Last update: 04.08.2021
Thank you for visiting our website and your interest in our company. The protection of your personal data is an important concern for us. For this reason, compliance with the strict legal provisions on data protection is a matter of course for us. Data protection begins with transparency. It is therefore our concern that you should always know when we store which of your personal data, for what purpose we use it, but also how you can restrict or prevent its use. Our data protection regulations are designed in such a way that they comply with the applicable data protection laws.
I. Contact Data Controller
The Controller responsible within the meaning of Art. 4 lit. 7 GDPR and other national data protection laws and other data protection regulations is, when you visit our OurAir Webshop (https://shop.mann-hummel.com/de/ourair/):
MANN+HUMMEL Vokes Air GmbH & Co. OHG
45549 Sprockhövel, Germany
Phone +49 (7141) 98-0, Fax +49 7141 98-2545
When you visit our E-Mobility Webshop (https://shop.mann-hummel.com/en/e-mobility/) it is:
Schwieberdinger Strasse 126
71636 Ludwigsburg, Germany
Phone +49 (7141) 98-0, Fax +49 7141 98-2545
II. Address of the Data Protection Officer
You can reach our data protection officer at the following contact details:
MANN+HUMMEL International GmbH & Co KG
Schwieberdinger Strasse 126
71636 Ludwigsburg, Germany
III. Legal basis for the processing
We only collect, process and use personal data if we are permitted to do so by law, or if you have given us your consent.
As far as we obtain consent for the processing from the data subject, article 6 paragraph 1 letter a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of the personal data.
In the processing of personal data which is required to fulfil a contract where one of the contract parties is the data subject, article 6 paragraph 1 letter b) of the GDPR serves as the legal basis. This also applies to all processing actions which are required for the execution of pre-contractual measures.
Insofar as a processing of the personal data is required for the fulfilment of a legal obligation which our company is subject to, article 6 paragraph 1 letter c) of the GDPR serves as the legal basis. As a company we are subject to, for example, statutory retention periods according to the German Tax Code (AO) and the German Commercial Code (HGB).
In the case that the vital interests of the data subject or a different individual requires that the personal data be processed, article 6 paragraph 1 letter d) of the GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, article 6 paragraph 1 letter c) of the GDPR serves as the legal basis.
IV. Recipient of the data
We do not pass on your personal data to third parties for direct marketing purposes. We may share your personal information with the following recipients in accordance with applicable data protection laws and regulations:
Your data will be processed and used within the EU/EEA. However, for certain procedures, processing may also be necessary outside the EU/EEA. If service providers are commissioned by us to process personal data (within the EU/EEA or third countries), all necessary measures are taken to ensure that the processing complies with data protection regulations.
We also take appropriate technical and organizational measures to protect personal data from theft, other loss, misuse and any unauthorized access during processing.
V. Your rights
Rights of data subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR. Your rights are regulated in Chapter III of the GDPR. You have the right of access to the data processed by the controller, the right of rectification, the right to limit processing, the right of cancellation, the right of information, the right of transferability, the right to object to processing, the right to withdraw your consent and the right not to be subject to a decision based on exclusively automated processing. To exercise your rights as a data subject, simply send an e-mail to email@example.com.
The right to complain to the regulatory authority
Irrespective of another regulatory or judicial redress, you have the right to file a complaint with a regulatory authority, in particular in the member state where you are a resident, where your workplace is, or where the presumed infringement has taken place when you are of the opinion that the processing of your personal data violates the GDPR.
The regulatory authority to which the complaint is filed, advises the complainant about the status and the results of the complaint including the possibility of legal action acc. to Art. 78 GDPR.
You are free to select the regulatory authority (Art. 77 GDPR). The competent regulatory authority for MANN+HUMMEL Vokes Air GmbH & Co OHG is that of the German federal state of Nordrhein-Westfalen, and for MANN+HUMMEL GmbH that of the German federal state of Baden-Württemberg.
VI. Right of modification
We reserve the right to modify this privacy statement under observance of the legal regulations.
Our webshops under the domain https://shop.mann-hummel.com are operated as a fully managed service.
When you visit our webshops, general information about this process is automatically stored in a log file. This serves exclusively system-related purposes (optimization of the website, compatibility check, abuse prevention, troubleshooting). The stored usage data are not stored together with other personal data. The following data record is made each time the website is accessed:
The mentioned technical data above will be deleted as soon as the purpose for which they were collected no longer applies, but no later than 6 months after our website has been accessed.
The above mentioned data will not be passed on to third parties or otherwise evaluated, unless there is a legal obligation to do so.
If you contact us by telephone, we will store your data for the purpose of processing your enquiry and in the event that further correspondence is required. All data will be deleted after your request has been completely processed. This does not apply to data for which there is a legal or otherwise prescribed obligation to keep records.
It is possible to subscribe to free newsletters which will inform you about updates and offers of our products. Your personal data will be processed during registration for the purpose of sending you newsletters. The processing is done in our CRM system. Your personal data (name, e-mail address) will be transferred to the CRM system for this purpose.
When you register for the newsletter, you will receive a confirmation e-mail to verify your identity (double opt-in). We save your IP address and the date of registration. This storage serves only as proof to the supervisory authorities and in the event that a third party misuses an email address and registers for the newsletter without the knowledge of the entitled person.
You can withdraw your consent to the storage of your data and the receipt of the newsletter at any time for the future. The withdrawal can be made via a link in the newsletter itself. After withdrawal you will no longer receive the newsletter.
We analyze the use of newsletters in pseudonymised form. For this purpose, opening rates, hard and soft bounces to check the deliverability of the newsletter as well as the number of forwarded newsletters are recorded. This analysis does not allow any conclusions to be drawn about personal data such as your e-mail addresses.
If you contact us via our contact form, personal data is collected. Your details will be stored for the purpose of processing your request. Mandatory details are marked with an asterisk (*). All other information is voluntary.
We delete the data collected in connection with the contact form after the purpose no longer applies and storage is no longer necessary, or restrict processing if there are legal storage obligations.
Legal basis for the processing of your personal data:
Webshop users can create a user account. As part of the registration process, the required mandatory data is provided to the users and processed on the basis of Art. 6 para. 1 lit. b GDPR for the purposes of providing the user account. The processed data includes in particular the login information (company, name, e-mail address). The data entered during registration is used for the purposes of using the user account and its purpose.
Users can be informed by e-mail about information relevant to their user account, such as technical changes. A user account can be terminated. For this purpose the contact form is to be used. If users have cancelled their user account, their data with regard to the user account will be deleted, subject to a legal obligation to keep records. It is the responsibility of the users to save their data before the end of the contract if they have terminated their user account. We are entitled to irretrievably delete all user data stored during the term of the contract.
When using our registration and login functions and the user account, we store the IP address and the time of the respective user action. The IP address is anonymized as soon as the order is completed. The storage is based on our legitimate interests as well as the user's need for protection against misuse and other unauthorized use. As a matter of principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c) GDPR.
Data processing for processing orders
We collect personal data and process it if you provide us with this data on the occasion of the execution of a contract. The legal basis is Art. 6 para. 1 lit. b) GDPR. Which data is collected can be seen from the respective input form masks. Deletion is possible at any time and can be done by sending a message via the contact form. We store and use the data provided by you for the purpose of processing the contract between you and us. After complete processing of the contract or deletion of your customer data, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods have expired.
Data processing for the processing of orders - Data transfer to third parties
Data transfer to shipping service providers
The personal data collected by us will be passed on to the transport company commissioned with the delivery within the framework of the contract processing, as far as this is necessary for the delivery of the goods. The legal basis for the transfer of data is Art. 6 Para. 1 lit. b) and f) GDPR.
Data transfer to payment service providers (payment service providers).
We have integrated components from PayPal on our OurAir webshop. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the person concerned selects "PayPal" as a payment option in our online shop during the ordering process, data of the person concerned is automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transmission of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, surname, address, email address, IP address, telephone number, mobile phone number or other data necessary for the processing of payments. Personal data which are related to the respective order are also necessary for the processing of the purchase contract.
The purpose of the transmission of data is to process payments and prevent fraud. The person responsible for processing will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the data controller may be transmitted by PayPal to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness.
PayPal may share personal data with affiliated companies and service providers or subcontractors as necessary to fulfil contractual obligations or to process the data on behalf of an order.
The person concerned has the possibility to revoke his or her consent to PayPal to handle personal data at any time. Revocation does not affect personal data that must be processed, used or transmitted for the (contractual) handling of payments.
Other information for business partners
For further information on the processing of your personal data, please refer to our data protection information [Link].
The following types of cookie are used by us:
Our website uses OneTrust's cookie-consent-technology to inform you about the cookies used.
Duration of storage, possibility of objection and removal
Use of OneTrust (cookie consent)
Our website uses OneTrust's cookie-consent-technology to obtain your consent to store certain cookies in your browser and to document these in a data protection compliant manner. The provider of this technology is OneTrust, represented in two main offices in the USA and England: Atlanta, GA, USA (co-headquarters), 1200 Abernathy Rd NE, Building 600, Atlanta, GA 30328 United States, +1 (844) 847-7154, England (co-headquarters), 82 St Johns Street, Farringdon London, EC1M 4JN, +44 (800) 011-9778. When you enter our website, a OneTrust cookie is stored in your browser, which stores the consents you have given or the revocation of those consents.
The collected data is stored until you request us to delete it or until you delete the OneTrust cookie itself or until the purpose for which the data is stored no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of OneTrust cookies can be found in the OneTrust data protection declaration at https://www.onetrust.com/privacy/
We have signed a contract for order processing with One Trust. This is a contract that is required by data protection law and ensures that One Trust processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR
We have signed a contract for order processing with One Trust. This is a contract that is required by data protection law and ensures that One Trust processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Use of Google
On our website, Java-Script code of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google) is loaded. If you have activated Java-Script in your browser and have not installed a Java-Script blocker, your browser may transmit personal data to Google. To prevent the execution of Java-Script code from Google altogether, you can install a Java-Script blocker (e.g. www.noscript.net or www.ghostery.com).
Use of Google Analytics
Our website uses Google Analytics, a web analysis service of Google Inc, (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; "Google"). The use includes the "Universal Analytics" operating mode. This facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus the analysis of a user’s activities across devices.
You can prevent the storage of cookies by a corresponding setting in your browser, whereby we wish to point out that in this case you may not be able to fully use all of the functions on our website. Furthermore, you can prevent the sending of the personal data based on your use of the website by the cookie (including your IP address) to Google and also the processing of this data by downloading and installing the opt-out cookie available here tools.google.com/dlpage/gaoptout. Opt-out cookies prevent the future recording of your data when you visit this website. In order to prevent the use of Universal Analytics over different devices, you will have to install the opt-out on all of the used systems. Click here to set the opt-out cookie:
Further information on the use of data for advertising purposes by Google and possibilities for settings and revoking your consent is available at the websites of Google:
Google Ad Services / Google AdWords Conversion / Google Dynamic Remarketing:
We work with Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland in the area of "online marketing" to determine whether an internet user has become aware of our website through a Google ad. Google uses "cookies", which are stored on your computer and enable an analysis of the use of the website. The cookies for the so-called "conversion tracking" are set when you click on an advertisement placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If you wish to deactivate these cookies for "conversion tracking", you can set your browser to block cookies from the domain "googleadservices.com". To prevent the execution of Java-Script code from Google altogether, you can install a Java-Script blocker (e.g. www.noscript.net or www.ghostery.com). If you would like more information about this practice and to know your choices about not having this information used by Google, click here: https://support.google.com/adwords/answer/1722022?hl=de.
Use of Google Tag Manager
Our website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it will remain in effect for all tracking tags to the extent that these are implemented with the Google Tag Manager.
Use of Google ReCaptcha
To ensure sufficient data security when transmitting contact and registration forms, we use the Google ReCaptcha service. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google ReCaptcha is used on our website to differentiate whether the input into forms is made by a natural person or abusively by machine and automated processing. Data processing in accordance with Art. 6 Para. 1 lit. f) GDPR. The Google service includes the processing of IP addresses and possibly other data required by Google for the ReCaptcha service. The deviating data protection regulations of Google Inc. apply to this. Further information on the data protection guidelines of Google Inc. can be found at www.google.de/intl/de/privacy or www.google.com/intl/de/policies/privacy/.
Facebook Conversion Tracking Pixel
We use the Custom Audiences service of Facebook Inc. (1601 S. California Avenue, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) as part of our usage-based online advertising. For this purpose, we define target groups of users based on certain characteristics in the Facebook Ads Manager, who are subsequently shown ads within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided through their use of Facebook. If a user clicks on an advertisement and subsequently arrives on our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel embedded on our website.
Basically, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in the process. This collects information about your activities on our website (e.g. surfing behavior, subpages visited, etc.). For the geographic targeting of advertising, your IP address is also stored and used.
Facebook Custom Audiences via the customer list is not used by us, nor is the "advanced matching" function.
The Facebook Pixel is only set with your consent. The use of the pixel as well as the storage of "conversion cookies" is accordingly based on Art. 6 para. 1 lit. a DSGVO.
LinkedIn Insight Tag
We use the Insight Tag service of LinkedIn Corp. (LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale CA 94085, USA or LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) as part of our usage-based online advertising. Using this technology, we can generate reports on the performance of our advertisements as well as information on website interaction. For this purpose, the LinkedIn Insight Tag is embedded on this website, which establishes a connection to the LinkedIn server when you visit this website. We process your data to evaluate campaigns and collect information about website visitors who may have reached us through our campaigns on LinkedIn.
The LinkedIn Insight Tag is only set with your consent. The use of the tag is accordingly based on Art. 6 para. 1 lit. a DSGVO.
Social Media Link
We have included links to Facebook, Twitter, Xing and LinkedIn on our digital platform. Clicking on the respective icon will take you to the respective social media platforms.
This linking does not transmit any data from you to the operators of the respective social media platform. If you click on one of these links, you will be redirected to the respective website of the social network and forwarded. Depending on your browser settings, this is done by opening a new tab or a pop-up. Only when you change the URL will the operator of the respective social network collect and process your data.
For more information about privacy on Facebook, follow this link: https://www.facebook.com/about/privacy/
For more information about data protection on Twitter, follow this link:
For more information on data protection at Xing, follow this link:
For more information on data protection at LinkedIn, follow this link: