, or deletion of these data (Art. 16, 17 GDPR).
- Right to Restrict Processing (Art. 18 GDPR)
You have the right to request the restriction of the processing of your personal data (Art. 18 GDPR). This right exists in the following cases:
If the processing of your personal data has been or is being carried out unlawfully, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need them to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
If you have lodged an objection under Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.
- Right to Data Portability (Art. 20 GDPR)
You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract, in a standard, machine-readable format, or to request its transfer to a third party (Art. 20 GDPR). If you request the direct transfer of the data to another responsible party, this will only be done to the extent that it is technically feasible.
- Right to Object (Art. 21 GDPR)
If data processing is based on Art. 6 (1) lit. e or f GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data. You can find out the legal basis on which a processing is based in this privacy statement. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise or defense of legal claims (objection under Art. 21 (1) GDPR).
Profiling does not take place.
- Right to Complain to a Supervisory Authority (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR).