HMR Logo

Privacy Policy

We very much appreciate your interest in our company. The protection of personal data is of exceptionally high importance to the management of HMR International GmbH & Co KG. In general, you can use the website of HMR International GmbH & Co KG without providing any personal data. However, if an individual wishes to use special services offered by our company via the website, processing of personal data may become necessary. If processing of personal data is required and no legal basis exists for such processing, we generally obtain the consent of the data subject.

The processing of personal data—for example, name, address, email address or telephone number—is always carried out in accordance with the EU General Data Protection Regulation (GDPR) and the applicable national data protection regulations of HMR International GmbH & Co KG. This privacy policy is intended to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. In addition, this privacy policy explains to data subjects the rights to which they are entitled.

HMR International GmbH & Co KG, as the controller for processing, has implemented numerous technical and organizational measures to ensure as complete as possible protection of personal data processed via this website. Nevertheless, internet-based data transfers can contain security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, each data subject is free to transmit personal data to us via alternative channels—for example, by telephone.

1. Definitions

This privacy policy is based on the terms used by the EU legislature in the GDPR. It is intended to be clear and understandable for the public as well as our customers and business partners. To that end, we first explain the terms used:

  • Personal data: Any information relating to an identified or identifiable natural person (“data subject”), such as name, identification number, location data, online identifier or special characteristics relating to physical, physiological, genetic, mental, economic, cultural or social identity.
  • Data subject: Any identified or identifiable natural person whose personal data is processed by the controller.
  • Processing: Any operation performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, restriction, erasure or destruction.
  • Restriction of processing: Marking stored personal data to limit its future processing.
  • Profiling: Automated processing of personal data to evaluate personal aspects of a natural person, e.g. performance, health, reliability, preferences, behavior, location or movements.
  • Pseudonymization: Processing personal data so that it cannot be attributed to a specific person without additional separately kept information that is subject to technical/organizational safeguards.
  • Controller: The natural or legal person who alone or jointly decides on the purposes and means of processing personal data.
  • Processor: A natural or legal person who processes personal data on behalf of the controller.
  • Recipient: A natural or legal person, authority or entity to whom personal data is disclosed.
  • Third party: Any natural or legal person, authority or entity other than the data subject, controller, processor or persons under the controller’s responsibility authorised to process data.
  • Consent: A freely given, specific, informed and unambiguous indication of will by which the data subject agrees to the processing of personal data.


3. Data Protection Officer
Our Data Protection Officer is:

Dr. Martina Richter
HMR International GmbH & Co KG
Machabäerstrasse 5, 50668 Cologne, Germany
Tel: +49 221 788 785 50 • E‑Mail: martina.richter@hmr-international.de

Any data subject may contact our Data Protection Officer at any time with questions or suggestions regarding data protection.


4. Collection of General Data and Information
Whenever the website is accessed, certain general data and information are collected and stored in the server’s log files. These may include:

Browser types and versions
Operating system used
Referrer URL (previous site)
Sub-pages accessed
Date and time of access
IP address
Internet service provider
Other similar data used for threat defence

This data is not traced back to individual data subjects. It is needed to correctly deliver website content, optimize our site and advertising, ensure system functionality, and provide authorities with necessary information in case of cyber-attacks. These anonymized log-file data are evaluated statistically to improve data protection and security, and stored separately from any personal data supplied by a data subject.


5. Website Registration
Data subjects may register on our website by providing personal data as requested in the registration form. These data are stored solely for internal use and may be shared with processors (e.g. shipping providers) only for processing on behalf of the controller. IP address, date and time are also recorded at registration to prevent misuse of services. This data is generally not shared with third parties unless required by law or for criminal prosecution.

Registration enables access to certain content or services that are only available to registered users. Registered users may change or delete their personal data at any time. Upon request, we provide information, correction or deletion of personal data, unless legal retention obligations prevent deletion.


6. Routine Deletion and Blocking
Personal data is processed and retained only as long as necessary for its purpose or as required by law. Once that purpose ceases or retention periods expire, data are routinely blocked or deleted in accordance with legal requirements.


7. Data Subject Rights
Right of confirmation: Verification whether personal data is being processed.
Right of access: Free access to stored personal data and related information, such as processing purposes, data categories, recipients, storage duration, correction/deletion rights, complaint rights, origin of data, and automated decision-making/profiling logic and consequences.
Right to rectification: Correction of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”): Deletion of data where no longer necessary, consent withdrawn, unlawful processing, legal obligation exists, or data relates to services aimed at minors under Article 8 GDPR.
Right to restriction of processing: Under certain conditions (contest accuracy, unlawful processing, data no longer needed except for legal claims, pending objection).
Right to data portability: Receive one’s own data in a structured, machine-readable form and transfer it to another controller, where processing is based on consent or contract and is automated.
Right to object: Right to object on grounds relating to one’s situation, especially where processing is based on legitimate interest or for direct marketing.
Right to object to automated decision-making, incl. profiling: Unless based on contract, legal requirements or explicit consent; in such cases we ensure safeguards such as the right to human intervention and explanation.
Right to withdraw consent: At any time, without affecting the lawfulness of processing based on consent before withdrawal.

Data subjects may exercise any of these rights by contacting a member of our staff at any time.


8. Google Analytics (with Anonymization Feature)
Our website integrates Google Analytics (with anonymize-IP functionality), a web analysis service provided by Google Inc., Mountain View, CA, USA. This tool collects data on visitor origin (referrer), page views, visit frequency and duration, mostly for optimizing the website and analyzing advertising ROI. We use the _gat._anonymizeIp feature, which anonymizes users’ IP addresses if accessing from within the EU or EEA. Google sets a cookie and receives data such as the anonymized IP address, time, location, frequency of visits, which may be transferred to and stored in the USA and possibly shared with third parties in accordance with Google’s terms.

You can refuse cookies in your browser settings to block or delete them, thus preventing Google Analytics tracking. Alternatively, you can download and install the Google Analytics Opt-out Browser Add-on to disable data collection. This block must be reinstalled if your system is reformatted or reinstalled. Further information and Google’s privacy policy can be found on Google’s websites.


9. Legal Basis of Processing
Art. 6(1)(a) GDPR: Consent-based processing
Art. 6(1)(b) GDPR: Processing necessary for contract performance or pre-contractual measures
Art. 6(1)(c) GDPR: Processing required by legal obligations
Art. 6(1)(d) GDPR: Processing necessary to protect life or vital interests
Art. 6(1)(f) GDPR: Processing based on legitimate interests, provided the data subject’s rights do not override those interests


10. Legitimate Interests Pursued
Where processing is based on Art. 6(1)(f) GDPR, our legitimate interest lies in conducting our business for the wellbeing of our employees and stakeholders.


11. Retention Period
Criteria for retention are statutory retention periods; once expired and if not needed for contract fulfillment or negotiation, data are routinely deleted.


12. Mandatory Data Provision
We clarify that providing personal data may be legally mandated (e.g., tax laws) or contractually required (e.g. partner data). Not providing required data may result in inability to conclude a contract. Before providing data, data subjects should consult our staff to determine whether provision is required and what consequences may result from non-provision.


13. Absence of Automated Decision-Making
As a responsible company, we refrain from using fully automated decision-making or profiling.