Privacy policy

Data protection information (valid from 15.11.2023)

This data protection notice is intended to provide an overview of what happens to your personal data (hereinafter also referred to as "data") in our company and to inform you about the data protection claims and rights to which you are entitled within the meaning of the European General Data ProtectionRegulation("GDPR") and the Federal Data Protection Act ("BDSG") and the Telecommunications Telemedia Data Protection Act ("TDDDG"). We therefore ask you to take note of this data protection information and, if necessary, to print it out or save it.

Personal data is all data with which you can be personally identified. Your personal data may be processed for various purposes. Essentially, the data processing operations by Mobility Hub Parkservice GmbH (hereinafter also referred to as "MH Parkservice" or "we") can be divided into the following areas of application:

  • General: General information on data protection, data processing procedures and data subject rights, which apply to all data processing procedures carried out for us, can be found in Part A below.
  • Our websites: In connection with our website www.mh-parkservice.de (hereinafter: "website") or related external online presences, such as our social media profiles from which we refer to this data protection notice (website and external online presences hereinafter jointly also: "internet presences"), we process data of visitors that is exchanged between their internet-enabled end devices and the server operated by us, as well as data that is communicated to us in the course of using the website. You can find details on this under Part B
  • Parking lot users: For information on the processing of data of users of parking lots managed by us, for example in the context of payment transactions via the MHP Online Shop, tracking of parking violations by MH Parking Service or viewing details of parking violations via our PCN portal, please visit Part C.
  • B2B: We process the necessary data of our business customers and interested parties for the purpose of processing or initiating contracts. Data from our business partners and suppliers is used exclusively for the direct placement, processing and execution of orders. You can find more information on this under Part D.

Please visit the individual sections if you want to obtain information on specific processing situations quickly and in context.

A. General information on data protection and data subject rights

I. Who is responsible for data processing and who can you contact if you have any questions?

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is the:

Mobility Hub Park Service GmbH

Nördliche Münchner Straße 27a

82031 Grünwald

Phone: +49 89 2778299 51

E-mail: info@mh-parkservice.de 

For questions regarding data protection, you are welcome to contact our data protection officer at the following contact details:

Richard Metz

External data protection officer (TÜV certified)/lawyer

LLP Data Protect GmbH

Würmtalstraße 20a (postal address)

81375 Munich

‍Phone: +49 89 552755 00

E-mail: datenschutz@mh-parkservice.de

II. What rights do you have regarding your personal data?

If your personal data is processed, you are a "data subject" within the meaning of the GDPR, which may entitle you to the rights described below. If you assert rights against MH Parkservice as the controller, we recommend that you address them to our contact details above:

1. right to information

In accordance with Art. 15 DSGVO, you may request confirmation from us as to whether personal data relating to you is being processed by us and request information as to the extent to which we are processing your data.

2. right to rectification

If personal data concerning you is incorrect or incomplete, you have the right to rectification and/or completion in accordance with Art. 16 GDPR

3. right to deletion

If the legal requirements of Art. 17 DSGVO are met, you can demand that we delete your data if we process it unlawfully or the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations.

Irrespective of the exercise of your right to deletion, we will immediately and completely delete your data in order to fulfill our legal deletion obligations after the purpose of processing has ceased to exist, insofar as no legal transaction or statutory retention period in this regard is opposed.

4. right to restriction of processing

You can request that we restrict the processing of your data in the cases specified in Art. 18 GDPR. If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

5. right to data portability

According to Art. 20 DSGVO, you have the right to have data provided by you, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

6. right of objection

If we process your data on the basis of a legitimate interest within the meaning of Art. 6(1)(f) DSGVO, you may object to this data processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions (see Art. 21 DSGVO). If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing. You may object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

7. right to revoke the declaration of consent under data protection law

Some data processing operations are only possible with your express consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation. Please note that even after consent has been withdrawn, it may still be possible to process the data concerned in whole or in part on the basis of other legal bases.

8. right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR in conjunction with Section 19 BDSG). A list of data protection officers and their contact details can be found at the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. 

Of course, you also have the right to contact the supervisory authority responsible for us according to our company headquarters:

Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach; Fax: +49 (0) 981 180093-800; E-Mail: poststelle@lda.bayern.de; www.lda.bayern.de

III Which personal data is processed and from which sources does this data originate?

1. origin of the personal data

We mainly process the data that we receive directly from the data subjects when they use our website in the course of initiating a business relationship or in the course of the business relationship (see also Part B Section VI). 

Via our website and our services, we process data that we receive during your visit or that you actively communicate to us during your use (e.g. when using our online store). Other data is collected automatically by our IT systems when you visit the website or use one of our services. This is primarily technical data (e.g. internet browser, operating system or time of a page view). This data is collected automatically as soon as you enter our website or access one of our services. You can find details on this under Part B.

In individual cases, we also process data that we have permissibly received or acquired from other third parties such as credit agencies, creditor protection associations, or from public authorities, or that we have permissibly taken, received or acquired from publicly accessible sources (e.g. telephone directories, company registers, press, Internet or other media). 

2. categories of personal data

The personal data that we regularly process includes personal master/contact data such as: Title, first and last name, salutation, date of birth. Address, e-mail address, telephone number, fax, position in the company.

In addition, depending on the order, service or other relationship with you, we process the following other personal data:

  • Address data: street, house number, if necessary address additions, postal code, city, country
  • Contact information: Phone number(s), e-mail address(es)
  • Vehicle data: License plate number, vehicle owner
  • Parking management data: Photographs, date and period of use of a parking space, parking authorizations, bank details, payment details
  • Registration data: Information about the service through which you signed up; timing and technical information about sign-in, confirmation and sign-out; information you provided when you signed up
  • Offer data
  • Access data: Date and time of the visit to our service; the page from which the accessing system reached our site; pages accessed during use; session identification data (session ID); also the following information of the accessing computer system: internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.
  • Information about the nature and content of our business relationship, such as contract data, order data, sales and document data, customer and supplier history, consulting documents
  • Advertising and sales data,
  • Documentation data (e.g. consulting protocols, data from service calls or support cases)
  • other data that we have received from you in the course of our business relationship (e.g. in customer meetings),
  • the documentation of consent declarations

IV For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as amended, in particular on the following basis:

1. fulfillment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR)

Personal data is processed on the basis of Art. 6 para. 1 lit. b GDPR to fulfill contractual obligations of MH Parkservice , in particular in connection with the sale and distribution of our goods and services (hereinafter also referred to as "parking services") as well as all activities required for the operation or administration of MH Parkservice as is customary in the industry (e.g. customer and user administration). The data may also be processed at a pre-contractual level as part of a business initiation with MH Parkservice, or when carrying out other contractual relationships with MH Parkservice

For example, Art. 6 para. 1 lit. b GDPR is the legal basis in the following cases:

  • Creation and management of a partner or supplier account in our CRM system
  • Creating and maintaining customer/prospect files or our customer/prospect database in our CRM system
  • Sending information 
  • Offer and sale of MH Parkservice products 
  • Offer and implementation of our offered services

Details on the purpose of this data processing can be found in the respective contract documents and terms and conditions.

2. safeguarding legitimate interests (Art. 6 para. 1 lit.f DSGVO)

Based on a balancing of interests, data processing may take place beyond the actual fulfillment of a contract in order to protect the legitimate interests of MH Parkservice or third parties. This is permissible unless your interests or fundamental rights and freedoms require the protection of personal data to be overridden. Data processing for the protection of legitimate interests occurs, for example, in the following cases:

  • Provision of the online offer, its functions and contents 
  • Use of technically necessary cookies or comparable technologies within the meaning of Section 25 (2) TDDDG
  • Responding to contact requests and communicating with users 
  • Transfer of data to companies and partners associated with us
  • Execution of payment transactions via external service providers 
  • Use of collection service providers and lawyers to collect receivables and/or enforce them in court
  • Assertion of other legal claims and defense in legal disputes
  • Advertising or marketing 
  • Market and opinion surveys
  • Measures for business management and further development of our services
  • Maintaining databases of customer/prospective customers and/or service providers to improve our offerings.
  • Carrying out a risk assessment (due diligence) as part of any corporate restructuring or a company acquisition or sale
  • Ensuring IT security and the IT operation of our company and our services
  • Measures for building and plant safety

3. fulfillment of legal obligations (Art 6 para. 1 lit.c DSGVO)

Processing of your data may be necessary in part for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. from the German Commercial Code or the German Fiscal Code.

4. consent (Art. 6 para. 1 lit.a GDPR, § 25 para. 1 TDDDG):

If a service used by us stores or accesses information in the user's terminal equipment in any way, consent is required in accordance with Section 25 (1) sentence 1 TTDSG. If the service functions without any access to the terminal equipment, the GDPR is relevant. If we ask for your consent within the scope of the GDPR, this is done on the basis of Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR.

If you have given us your consent to process your data in individual cases, it will be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given, e.g. for sending a newsletter, can be revoked at any time with effect for the future. To do so, please use the contact details provided in Section A. I or II. Please note that processing that took place before the revocation is not affected by the revocation and that data processing may still be possible, at least in part, on the basis of another legal basis.

V. Who receives my data?

At MH Parkservice , those employees or organizational units receive your data that need it to fulfill our contractual and legal obligations or to process or pursue our legitimate interests. 

Your data will be forwarded for the initiation or execution of a contractual relationship (e.g. sale or provision of parking services) in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR or - depending on the type of specific contractual relationship - and on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, in particular to companies that we regularly use in connection with the provision of our services or for contract processing. This concerns the following recipients or categories of recipients

  • IT service providers (e.g. e-mail service providers, web hosting companies)some text
    • Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA  
    • Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland
    • HubSpot Inc. 25 First Street, 2nd Floor, Cambridge, MA 02141 USA
    • Freshworks Inc, 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA
    • Shopify International Limited, Victoria Buildings, 2nd Floor 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
    • Peter Park System GmbH, Balanstr. 71a, 81541 Munich, Germany
  • Sales partner 
  • Advertising partner
  • Insurances 
  • Banks 
  • Communication provider (telephone provider, fax provider) 
  • Payment service provider some text
    • Stripe Deutschland GmbH, Prielmayerstr. 3, 80335 Munich, Germany 
    • Shopify International Limited (ShopifyPayments), Victoria Buildings, 2nd floor
      1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
    • secuPay AG, Goethestraße 6, 01896 Pulsnitz
  • Shipping and logistics service provider 
  • Credit bureaus 
  • Certified Public Accountant
  • Tax and legal adviser

If we use a service provider in the sense of order processing in accordance with Art. 28 GDPR, we nevertheless remain responsible for the protection of your data. Where required by law, processors are contractually obliged by means of an order processing agreement to treat your data confidentially and to process it only in the context of providing the service. The processors commissioned by us will receive your data if they require the data to perform their respective service. 

Your data will only be transferred to governmental institutions and authorities or collected for this purpose within the framework of mandatory national legal provisions or if you instruct us to do so.

VI. how long will my data be stored?

Your personal data will only be used for the purpose for which you have provided it to us or to the processing of which you have consented and will only be stored until this purpose has been fulfilled. After complete fulfillment of the purpose or as soon as you have requested us to delete your data, your data will only be stored for as long as this is necessary due to statutory limitation or retention periods (in particular tax and commercial law). However, the data will be deleted after these periods have expired at the latest, unless you have expressly consented to further or different use. You can also assert rights during the retention periods, such as the blocking of your data. Please see Section A. Clause II.

Your data will be deleted or blocked by us as soon as the purpose of storage ceases to apply or you request us to delete it. 

As a matter of principle, we process and in particular store your data only until the end of the business relationship or until the expiry of the applicable guarantee, warranty and limitation periods. For example, the limitation period according to §§ 195 ff. of the German Civil Code (BGB) is generally three years, but in certain cases up to thirty years. In addition, it may be necessary for data to be stored until the legally binding conclusion of any legal disputes in which the data is required as evidence.

We are also subject to statutory documentation and retention periods (e.g. from the German Commercial Code (e.g. Section 257 HGB), the German Money Laundering Act or the German Fiscal Code (e.g. Section 147 AO)). The retention and documentation periods specified there are two to ten years. For example, we would have to store your data even after termination of a contract with you for a period up to the conclusion of the tax audit of the last calendar year in which you were our customer. 

VII. Is personal data transferred to a third country?

As part of our processing operations, personal data may also be transferred in certain business transactions or areas of activity to entities in so-called third countries outside the EU or the EEA that have not yet been certified by the EU Commission as having an adequate level of data protection, for example to the USA. If such a data transfer should become necessary in individual cases, this will only take place on the basis of an adequacy decision by the European Commission, standard contractual clauses, suitable guarantees for compliance with data protection or your express consent.

B. Use of our websites

In principle, you can visit our websites and use them for information purposes without having to provide any personal information (e.g. register, place orders or otherwise provide information about yourself). In this case, we process personal data of our users only to the extent necessary to provide a functional website and our content and services or to the extent that cookies used on the website provide us with personal information when you visit the website. Information on our own cookies can be found in section B, point II. In addition to us, other cookies may also enable our partner companies or third parties to recognize your browser on your next visit. For information on such third-party cookies, please refer to Section B No. III.

Furthermore, the processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

I. Provision of the website and creation of log files

Description of data processing

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer, which your Internet browser automatically transmits to us or our web host (so-called log files). These server log files contain IP addresses or other data that allow an assignment to a user. This could be the case, for example, if the link to the website from which the user arrives at the website or the link to the website to which the user goes contains personal data. The following information is collected and stored by our hosting provider in this context:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer Time of the server request
  • IP address

The data is stored in the log files of our web hoster. A storage of this data together with other personal data of the user does not take place. 

Legal basis and purpose of data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR. The above information is also required to provide the service in accordance with Section 25 (2) No. 2 TDDDG.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. 

Duration of storage / possibility of objection and removal

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after 7 days at the latest. 

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

II Use of cookies

Description of data processing

Our website uses cookies or similar methods and collects, processes and uses usage data (e.g. access times, web pages accessed) or meta and communication data (IP address, device information). 

Cookies are text files with a characteristic string of characters that are stored in the Internet browser or by the Internet browser on the user's computer system and that enable the browser to be uniquely identified when the offer is called up again. If a user calls up a website, a cookie may be stored on the user's operating system. A cookie contains a characteristic string of characters. The use of these cookies serves to make a website more user-friendly, effective and secure. When you visit a website on which a cookie is embedded, the data you enter is stored exclusively in the cookie on your computer. In this case, data is only transmitted to the servers of our offer when a page request is made.

Some cookies are deleted again after the end of the browser session when your browser is closed (so-called session cookies). These cookies are technically necessary, e.g. so that you can log in to the application and also remain logged in across pages while visiting our offer. 

Other cookies remain on your terminal device for a specified period of time and allow us to recognize your browser the next time you visit (so-called persistent or protocol cookies). The purpose of the use of these cookies is to be able to offer you an optimal user experience as well as to "recognize" you and to present you with the most varied website and new content possible during repeated use. 

Cookies that originate from partner companies or third parties may be used, for example, to collect information for advertising, user-defined content or statistics ("third-party cookies"). If we do not identify cookies as originating from third-party providers, the cookies originate from our website ("first-party cookies"). We will inform you separately about third-party cookies or tracking technologies that we use in the following sections of our privacy policy.

Flash cookies are stored as data elements of websites on your computer if they are operated with Adobe Flash. Flash cookies have no time limit.

For more information about which cookies we use to make our website more user-friendly, what purpose they serve and what data is stored with them or transmitted to third parties, please refer to our cookie management tool "CookieHub" from the provider CookieHub ehf, Hafnargata 18, 230 Reykjanesbær, Iceland, through which you can give your consent to the use of cookies when you visit our website in accordance with the preferences you have selected. 

Our cookie management tool collects log file and consent data using JavaScript. This JavaScript makes it possible to inform users about their consent to certain tags on our website and to obtain, manage and document this consent. Cookie-Management-Tool saves the selected setting and the consent you gave when you entered the website and processes the following data: 

  • Consent data or consent data (anonymized logbook data (Consent ID, Processor ID, Controller ID), Consent Status, Timestamp)
  • Device data or data of the devices used (including shortened IP addresses (IP v4, IP v6), device information, timestamp).
  • User data or user data (including e-mail, ID, browser information, SettingIDs, changelog)

For this purpose, the cookie management tool stores a technically necessary cookie. Information on data protection at CookieHub can be found at: https://www.cookiehub.com/legal/privacy-policy

For more information about which cookies we use to make our website more user-friendly, what purpose they serve and what data is stored in them or transmitted to third parties, please refer to CookieHub's detailed information, which you can access there under "Cookie Declaration". CookieHub automatically analyzes which cookies are set on the site. The cookie declaration is then also automatically adjusted.

Legal basis and purpose of data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality and security of the website as well as a customer-friendly and effective design of the site visit, unless we ask you for your consent in accordance with Art. 6 para. 1 lit. a GDPR. For this purpose, we have integrated CookieHub, which makes it easier for users to give or manage consent for the individual categories of cookies we use. CookieHub blocks all categories of cookies that are not essential for the proper functioning of the website unless you give your consent to the use of additional tools. When accessing our website, users are shown a banner. By clicking on the "Allow all cookies" button, you can either allow all cookies or decide individually via the "Cookie declarations" button (by activating the individual selection sliders and clicking on the final "Save settings" button) for which cookies and/or cookie-based applications you give your consent, or reject all non-essential cookies by clicking on the "Reject all" button.

The purpose of using technically necessary cookies is to simplify the use of websites for users and is therefore necessary to provide the service in accordance with Section 25 (2) No. 2 TDDDG. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. 

Otherwise, the purpose of the cookies we use in the categories User Preferences, Analytical Cookies, Marketing Cookies) depends on the services used and is clarified in the following sections of the Privacy Notice.

The legal basis for the data processed using our cookie management tool is Art. 6 para. 1 lit. c GDPR with regard to user consent data, otherwise Art. 6 para. 1 lit. f GDPR and Section 25 para. 2 no. 2 TDDDG. As a website operator, we have a legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and the legally compliant design of our website.

Duration of storage / possibility of objection and removal

For details on the storage period of our cookies, please refer to the information from CookieHub under the heading "Cookie declaration". 

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. 

If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

Alternatively, you can also use the functionalities of the cookie consent tool we have integrated. 

III Statistical analysis of the website / increase in reach 

1. google analytics

Description of data processing

We use functions of the web analysis service Google Analytics for our online services. The provider in Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google"), a subsidiary of Google LLC Amphitheatre Parkway, Mountain View, CA 94043, USA. 

Google Analytics also uses cookies. The information generated by a Google cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Google processes the data and we receive reports about your user behavior. These may include, but are not limited to, the following reports:

  • Target group reports: Through target group reports, we get to know our users better and know more precisely who is interested in our service.
  • Behavior reports: Here we learn how you interact with our website. We can track which route you take on our site and which links you click on.
  • Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are currently reading this text.

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a "returning" user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles.

Identifiers such as cookies are used to measure your interactions on our website. Interactions are all types of actions that you perform on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics may be linked to third-party cookies. Google does not pass on any Google Analytics data unless we as the website operator authorize this. Exceptions may be made if required by law. The cookies used by Google Analytics can be found in the detailed information of our cookie management tool CookieHub, which you can access there under "Cookie statements".

Our website uses Google Analytics exclusively with the extension "anonymizeIp()". Your IP address is therefore not stored in full and is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. The visitor to the website cannot be identified. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The following is an overview of the most important data collected by Google Analytics:

  • Heatmaps: Google creates so-called heatmaps. Heatmaps allow you to see exactly those areas that you click on. This gives us information about where you are "on the move" on our site.
  • Session duration: Google defines session duration as the time you spend on our site without leaving. If you have been inactive for 20 minutes, the session ends automatically.
  • Bounce rate: A bounce rate is when you only view one page on our website and then leave our website again.
  • Account creation: When you create an account on our website or place an order, Google Analytics collects this data.
  • Location: The IP address can be used to determine the country and your approximate location. This process is also called IP location determination.
  • Technical information: Technical information may include your browser type, Internet service provider, or screen resolution.
  • Source of origin: Google Analytics and we are naturally also interested in which website or which advertisement brought you to our site.

The list is not exhaustive and serves only as a general guide to data storage by Google Analytics. For more information about the processing of data by Google, please read Google's privacy policy: https://policies.google.com/privacy?hl=de 

Legal basis and purpose of data processing

We use Google Analytics to evaluate the use of our website and services, to compile reports on the activities on our website and services and to provide us with other services related to the use of our website and services and internet usage. We also use Google Analytics to analyze data from AdWords and the double-click cookie for statistical purposes. Since we as website and service operators have a great interest in this analysis of user behavior in order to optimize both our website and our offers and advertising placed there, we ask you to give your consent to the use of Google Analytics and the storage of Google Analytics cookies on the basis of § 25 para. 2 TDDDG.

The information generated by the cookie about your use of our website or our services is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Nevertheless, in exceptional cases the full IP address may be transmitted to a Google server in the USA and shortened there. By consenting to the activation of the cookies used by Google Analytics, you also consent to your data being processed in the USA in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR, unless the data transfer is secured on the basis of EU standard contractual clauses. The USA is regarded by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse. If you click on the "Reject all" button or make a limited selection without cookies from Google, the described transmission to Google will not take place. You can revoke your consent at any time with effect for the future.

Google will use this information for the purpose of evaluating your use of the website or services, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google also states that it may transfer this information to third parties on its own responsibility if this is required by law or if third parties process this data on behalf of Google. Google has contractually guaranteed that it will never associate your IP address with other Google data. In order to safeguard this and the data processing carried out for us, we have concluded a contract with Google for the processing of data on our behalf. 

Duration of storage / possibility of objection and removal

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

By installing the browser add-on to deactivate Google Analytics(http://tools.google.com/dlpage/gaoptout?hl=de), you can object to the use of your data and collection by Google Analytics. By doing so, you inform Google Analytics that no information about the website visit should be transmitted to Google Analytics. 

Furthermore, you can install an opt-out cookie on your device via this link https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable, especially for browsers on mobile devices, to prevent the future collection of data by Google Analytics on our website. Please note that if you delete the cookies on your device, you must also reinstall the opt-out cookie.

Alternatively, you can also set your cookie preferences via the Cookie Consent Tool Cookie Hub integrated by us.

2. google tag manager

Description of data processing

Google Tag Manager is a solution provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google"), which allows marketers to manage so-called website tags via an interface. The Google Tag Manager itself (which implements the tags) is a domain without cookies and does not collect any personal data. The Google Tag Manager helps with the integration and ensures the triggering of other tags, code snippets, tracking code and conversion pixels on a website, which in turn may collect data. Google Tag Manager does not access this data. Google Tag Manager offers us an easy-to-use user interface that does not require any in-depth programming knowledge or modifications to the website's source code. 

We only use Google Tag Manager to display Google Ads (formally Google AdWords) for the purposes of our search engine marketing activities.

For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html.

3. Google Ads (formally Google AdWords) & Google Ads conversion tracking

Description of data processing

We use Google Ads, a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, offered in Europe by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, to integrate advertisements within our online offering and to draw attention to our attractive offers with the help of advertising material on external websites. 

This allows us to determine how successful individual advertising measures are. These advertising materials are delivered by Google via so-called "AdServers". Google AdWords uses cookies for this purpose (see the general explanations above). By setting the cookie, it is possible to analyze the use of our websites. Each time one of the individual pages of the website operated by us and on which a Google Ads component has been integrated is accessed, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Ads component to transmit data to Google for the purpose of online advertising and billing of commissions. As part of this technical process, Google obtains knowledge of personal data, again the IP address of the data subject, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements. The following information is usually stored as analysis values for the cookie used: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognize your web browser. If you do not agree to the storage of cookies on your computer, please follow the general instructions on this or at the end of this explanation.

In addition, Google Ads uses so-called web beacons (invisible graphics). Through these web beacons, information such as visitor traffic on the pages of this offer can be evaluated. 

The information generated by cookies and web beacons about the use of our website, including your IP address and the delivery of advertising formats are transmitted to a Google server in the USA and stored there. This information may be passed on by Google to contractual partners of Google (see https://support.google.com/admanage r/answer/94149?visit_id=637060482444635472-69980806&rd=1). In detail, we have no influence on the data collected by Google, nor are we aware of the full extent of the data collection and the storage period. However, to the best of our knowledge, Google will not merge your IP address with other data stored by you. However, if you are logged into a Google account, your data can be directly assigned. If you do not wish this assignment to your Google profile, please log out before using our online offer.

Further information on data protection at Google Ads can be found at https://policies.google.com/privacy?hl=de,and https://policies.google.com/technologies/ads?hl=de

Legal basis and purpose of data processing

The storage of Google Ads cookies and web beacons is based on Art. 6 para. 1 lit. a DSGVO. Furthermore, we use Google Ads on the basis of our legitimate interest according to Art. 6 para. 1 lit.f DSGVO. As a website operator, we have a legitimate interest in analyzing the reach of our offer, as well as in placing relevant and interesting ads, improving campaign performance reports and achieving a fair calculation of advertising costs.

We have also concluded an order data processing agreement with Google.

Possibility of objection and removal

You can prevent the installation of cookies from Google Ads in various ways: a) by setting your browser software accordingly, in particular by suppressing third-party cookies so that you do not receive any ads from third-party providers; b) by deactivating interest-based ads on Google via the link www.google.de/ads/preferences, whereby this setting will be deleted if you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies; d) by permanently deactivating them in your Firefox, Internet Explorer or Google Chrome browsers under the link www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent.

Alternatively, you can also set your cookie preferences using the cookie management tool CookieHub that we have integrated.

IV. further information on procedures, plugins and tools used to design the website

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

V. Links to websites of other providers

Our Internet presence may contain links to other websites. We have no influence on the content and design of the offers of other providers. The statements of this data protection notice therefore do not apply to external providers to whose offers or contents we merely link.

If you are forwarded to other pages via links from our pages, please inform yourself there about the respective handling of your data.

VI. online presences on social networks and platforms

Description of data processing

We maintain further online presences within social networks or industry networks (such as Facebook, Xing or LinkedIn) (hereinafter also referred to as "SN") and platforms (e.g. YouTube) and link to them from our website. Clicking on the respective buttons (recognizable by the respective logos of the social networks or platforms) will take you to the respective online presence of the SN. The purpose of these online presences is to communicate with the customers, interested parties and users active there and to inform them about our services. 

When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply. 

Since the use of SN takes place outside our website or our services, we have no influence on this, unless otherwise stated below. However, we would like to point out that when using the above-mentioned platforms and networks to which we link, data may also be processed in the USA by these SN companies and may also be processed by the respective operators for market research and advertising purposes, including the creation of user profiles. If you are logged in to the respective networks and platforms, they may also store cookies on your device that track your use of our platform or services and other information about your usage behavior. 

Unless otherwise stated in our privacy policy, we only process users' data if they communicate with us within the social networks and platforms, e.g. write comments or send us messages. 

In order to make it easier for you to obtain information about the respective data processing and the objection options of the respective operators, we refer below to the data protection declarations and information of the operators of the respective networks.

Legal basis and purpose of data processing

We only process your personal data in the context of direct contact with us via the respective SN or interaction with our presence there or its content. Unless otherwise stated in our privacy policy, we process users' data on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR for the effective information of users and communication only if they communicate with us within the social networks and platforms (e.g. when users write posts on our online presences or send us messages). If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR. 

Insofar as personal data is processed in connection with our appearance on an SN beyond this and the respective SN alone decides on the purposes and means of the processing, the respective SN is otherwise the sole controller of the processing. Please carefully check which personal data you communicate with us via a SN appearance. If you would like to avoid that SN processes personal data you provide to us, please contact us by other means.

Duration of storage / possibility of objection and removal

If you are a member of one of the SNs on which we maintain online presences and do not want the SN to collect data about you via our offer and link it to your data at the SN, you must log out of your SN before visiting our offer. For a detailed description of the respective processing, information on the duration of the storage of data by the respective SN and the opt-out options, we refer to the following linked information from the providers. 

In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Facebook

We maintain a Facebook company page ("Fan Page") on the SN of Facebook Ireland Ltd, 4 Grand CanalSquare, Grand Canal Harbour, Dublin 2, Ireland). 

Facebook Ireland is jointly responsible alongside us for the collection of data from visitors to our Fanpage, which is why we have entered into an agreement on the joint processing of personal data with Facebook within the meaning of Art.26 DSGVO, as well as additional data processing conditions:

  • "Controller Addendum": https://www.facebook.com/legal/controller_addendum
  • "Data Processing Terms":https://www.facebook.com/legal/terms/dataprocessing/update

We are responsible for providing data subjects with at least the above and following information on shared responsibility with Facebook. The information required by Article 13 (1) a) and b) DSGVO from Facebook can be found in the data policy of Facebook Ireland at https://www.facebook.com/about/privacy.

Facebook Inc., Menlo Park, California, USA (hereinafter: Facebook Inc.) also collects and uses so-called Page Insights for analysis purposes. Page Insights is a summary of data that allows both us and Facebook Inc. to gain information about how our users interact with our site. Page Insights may be based on personal data collected in connection with our users' visits or interactions on our site. For this purpose, we have concluded a Controller Addendum with Facebook ("Controller Addendum", see above), which regulates in particular which security measures Facebook takes in the context of Page Insights and how Facebook responds to user requests. The purposes for which the collection and transmission of personal data, which constitute joint processing, are carried out are set out in detail in the above Controller Addendum.

Data collected in the course of visiting our "Fan Page" otherwise includes information about the types of content users view or interact with, or the actions they take (see under "Things You and Others Do and Provide" in the Facebook Data Policy: https://www.facebook.com/policy),as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data described in detail under "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy)).

However, we share responsibility for Page Insights by maintaining the Facebook company page and have agreed with Facebook Ireland that Facebook Ireland is responsible for fulfilling data subjects' rights under Articles 15-20 of the GDPR with respect to personal data stored by Facebook Ireland after joint processing. Therefore, we have a reporting obligation to Facebook when we receive privacy-related requests for Page Insights. Please note that we forward requests regarding page insights to Facebook Ireland. Otherwise, please refer to the discussion of data subject rights available to you under section A. For more information about how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and how data subjects can exercise their rights against Facebook Ireland, please see Facebook Ireland's Data Policy athttps://www.facebook.com/about/privacy

The evaluation of the data collected via Page Insights is used to improve our website and for advertising purposes. We maintain our Facebook fan page for the purpose of communication and simple channeling of contact requests from Facebook users. The collection of this data and its further processing is in our legitimate interest and in the legitimate interest of Facebook Inc. in accordance with Art. 6 para. 1 lit.f GDPR.

We would like to point out that we cannot switch the page insights technology on and off. We must therefore forward corresponding requests to Facebook Ireland for the most part, insofar as we have not collected data ourselves. If you do not want Facebook Inc. to collect your data, we ask that you do not use our Facebook company page and/or set your browser to prevent cookies from being set and/or log out of Facebook while using our page. 

Privacy Policy:

https://www.facebook.com/about/privacy/, https://www.facebook.com/legal/terms/information_about_page_insights_data

Possibility of objection:

https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

LinkedIn

LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA, operated in Europe by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. LinkedIn is an Internet-based social network that enables users to connect with existing business contacts and make new business contacts. Over 400 million registered people use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

With each individual call-up of our website that is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn. Further information on LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical procedure, LinkedIn receives knowledge of which specific subpage of our website is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged into LinkedIn at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.

LinkedIn offers the option to unsubscribe from email messages, SMS messages and targeted ads and to manage ad settings at https://www.linkedin.com/psettings/guest-controlsdie. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. The applicable data protection provisions of LinkedIn may be retrieved under https://www.linkedin.com/legal/privacy-policy LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

Privacy Policy https://www.linkedin.com/legal/privacy-policy

Possibility of objection:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out , 

XING

The operating company of Xing is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany("XING").

Xing is an Internet-based social network that enables users to connect with existing business contacts and make new business contacts. Individual users can create a personal profile for themselves on Xing. Companies can, for example, create company profiles or publish job offers on Xing.

Each time one of the individual pages of this website is accessed, which is operated by the controller and on which a Xing component (Xing plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information about the Xing plug-ins may be accessed under https://dev.xing.com/plugins. As part of this technical process, Xing receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Xing at the same time, Xing recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the data subject. If the data subject activates one of the Xing buttons integrated on our website, for example the "Share" button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.

Xing always receives information via the Xing component that the data subject has visited our website if the data subject is logged into Xing at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing, he or she can prevent the transmission by logging out of his or her Xing account before accessing our website.

The data protection provisions published by Xing, which can be accessed at https://www.xing.com/privacy, provide information on the collection, processing and use of personal data by Xing. Furthermore, Xing has published data protection information for the XING Share button at https://www.xing.com/app/share?op=data_protection.

Privacy Policy / Opt-out:

https://privacy.xing.com/de/datenschutzerklaerung 

VII Active use of our website

1. contact form and e-mail contact

Description of data processing

A contact form is available on our website, which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. 

  • Company/municipality (mandatory)
  • First name (mandatory)
  • Last name (mandatory)
  • E-mail (mandatory)
  • Telephone (optional)
  • Message (optional)

At the time of sending your message via one of our contact forms, the following data is also stored:

  • the IP address of the user
  • Date and time of registration

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored. 

Legal basis and purpose of data processing

The legal basis for the processing of data transmitted in the course of sending a contact form request or an e-mail is Art. 6 para. 1lit. f DSGVO. If the contact form request or the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit.b DSGVO .

The processing of the personal data from the input mask serves us solely to process the contact. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.

User information may also be stored in our customer relationship management system (CRM software) or comparable inquiry organization on the basis of our Legitimate Interests.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage / possibility of objection and removal

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified and no legal requirements necessitate longer storage.

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case, unless a longer storage is required by law.

C. Data processing in connection with the use of MHP parking spaces

1. use of the MHP Online Shop

Description of data processing

Via our MHP online store (hereinafter referred to as "online store"), you have the option of booking and paying for the parking services described there in more detail for parking areas managed by us on the basis of the applicable General Terms and Conditions. For example, you can pay your parking fees online.

We use cookies to make our online store more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The language and region of the user are stored in the cookies. 

Cookies also enable an analysis of surfing behavior in the online store. In this way, the following data can be transmitted: search terms entered, frequency of page views, use of website functions. 

In order to book the parking services or pay for your use of the parking space, you must enter the license plate number of your vehicle on the input screen provided for this purpose, select the desired parking space and/or a file number or reference if applicable. We require the license plate number and the other details in order to be able to allocate the parking fee owed to the respective parking process or parking service.

The data processed as part of the booking process includes license plate data, the amount to be paid, as well as other communication, contract and payment data of our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating our online store, billing, delivery and customer service. As part of the booking process, we process the individual details shown on the respective input forms, such as name, company, address, e-mail, telephone. Binding information is generally marked with the suffix * or the designation "optional" and includes the information necessary for the provision and billing of the ordered service, as well as contact information in order to be able to consult with you or to inform you of important information regarding the order (e.g. mandatory legal information, postponements, etc.). 

We process and use the data collected here to enable you to select and book our parking services and pay for them. We also process the data to process and - if necessary - send the booking you have made. Further details on the legal and organizational framework conditions can be found in the respective underlying General Terms and Conditions. Details of the payment service providers we use can be found in the following No. 2 of this Section C.

For our online store, we use the e-commerce solution of Shopify International Limited, Victoria Buildings, 2nd Floor 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, an affiliated company of Shopify Inc. 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5 (companies of the Shopify Group hereinafter jointly referred to as "Shopify"). Shopify is the provider and operator of the e-commerce platform of the same name. All data collected via the online store is processed for these purposes on Shopify servers.

In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments or Shopify (USA) Inc. in individual cases as part of further processing on behalf of Shopify.

We pass on the data collected via our online store to Shopify insofar as this is necessary for Shopify to provide its services in connection with the store system. In addition, Shopify directly processes the data that our customers provide when shopping or paying in order to process the orders and offer our customers a user-friendly shopping experience in the store. In detail, Shopify collects or receives name, e-mail address, delivery and billing address, payment data, company name, telephone number, IP address, information about outgoing orders, information about the merchant stores supported by Shopify that you visit, as well as information about the device and browser used.

The data entered in our store system can also be forwarded to Shopify servers or other service providers that Shopify integrates for its services, particularly in the USA, and processed there. Further information can be found in Shopify's privacy policy at https://www.shopify.de/legal/datenschutz. 

Legal basis and purpose of data processing

The legal basis for the processing of data collected in the course of a booking is Art. 6 para. 1 lit. b GDPR due to the intended conclusion of a contract, otherwise Art. 6 para. 1 lit. f GDPR to detect and combat harmful behavior and to detect and prevent other negative experiences, to maintain the integrity of the online store and to promote protection and security. Both we and other users of our services have an interest in preventing, detecting or investigating illegal activities, fraud or security breaches. The above information is also required to provide the service in accordance with Section 25 (2) No. 2 TDDDG.

The processing of the personal data from the input mask serves us to process the respective booking and to provide the respective parking service. 

Data entered in the online store may also be processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR) if we ask you for such consent. You can withdraw your consent at any time. The legality of the data processing that has already taken place remains unaffected by the revocation. Please note that as a result of your revocation, we may not be able to provide the booking process in full and the booking made may no longer be possible.

We use Shopify on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in order to be able to sell our products online quickly, easily and securely, as well as to simplify the use of the store and make your visit more attractive. With the help of Shopify, we learn how our website is used and can thus constantly optimize our offer and better tailor it to your needs and interests. Cookies from Shopify that are not technically necessary for this purpose are processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG. If cookies are not accepted, the functionality of the online store may be restricted.

Duration of storage / possibility of objection and removal

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the booking process, this is the case after the conclusion of a contract for our parking services at the earliest when the respective parking service has been fully provided. As a rule, however, we retain contract-related data until the expiry of the statutory warranty obligations. In the event of a statutory archiving obligation, the data concerned will be deleted after expiry of the period.

2. use of payment providers in order processing ("payment services")

Description of data processing

If there is an obligation to provide us with your payment data (e.g. account number for direct debit authorization) after the conclusion of a fee-based contract for parking services, this data is required for payment processing.

For modern, uncomplicated and secure payment processing, we offer our customers various payment options for which we use banks and credit institutions as well as other paymentserviceproviders (hereinafter jointly referred to as "payment service providers").

Payment transactions via common means of payment (e.g. Visa/MasterCard) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

If you have opted for the payment services of a specific payment service provider as a payment option, the payment service provider will provide its services on the basis of a contract concluded between you and the payment service provider on the basis of the payment service provider's applicable terms and conditions of business and use. The data processing carried out by these providers is their responsibility and we have no influence on this. Accordingly, we must refer to the respective payment service provider in the event of the assertion of data subject rights in this context. The payment service provider may ask you for additional consent, e.g. to carry out an identity or credit check. The personal data processed by payment service providers generally includes first and last name, address, date of birth, gender, email address, IP address, telephone number as well as the data required to process the payment in connection with the order, such as the number of items, item number, invoice amount and taxes as a percentage, or the bank data required to carry out the transaction, such as account numbers or credit card numbers, passwords, TANs and checksums as well as the contract, total and recipient-related details. 

The payment service provider processes this data for the purpose of offering the respective payment method and any necessary identity and/or credit checks, payment administration and fraud prevention.

Legal basis and purpose of data processing

Your data is transmitted to the payment service providers we use on the basis of Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract) for the processing of data collected in the course of an order and on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) unless we ask you for your consent in accordance with Art. 6 para. 1 lit. a GDPR. 

You have the option to revoke your consent to data processing by payment providers at any time with effect for the future. A revocation does not affect the effectiveness of data processing operations in the past.

Stripe

We use Stripe, an online payment service provided by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland ("Stripe") for the online processing of payments for chargeable services that we provide. 

If you have chosen Stripe as your payment method, the information provided during the ordering process will be passed on to Stripe along with the information about your order and, depending on the payment method, necessary information (name, address, e-mail address, customer number, order number, bank institution, account number, bank code, credit card number if applicable, credit card expiry date, credit card verification number (CVC), invoice amount, currency and transaction number, date and time of the transaction, location, name of the provider). The data will only be passed on for the purpose of payment processing with Stripe and only to the extent that it is necessary for this purpose. We cannot process a payment via Stripe without the transmission of your personal data. 

Stripe assumes a dual role as controller and (sub)processor for data processing activities. As the controller, Stripe uses your transmitted data on the basis of Stripe's applicable terms and conditions of business and use to implement the contractual relationship between you and Stripe regarding payment processing and to fulfill regulatory obligations. We have no influence on this process. Stripe's privacy policy with further information can be found at: https://stripe.com/de/privacy 

Stripe acts as a processor in order to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with the data protection regulations within the meaning of Art. 28 GDPR. 

Store Pay (also "Shopify Payments")

We integrate Shop Pay, a payment service of the payment service provider Shopify Payments, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2, on our online store. 

If you opt for a payment method offered via the payment service provider Shopify Payments, payment processing is carried out via the online payment service of the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland ("Stripe"). 

When you sign up for Shopify Pay as a customer, Shopify stores and uses this information on its own responsibility to pre-populate checkout information for the Shopify Pay payment process based on the Shopify Pay Terms of Service(https://www.shopify.de/legal/terms-payments-de). Shopify says it uses this information to customize and improve a merchant's store experience by presenting additional goods and services that are likely to be of interest to the customer. For all transactions via Shopify Pay, Shopify acts as an intermediary to process the payment transaction. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the payment method stored with Shopify Pay. If you have therefore opted for a payment method offered via Shopify Pay, the information provided during the ordering process will be passed on to Stripe, along with the information about your order and the information required depending on the payment method (name, address, e-mail address, customer number, order number, bank, account number, bank code, credit card number if applicable, credit card expiry date, credit card verification number (CVC), invoice amount, currency and transaction number, date and time of the transaction, location, name of the provider). The data will only be passed on for the purpose of payment processing with Stripe and only to the extent that it is necessary for this purpose. We cannot process a payment via Stripe without the transmission of your personal data. 

Stripe assumes a dual role as controller and (sub)processor for data processing activities. As a controller, Stripe uses your submitted data to fulfill regulatory obligations. 

Further details on data protection at Shopify Pay can be found at: https://www.shopify.de/legal/datenschutz and https://pay.shopify.com/tos-privacy-policy#privacy-policy.

secuPay

We offer cashless payment methods from secupay AG (Goethestr. 6, 01896 Pulsnitz; "secupay") in our online store. Secupay is a payment institution within the meaning of the Payment Services Supervision Act (ZAG) and is registered with the Federal Financial Supervisory Authority (Graurheindorfer Str. 108, 53117 Bonn; "BaFin") (registration number: 126737) and enables cashless payment of products and services on the Internet. secupay is assigned the purchase price claim to secupay when secupay is used as a payment method. This enables online store operators to deliver goods, services or downloads to the customer immediately after the order has been placed. If "direct debit", "purchase on account" or "credit card" is selected as the payment option via secupay during an order process, your data is automatically transmitted to secupay. During payment processing via secupay, the payment method data is transmitted to secupay. secupay then carries out a technical check of the risk of non-payment. We are then automatically informed of the transaction result. The personal data exchanged with secupay is first name, surname, address, email address, IP address, telephone number or other data required for payment processing. 

The personal data exchanged between secupay and us may be transmitted by secupay to credit agencies. The purpose of this transfer is to check identity and creditworthiness. secupay may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill contractual obligations or if the data is to be processed on our behalf. This data processing is carried out under secupay's own responsibility. We have no influence over this. You have the option of revoking any consent given to secupay for the handling of personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted by us for (contractual) payment processing. The applicable data protection provisions of secupay may be retrieved under https://www.secupay.com/de/datenschutz.

3. use of parking spaces managed by MH Parkservice

Description of data processing

The following data is automatically recorded when the parking spaces are used: License plate number including the front or rear of the vehicle, entry/exit time, date and location stamp, amount and payment method of the parking fee. 

Before parking lot users leave the parking area, they must enter their license plate number at the pay station if they do not have a permanent parking permit. If the license plate number entered is found in our database, the parking fee is calculated and paid by the parking space user. Details on data processing for payments via our online store can be found in section C, no. 1 and 2 and the applicable terms of use.

In the event of violations of the General Terms and Conditions of Use, all personal data of the vehicle owner and the driver of the vehicle relevant for the legal prosecution of the violation, in particular the recovery of a forfeited contractual penalty and/or the assertion of ownership and property protection rights ("tracking") will also be processed.

If you receive a letter of demand as the owner of the vehicle that caused a parking violation, your license plate number was previously transmitted by us to the Federal Motor Transport Authority. If you are not the owner of the vehicle, your data was provided to us by the vehicle owner or another third party (e.g. vehicle rental or leasing company) who confirmed to us that you were the driver of the vehicle at the time of the parking violation. If you no longer live at the address registered with the Federal Motor Transport Authority, we have received your data from the person currently registered at this address, a credit agency or a debt collection agency.

Legal basis and purpose of data processing / data recipients

The processing of the collected data is necessary to safeguard the legitimate interests of the parties in the operation of the parking area and the associated administrative activities customary in the industry (Art. 6 para. 1 lit. f GDPR) as well as for the contractual processing of the services to be provided in accordance with the General Terms and Conditions of Use (e.g. determination and billing of the parking fee for deposited parking authorizations, reconciliation of payments via app or online portal).e.g. determination and billing of the parking fee, comparison with deposited parking authorizations, comparison with payments via app, comparison with payment via online portal, determination of compliance with the maximum permitted parking duration or free parking duration or grace period) (Art. 6 para. 1 lit. b GDPR).

Owner-related data (in particular name and address) is requested from the Federal Motor Transport Authority or foreign information offices by forwarding the license plate number ("owner query"). Driver data may be requested via the identified vehicle owner, vehicle rental or leasing companies and also passed on to third parties for the aforementioned purposes (e.g. lawyers, debt collection agencies). Data is processed by MHP GmbH and its contractors (Peter Park System GmbH (operation of parking technology and software) and Amazon Webservices EMEA SARL (data storage)) for the technical operation of the parking technology and software and for tracking violations of the General Terms and Conditions of Use. The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as the processing is carried out for the execution of the contract, otherwise Art. 6 para. 1 lit. f GDPR to pursue the legitimate interests in safeguarding the ownership and property rights of MHP GmbH and third parties and their legitimate interest in ensuring the proper operation of the parking areas and to speed up vehicle handling in the parking area.

Duration of storage / obligation to provide / possibility of objection and removal

The personal data collected by us will be deleted after all existing claims arising from and in connection with the use of the parking area have been settled and all statutory retention and limitation periods have expired. If there is no violation of the General Terms and Conditions of Use of the parking area and the user leaves the parking area within the waiting period applicable from the time of entry, the user's data will be automatically deleted 48 hours after leaving the parking area, provided that there are no statutory retention obligations to the contrary.

The provision of your data when using the parking spaces managed by us is contractually stipulated in the respective General Terms and Conditions of Use or is mandatory for the conclusion of the contract. Without the provision of your data, it would not be possible to perform the underlying contractual obligation and the parking management services. However, we do not use your data in the context of automated decision-making, including profiling. As the collection of data and its further processing is mandatory, users therefore have no option to object. As the license plate is recorded when entering the parking area, it is generally possible to turn around early to avoid data collection, provided that the structural conditions permit this.

4. activation of parking authorizations

Description of data processing

For some of the parking areas managed by us, parking authorizations can be applied for via terminals (e.g. in retail stores or institutions located there), e.g. for designated parking spaces for certain groups of authorized persons (e.g. employees, visitors or customers) and/or free parking times, in accordance with the conditions applicable on site for the respective parking area.

For this purpose, the data provided in the respective input mask of the terminal must be entered. It is always necessary to enter the license plate number. It may be necessary to enter further information to determine membership of an authorization group, such as employee identification numbers. This information can be transmitted to our clients or their customers to clarify the authorization or can be compared with data provided by them.

Legal basis and purpose of data processing / data recipients

Insofar as a comparison with other data is required to validate the authorization or the processing of additional data provided in the form is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. The legality of the data processing that has already taken place remains unaffected by the revocation. Please note that as a result of your revocation, we may not be able to provide the booking process in full and the booking made may no longer be possible.

The legal basis for the processing of data collected in the course of a booking is otherwise Art. 6 para. 1 lit. b GDPR due to the intended conclusion of a contract, otherwise Art. 6 para. 1 lit. f GDPR for the purpose of effective processing of parking authorizations and to support the provision of the respective parking service. 

Duration of storage / obligation to provide / possibility of objection and removal

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen, this is the case after the conclusion of a contract for our parking services at the earliest when the respective parking service has been provided in full. As a rule, however, we retain contract-related data until the expiry of the statutory warranty obligations. In the event of a statutory archiving obligation, the data concerned will be deleted after expiry of the period.

5. use of the MH Parkservice PCN portal 

Description of data processing

We offer users of parking lots managed by us the opportunity to submit support requests to us via our portal (queries, objections to payment requests or clarification of other concerns), to view information on parking violations including images of receipts and payment options, or to access other customer-specific information. 

The portal can be accessed via our website using a QR code provided to users (e.g. as part of a payment request). After authentication, you can access the PCN portal. The following personal data is provided by the user as part of the authentication process:

  • File number
  • License plate

For technical reasons, a limited amount of data (so-called connection data) is collected each time the portal is accessed. This data is technically necessary to establish and maintain a connection between the user's device and our servers. Furthermore, this data is required to maintain the session after a login and to prevent unauthorized access to this session. As part of each registration process and the use of the customer portal or the portal, we or the hosting service provider we use store the IP address and the time of the respective user action (timestamp), Internet service provider, web browser and operating system used or the respective version information, language settings, referrer URL and the name of the website accessed. 

After logging in to the PCN portal, a cookie is set which is required to maintain the session and to protect the session. To use the portal, you must allow this cookie in your web browser.

If a solution to a problem reported via the PCN portal or an answer to a question is only possible with the involvement of other partners or service providers, we will pass on the information associated with the query/incident to them.

Legal basis and purpose of data processing

The legal basis for the processing of data that is processed in the course of using the PCN portal as well as inquiries made via it or downloads used is Art. 6 para. 1 lit. b GDPR within the framework of the execution of the existing contract with the user regarding the use of the parking lot. In addition, Art. 6 para. 1 lit. f GDPR is relevant, as the processing of personal data in connection with our portal serves to enable an effective way of contacting and communicating with our respective support teams, as well as the administration, processing and resolution of incoming requests, and the secure connection between the user's end devices and our servers.

Duration of storage / possibility of objection and removal

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the registration, this is usually the case when the respective usage process is completed. 

All personal data stored by the user in the course of contacting us will be deleted at the latest if no legal requirements necessitate longer storage (e.g. statutory warranty periods in connection with support requests).

D. Contractual relationships with business customers and business partners

I. Am I obliged to provide data?

If you contact us with questions about our services, enter into contractual negotiations with us, accept one of our offers or other contractual agreements exist with us, we process the personal data you provide in this context. Which data is processed in detail depends largely on the relevant objects of purchase or the services that you obtain from us or that you request. The processing of your data in this context is usually mandatory for the preparation, conclusion and execution of the contract. If you do not provide us with this data, this may result in us having to refuse the conclusion of a contract or the execution of the order, or we would no longer be able to perform an existing contract. 

Insofar as we use data in the context of contract initiation or fulfillment with a business customer, business or cooperation partner, our interest in handling your data lies in enabling and maintaining the exchange with the business customer or the respective business or cooperation partner, typically in the context of a contractual or other relationship. If you act as a contact person - typically in your function as an employee at these companies - you generally have no overriding conflicting interest, insofar as this interaction with us is part of your area of responsibility, so that a right of objection is regularly ruled out.

However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the performance of the contract or that is not required by law.

II CRM system ("HubSpot")

Description of data processing

We use functionalities of the customer relations management (CRM) system HubSpot. HubSpot is a software solution of HubSpot Inc. 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, which is offered in Europe by HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among others: Email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.

We use HubSpot to control and implement inbound marketing in connection with various functionalities of our online presences. The stored information is saved on HubSpot servers. The processed data can be used by us to obtain detailed insights into the way our online presences are used and how they are used, to contact visitors to our website, and to determine which of our company's services are of interest to them. 

HubSpot uses so-called "web beacons" (invisible graphics or code) and cookies that are embedded in websites or emails and stored on users' end devices. The IP address, geographical location, type of browser, duration of the visit and the pages accessed are recorded.

Furthermore, HubSpot collects the data entered by the user when the user (a) subscribes to our newsletter or fills out one of our contact forms.

For more information about HubSpot's privacy practices, please visit https://legal.hubspot.com/de/privacy-policy.

Legal basis and purpose of data processing

The storage of HubSpot cookies and web beacons is based on Art. 6 para. 1 lit.a DSGVO. We also use the information collected via HubSpot on the basis of our legitimate interests in optimizing our marketing and analyzing the use of our online presences as well as their continuous optimization and user-friendly design and to be able to inform our users in a more targeted manner (Art. 6 para. 1 lit.f DSGVO).

Possibility of objection and removal

The user can prevent the storage of cookies by deactivating the storage of cookies in his or her browser settings. If the user would like the further personal data to be deleted, he or she can exercise his or her right of objection and removal as described in the General Information under A. 

Alternatively, you can also set your cookie preferences using the cookie management tool CookieHub that we have integrated.

III Communication

In principle, we collect the necessary data from you ourselves in personal contact. However, you can of course also contact us by telephone, fax, mail or alternatively via our provided e-mail address (see imprint) or e-mail addresses of our employees made known to you. In the latter case, the personal data transmitted with the e-mail will be stored. Please note that communication by e-mail is not encrypted for technical reasons.

Your data will be used for the processing of the conversation and the follow-up of the respective request or meeting content. The processing of your data is based on Art. 6 para. 1 lit.b DSGVO, insofar as the communication is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. 

In all other cases, the processing is based on our legitimate interests (Art. 6 para. 1 lit.f DSGVO) in the effective processing of requests addressed to us. 

In this context, the data will not be passed on to third parties, unless it is necessary for the pursuit of our claims or legitimate interests (Art. 6 para. 1 lit.f DSGVO) or there is a legal obligation to do so (Art. 6 para. 1 lit.c DSGVO). 

IV. Data processing in the context of sales

The processing of personal data takes place on the basis of Art. 6 para. 1 lit. b GDPR for the provision of the service with which you commission us, in particular for the execution of our contracts or pre-contractual measures, as well as all activities required for the operation and administration of MH Parkservice

The resulting purposes of data processing are primarily based on the specific activities and individual services agreed with you and may include, among other things, consulting activities or activities in the context of managing sales processes (e.g. compiling documents, sending MH Parkservice product or event information, provision of services by MH Parkservice) or the accompaniment of sales negotiations and contract conclusions.

Further details on the scope, purpose of data processing and recipients of your data can be found in the respective contract documents and associated terms and conditions.

As far as necessary in the context of our operational processes, we process your data in connection with our services beyond the actual fulfillment of the contract in order to protect our legitimate interests (Art. 6 para. 1 lit.f DSGVO). 

We may be subject to specific legal obligations in connection with the offering or provision of our services, such as requirements under tax legislation. The purposes of processing your data may therefore include, among others, the fulfillment of tax control and reporting obligations, customs or export regulations, and the assessment and management of risks. The data processing necessary for this is based on Art. 6 (1) lit. c DSGVO. 

V. Newsletter

Description of data processing

We would like to inform our business customers and interested parties at regular intervals with promotional messages about our services and other products, services, webinars, innovations or news at MH Parkservice by e-mail or other electronic notifications (hereinafter referred to as "newsletter"). We need your e-mail address for this purpose. In the respective newsletter registration forms, further information may be requested in order to send you personalized content tailored to your interests. 

You can subscribe to our newsletters by using the corresponding function of a registration form to subscribe to our newsletter or during a registration process by ticking a box (so-called opt-in). For this purpose, we provide various options for registering for our (possibly topic-specific) newsletters on our websites or in the context of registration or order interfaces. The details of the respective contents of the newsletters are specifically described in the respective registration form. This description is decisive for your consent. 

Following your registration, we will send you an e-mail asking you to confirm your newsletter subscription again (so-called double opt-in procedure). This confirmation is necessary to rule out the possibility that someone else has misused your e-mail address to subscribe to our newsletter under a different address. Your e-mail address will only be activated for sending the newsletter once the hyperlink in the e-mail has been activated.

We use the MailChimp service of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter referred to as "MailChimp") to manage registrations and send emails in connection with our newsletter, which enables us to automate the registration process and the email dispatch required for this in a simple and user-friendly manner. As MailChimp's IT system is located in the USA, the registration data from the input forms is transferred to the USA and processed there. To ensure appropriate handling of the data transmitted by us, we have concluded an agreement with MailChimp on order processing in accordance with Art. 28 GDPR, including the EU standard contractual clauses on data transfer to third countries. Further information on the handling of personal data by MailChimp can be found at: https://mailchimp.com/legal/privacy/.

In addition to your e-mail address and name, the IP address and the registration date ("timestamp") are stored for verification purposes.

Legal basis and purpose of data processing / data recipients

The legal basis for sending newsletters is the consent given by you as the recipient in accordance with (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR in conjunction with. § Section 7 para. 2 no. 3 UWG ("Act against Unfair Competition"), or, if consent is not required for existing customers in accordance with Section 7 para. 3 UWG, on the basis of our legitimate interest in direct marketing measures in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG. § Section 7 (3) UWG. 

The logging in the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in a secure and targeted newsletter system that meets both our business sales interests and the ideas and needs of the recipients, as well as in the verifiability of the consents given. 

Duration of storage / possibility of objection and removal

You can object to the sending of the newsletter at any time or revoke your consent to receive the newsletter in whole or in part. You will find an unsubscribe link at the end of each newsletter. You can also contact us directly using the contact details provided at the beginning of this document.

Unsubscribing from the newsletter does not affect business communication. If this is necessary for the purpose of processing the contract, your data will remain stored by us. Furthermore, we reserve the right to store the necessary evidence to prove that the newsletter has been sent in accordance with the law until the statutory limitation periods have expired.

VI Transmission of data 

Depending on the scope of the service, your data or documents may be passed on to public bodies or private service providers or persons with whom we regularly work (see Part A Section V), both in the inquiry or offer phase and in the contract execution phase. 

E. Other

Due to the further development of our website, our services or our other offers as well as due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access the current data protection declaration at any time on our website and print it out if required.