HMM Privacy Policy

Legals

Privacy

We treat your privacy as seriously as we treat our own. If there’s something vague, weird or confusing in here, send us an email about it.

Privacy Policy

In this privacy policy, we’re going to tell you about how we use personal information that we have about you as a business, whether we’ve collected that personal information through our website, working with our clients or suppliers or in any other way. Personal information is anything that identifies you personally like your name, your contact details, photograph etc.

HMM is made up of different entities, details of which can be found here. This privacy notice is issued on behalf of HMM so when we mention “HMM”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant entity in our agency responsible for processing your data. HMM is the controller and is responsible for this website.

Quick Guide to Contents

What personal information do we collect about you?
How do we use your personal information?
How long do we keep your personal information?
Who do we share your personal information with?
What happens if you do not provide us with the information we request?
Do we make automated decisions concerning you?
Do we transfer your personal information outside the EEA?
What are your rights?
How do we contact you?
How do you contact us?

What personal information do we collect about you?

We only collect your information in the following ways:

Information you give us

These are the details that you have shared with us. For example, if you’ve filled in a form on our website or sent an email to one of our office email addresses. This may also be where you’re applying for a job and have sent us your CV. Alternatively, it could be information you provide to us for work we are doing on behalf of one of our clients, for example when setting up an event for them, or where you enter competitions that we’re running on social media on behalf of a client, or where we are assisting a client with their customer enquiries.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

Analytical/performance cookies
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

Information we receive from third parties or other sources

Where we are working with a client they may provide us with information about you – perhaps you are an employee of our client or are a contact that they want us to get in touch with. We may also purchase access to services that provide personal information relating to media contacts.

How do we use your personal information?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Information you give us

We may use this information as HMM or on behalf of our clients:

to carry out our obligations arising from any contract entered into between you and us, and to provide you with the information, products and services that you request from us; such as prize fulfilment, competition entry validation, or event management.
to ensure that content from our site is presented in the most effective manner for you and for your computer.
to understand issues connected to customer feedback.
to consider you for the jobs that you have applied for.

Information we receive from third parties or other sources

We may use this information as HMM or on behalf of our clients:

to administer our site and for internal operations, including research, statistical and survey purposes.
to improve our site and ensure that content is presented in the most effective manner.
to allow you to participate in interactive features of our service, when you choose to do so.
to keep a track of journalists, media contacts and partner agencies.

Information we receive from other sources.

We may combine this information with information you give to us and information we collect about you and use this information for the purposes set out above (depending on the types of information we receive).

How long do we keep your personal information?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. We will only hold personal data for as long as is necessary to service a client relationship or other type of contract. If you apply for one of our employment opportunities and are unsuccessful, we will delete your details after six months.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. These retention periods are set out in our internal retention policy.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

There are instances where you can ask us to delete your data: see The Right to Erasure below for further information.

Who do we share your personal information with?

We may share your personal information internally (but only with the teams that need access) or with certain third parties.

We will only do this for a purpose set out in “How do we use your personal information?” above.

We may share your personal data with the following types of third party:

Service providers acting as processors, for example, those who provide IT and system administration services.
Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
Regulators and other authorities acting as processors or joint controllers based in the United Kingdom or other relevant jurisdictions who require reporting of processing activities in certain circumstances.

We store personal information using several different IT service providers, however we only work with vetted suppliers that have the right security processes in place to protect this data.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

What happens if you don’t provide us with your personal information? Or what happens when you ask us to stop processing your information?

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Do we make automated decisions concerning you?

No, we do not carry out automated decision making about you.

Do we use Cookies to collect personal data on you?

We do, but only to understand better how you use our website. See our cookie information here to learn more.

Do we transfer your personal information outside the EEA?

We have entities spread across the globe, and there are instances where we need to share personal information with teams in locations outside of the EEA. We have therefore entered into a specific intra-group contract approved by the European Commission which gives these transfers of personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

We may also transfer your personal data outside of the EEA as a result of storing your information within our technology services (for example, OneDrive).

Whenever we do transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring we have entered into specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

What are your rights?

By law, you have nine important rights when it comes to your personal information. To get more details about these rights, talk to the data protection regulator in your country.

Rights	What does this mean?
1. The right to object to processing	You have the right to object to certain types of processing, including processing for direct marketing.
2. The right to be informed	You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights.
3. The right of access	You have the right to access your information (if we’re processing it). This is so you’re aware of what we have and can check that we’re using your information in accordance with data protection law.
4. The right to rectification	You’re entitled to correct your information if it’s inaccurate or incomplete.
5. The right to erasure	This is also known as ‘the right to be forgotten’. What it means is that you can tell us to delete all the personal information we have on you (where there’s no compelling reason for us to keep using it). This isn’t a general right to erasure; there are exceptions. But if you ask us to delete, we’ll do it.
6. The right to restrict processing	You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but we may not use it any more. We keep a list of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
7. The right to data portability	You have rights to obtain and reuse your personal information for your own purposes across different services. For example, you can move, copy or transfer your information easily between our tech services and theirs safely and securely, without affecting its usability.
8. The right to lodge a complaint	You have the right to lodge a complaint about the way we handle or process your personal information with your national data protection regulator.
9. The right to withdraw consent	If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time. (Although if you do, it doesn’t mean that anything we’ve done with your personal information with your consent before that point was unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.

We usually act on requests and provide information free of charge. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How will we contact you?

We may contact you by phone, email or social media. If you prefer a particular means of contact, please let us know.

How can you contact us?

If you have any questions you can contact us at:

Hokamp Medien Manufaktur
Postfach 1114
37421 Bad Lauterberg
Germany
privacy@hokampmedien.de
T: +49(0)5524.9668.9700
F: +49(0)5524.9668.9709

Appendix

Here you will find a list of tools and services we use:

Newsletter

On our website you can subscribe to a free newsletter including advertisements if you have expressly consented to its receipt. To prevent fraudulent use, you will first receive an e-mail with a confirmation link which you must activate to receive the actual newsletter (so-called double opt-in procedure).

When you register for the newsletter, your e-mail address, your IP address and the date and time of your registration will be transmitted to us and stored and processed by us. Your data will only be used to prove your consent to receive and dispatching of the newsletter. You data is not transferred to third parties.

The legal basis for processing your data is Article 6 paragraph 1 sentence 1 letter f, of the GDPR. We have a legitimate interest in processing your data so that we can inform you about interesting offers and information and prove your agreement to receive the newsletter.

If we send you the newsletter regularly your data will be stored. If we no longer send you a newsletter, we will delete your data no later than 12 months after the last newsletter was sent to you.

Please note that you can unsubscribe at any time by sending an email to newsletter@hokampmedien.de or by clicking on the unsubscribe link included in each newsletter.

Tools we use for our newsletter:

MailChimp/Mandrill

To send out our newsletter we use the services MailChimp and Mandrill from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA, who has processed your data exclusively on our behalf and in accordance with our instructions (so-called contract processor according to Article 28 of the GDPR and has taken the appropriate technical and organizational measures to protect your rights. You may find the services privacy policy here: https://mailchimp.com/legal/privacy/.

Your data will be processed in and transferred to the USA that means a third country outside the European Union (EU) or the European Economic Area (EEA). There is no adequate decision of the EU Commission for this country guaranteeing a level of data protection compliant with the European standard. To effectively protect your data, the transmission and processing is carried out based on the so-called EU-US Privacy Shield, under which the provider is registered. Further information can be found here: https://www.privacyshield.gov/welcome

This service provider helps us to determine on a pseudonymized basis how many recipients have opened our newsletters and the links they contain by integrating pixel tags into the newsletters. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times.

The legal basis for this is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We have a legitimate interest in analyzing the opening behavior of our newsletters in order to optimize our services and operate them economically. If you do not agree, do not open our newsletter and do not click on the links contained therein. According to its own information, the shipping service provider can use this data in pseudonymized form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical optimization of shipping and presentation or for statistical purposes to determine the recipients’ countries of origin.

Anti-Spam

In several areas on our website, we carry out a Spam scan, which is aimed to protect us from unwanted, automated input by third parties and the corresponding Spam created. To this end, you shall be requested to enter a series of letters or numbers in a field (so-called captchas). In connection herewith, your IP address will be processed.

Tools we use for Anti-Spam:

reCAPTCHA

To this end we use the “reCAPTCHA” service (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). In the process, your IP address and required data will be transferred to Google. . Further information on the applicable privacy policy can be found here: http://www.google.com/policies/privacy/.

The legal basis for processing your data to provide our website and services is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We have a legitimate interest in effectively preventing Spam, as a manual removal of Spam content would incur a high degree of effort and costs. If you do not consent to this, you will not be permitted to use the comment function.

External Content

We have included third party content in some places on our website. These include videos, map services, images and fonts. In connection with the integration of this content, it is technically necessary that the providing third parties are informed of your IP address so that the content can be displayed to you. We do not store your IP address for the integration of external content. Third-party providers may use your IP address, the use of cookies and other technologies (e.g. pixel tags, i.e. invisible graphics) to track your surfing behavior and, in addition to your IP address, process other technical information (including browser type/version, operating system used, the page you have previously visited, the host name of the accessing device and the time and other information about the use of our online offering).

External content we use:

YouTube, Google Maps, Google Fonts

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

Vimeo

Vimeo Inc., 555 West 18th Street New York, New York 10011, USA.
Privacy Policy: https://vimeo.com/privacy

The legal basis for processing your data to provide our website and services is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We have a legitimate interest in optimizing our website and improving our services by embedding content from third-party providers.

Web Analytics

When you visit our website, we automatically collect and process data to track the behavior of visitors, so that we can optimize our website and adapt it accordingly to user interests.

Services we use for Web Analytics:

Google Analytics (with anonymization function)

On this website we use the web analysis service Google Analytics (with anonymization function) of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of the Google Analytics component is to analyze the use of our website by visitors. Google as our contract processor, provides us with reports according to Article 28 of the GDPR. With the reports we can display and evaluate the activities on our website.

A Google Analytics cookie is stored on the device you visit our website with. By accessing individual pages of this website, the Google Analytics component automatically transfers the Internet browsers data on your device to Google for online analysis. As part of this technical process, Google receives information about your personal data, information about the browser type/version, operating system used, the page you have previously visited, the host name of the accessing device, IP address and the time of the request, which Google uses, among other things, to trace the origin of visitors and clicks. However, this data is not merged with any other data about you. In addition, we use the function whereby Google automatically shortens the IP address of your Internet connection and thus makes it anonymous when you access our website from a member state of the European Union or from another signatory state to the Agreement on the European Economic Area. If, in exceptional cases, data is processed outside the EEA, where there is no data protection level that meets the European standard, this is done based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA

You can object to the use of cookies by configuring your Internet browser so that generally cookies are not stored.

Alternatively, you can use the browser add-on, which you can download and install here: https://tools.google.com/dlpage/gaoptout

The installation of the browser add-on is contradictory. If your device is erased, formatted, or reinstalled at a later date, you must reinstall the browser add-on.

Further information and Google’s current privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html Google Analytics will be explained in more detail via the following link: https://www.google.com/intl/de_en/analytics/

We have configured Google Analytics in such a way that the data on which the reports are based on is deleted within 26 months.

The legal basis for the processing of your data is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We have a legitimate interest in conducting web analysis on an anonymized basis to better understand our users, to optimize our website accordingly and to determine whether the Internet advertising we place achieves the results we desire. You can object to the use of these services by opting-out. However, please note, that you may not be able to use all functions of our website.

Social Plugins

On our website we use so-called “social plugins” of various social networks (hereinafter: “plugin providers”). A social network is an internet-based social meeting point that enables users to communicate with each other and interact in a virtual space. The legal basis for the processing of your data is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We are interested in providing the most convenient and optimized offer on our website and to operate economically by integrating social plugins and the analyses that are thus possible at the same time.

After activating the plugin, a direct connection to the system of the respective social plugin provider is established via your Internet browser. The content of the social plugin is then transmitted directly to your Internet browser and integrated into our website. At the same time the social plugin transmits the information to the respective social plugin provider that you have called the corresponding page of our Internet presence. This applies regardless of whether you have created a profile with the social plugin provider or logged in or then actively use a social plugin (e. g. by clicking the “I like” button or by making a comment).

With the active use of a social plugin, the corresponding information is transmitted directly from your Internet browser to the respective social plugin provider and stored there. As soon as you are logged in at the same time at one of the social plugin providers, they can assign your visit to our website to your account created there. We have no influence on the type and extent of the data collected and transmitted. Details on the scope and purpose of data collection, processing and use can be found in the data protection information of the social plug-in providers. There you can see your rights and setting options to protect your privacy.

If you do not agree to a social plugin provider assigning the data collected through our website to your account, we would ask you to log out of your account with the respective social plugin provider before activating the social plugin. If you do not want the social plugin providers to receive, save and use data at all, please do not use or click on the respective social plugins.

Plugins we use:

Twitter

Twitter social plug-ins are operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). An overview of Twitter plugins can be found here: https://twitter.com/about/resources/buttons; information on data protection on Twitter can be found here: https://twitter.com/en/privacy.

If data is processed outside the EEA, where no data protection level according to the European standard exists, the EU-US Privacy Shield shall apply: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO

If you wish to object to the collection of data via Twitter in the future, you can set an opt-out cookie here: https://twitter.com/personalization

Facebook

The social plugins of the social network Facebook are operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (www.facebook.com ), and Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (www.facebook.de ) (“Facebook”). An overview of Facebook’s plug-ins can be found here:
http://developers.facebook.com/docs/plugins ; information on data protection on Facebook can be found here: www.facebook.com/policy.php

If you would like to object to the data collection by Facebook in the future, you can do this here: https://www.facebook.com/settings?tab=ads

Instagram

Instagram plug-ins are operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). An overview of Instagram plug-ins can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges; information on data protection at Instagram can be found here: https://help.instagram.com/155833707900388/

LinkedIn social plug-ins are operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. Information on data protection on Twitter can be found here https://www.linkedin.com/legal/privacy-policy.

If you wish to object to the collection of data via LinkedIn in the future, you can set an opt-out cookie here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing

Xing plug-ins are operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany (“Xing“). Information on data protection on Xing can be found here: https://www.xing.com/app/share?op=data_protection.

v3r1u1-d20190601-t134500