Privacy Policy

We are pleased that you are visiting our internal website and that you are interested in our company and our products. The protection of your personal data is very important to us. Hellma GmbH & Co. KG (hereinafter "Hellma", "we" or "us") attaches place great emphasis on assuring the security of the data of its users and compliance with data protection regulations.


The terms used in this data protection are to be understood as being legally defined in Art. 4 GDPR.

Principles of collection and processing of personal data

You can use our internet pages without any indication of personal data. However, if you wish to use the special services of our company through our website, it can be necessary to process your personal data. If the processing of personal data is required and there is no legal basis for such processing, we seek the consent of the data subject.

Automated data processing

You can visit our website without actively providing information about yourself. However, we automatically save access data (server log files) with every visit to the website. For example, the name of your Internet Service Provider, the operating system you are using, the website from which you are visiting us, the date and duration of the visit, or the name of the requested file. For security reasons such as to detect attacks on our website, we also save the IP address of the visiting computer for a period of 7 days. This data is assessed exclusively for the purpose of improving our services and we are not able to draw any personal references from it. The data will not be merged with any other sources. The legal basis for processing the data is Art. 6 para. 1 lit. f) GDPR. We process and use the data for the following purposes:

1. Providing of the website of Hellma,

2. Improvement of our website and

3. Prevention and detection of errors/malfunctions as well as misuse of the website. This type of processing is either carried out to fulfill the contract of the website of Hellma or because we have a legitimate interest in ensuring the functionality and correct operation of the website of Hellma and in adopting this site to users' needs.

Cookie-based services

In order to make the visit of our website attractive and to enable the use of certain functions, we use so-called cookies on our websites. The use of cookies serves our legitimate interest in making your visit to our website as pleasant as possible and based on Art. 6 para. 1 lit. f) GDPR. Cookies are a standard Internet technology used to store and retrieve login and other usage information for all users of the Hellma website. Cookies are small text files that are stored on your device. They enable us amongst other things to save user settings so that our web pages can be displayed in a format tailored to your device. Some of the cookies we use are deleted after the end of the browser session, hence after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliate to recognize your browser on your next visit (so-called persistent cookies).

You can set your browser so that you can be informed about the setting of cookies and individually decide on their assumptions or exclude the acceptance of cookies for specific cases or in general. Furthermore, the cookies can be deleted afterwards to remove data which the website has stored on your computer. Disabling cookies may cause some limitations on the functionality of Hellma's website.

Deactivation or Deletion of Cookies (Opt-Out)

Web browsers provide ways to restrict and delete cookies. Further information can be found on the following websites:

Google Analytics

To make the visit of our website attractive and to facilitate the use of certain features for you, we use cookie-based Google programs. Using these Google programs is our legitimate interest according to Art. 6 para. 1 lit. f)  GDPR, in order to make the visit to our website clear, uncomplicated and as pleasant as possible for you.

Google's privacy information can be found at

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (following Google). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookies about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activities for website operators and to perform additional services related to website activity and internet usage. Google will also transfer this information to third parties if required by law or if third parties process this data on behalf of Google.

Google reCAPTCHA

In order to ensure personal data security when submitting forms, we use the service of „Google reCAPTCHA“ on our websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google").

ReCAPTCHA is intended to examine whether a data entry on our website (e.g. in a contact form) is made by a person or an automated program. For this purpose, reCAPTCHA recognizes the behavior of the websites user with different identification features. The analysis will start automatically as soon as the user enters the website. For the analysis, reCAPTCHA evaluates various informations (e.g. IP address, time spent on the website or the mouse movements made on the website). The data gathered by the analysis is automatically forwarded to Google. The reCAPTCHA analysis runs fully in the background. The Analysis is not pointed out to the websites users.

The data processing is happening according to Art. 6 (1) lit. f DSGVO. The provider of the website has a legitimate interest in protecting its website from automatic spying and spam. For this, the different data protection regulations of Google Inc. apply.

Further information on the data protection guidelines of Google Inc. can be found at here.

Prevent storage of cookies

You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case, you may not be able to use all functions of this website to the full extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes mentioned above.

Opposition to the data collection:

On the following pages, you will find opt-out solutions for Google Analytics if you do not want Google to receive data from your browser when you visit the pages:

This plug-in prevents the browser from requesting the Analytics code, so Google will not receive any data when the page is accessed. The plug-in is only available for Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari, and Opera. According to Google, the browser blocks the Google Analytics script after installation. For more information about Terms of Use and Privacy, please visit or

IP Anonymization

We point out that on this website Google Analytics has been extended by the code "gat.anonymizeIp", in order to ensure an anonymous collection of IP addresses (so-called IP-Masking). As a result, your IP address will be abbreviated by Google within member states of the European Union or other contracting states party to the Agreement on the European Economic Area prior to transmission to the United States.

Social Media

We use various social media platforms (e.g. fan pages) to provide information about Hellma and to get in touch with you. We point out that we have no influence on the processing of your personal data on these platforms and only the respective operator of the platform has full knowledge of the content of the transmitted data and its use.

Generally, when you visit those platforms, cookies are stored in your browser.

You may be affected by this data collection even if you are not registered on the respective platform. It is beyond our knowledge whether your data will be transferred outside the European Economic Area.

The processing of personal data on the platforms through us is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest to portray Hellma externally in a variety of ways and to use communication tools with our customers as effectively as possible.

If you have given consent to the processing of your data pursuant to Art. 6 para. 1 lit. a) GDPR to the platform operator, this consent can also serve as a legal basis.

Please read the following privacy policies of the respective operators to learn more about their data processing procedures, opt-out options, as well as specific information on the respective platforms   and rights to access:

Google+ / YouTube                    

Specific information about YouTube accounts or channels: When you visit our YouTube site, YouTube processes your personal information. This information will be sent to us through YouTube as part of the YouTube STUDIO usage. This anonymized data is statistical information about our channel subscribers.

In addition, YouTube will provide us with the username of your "Google+" profile when you interact with us or our site, for example, like or comment on videos or subscribe to our channel.


Specific information about the LinkedIn company pages: When you visit our LinkedIn company page, LinkedIn processes your personal information. This information is transmitted to us through LinkedIn as part of LinkedIn Analytics. These anonymized data are statistical data of our subscribers.

In addition, LinkedIn will tell us your profile name when you interact with us or our site, such as liking or commenting on our posts or following our pages.


Specific information about the Xing company profile: When you visit our Xing company profile, Xing processes your personal information.

In addition, Xing will tell us your profile name when you interact with us or our site, such as liking or commenting on our posts or following our profile.

Contact form/ Requests

On our website, it is possible to send inquiries or feedback to the respective Hellma company mentioned in the contact form via a contact form. Here, your data from the contact form (content of your inquiry/feedback, subject of your inquiry/feedback and date) including the contact details you provided (name, company, phone number and email address) will be stored by the respective Hellma company for the purpose of processing the query or dealing with follow-up questions. The legal basis for collecting and processing of this data is Art. 6 para. 1 lit. a) GDPR. Your data stated in the contact form remain with the respective Hellma company to which your request has been directed until you request them or us to delete it, withdraw your consent so save this data or the purpose for data storage will be terminated (e.g. after completion of your request). Mandatory legal provisions - in particular, retention periods - remain unaffected. You can submit your revocation to the e-mail address of the respective company named in the contact form or to

Email contact

If you send us inquiries or information by email, your data (email address, content of your email, subject of your email and date/time) including your contact details (name, surname, where required the phone number, address) is stored for the purpose of processing the request and in case of follow-up questions. We will not share this information without your consent. The legal basis for collecting and processing of this data is Art. 6 para. 1 lit. a) GDPR.

The user is advised that emails can be read or changed, unauthorized and unnoticed, in the transmission path. Hellma uses software for filtering unwanted emails (spam filters). The spam filter can reject emails if they have been identified as spam by certain features.

The data you provide will remain with us until you ask us to delete it, revoke your consent to storage or delete the data storage purpose (for example, after your request has been processed).

Subscription to our newsletter

On our website, you have the opportunity to subscribe to the newsletter of our company. Thereby we inform our customers and business partners at regular intervals about offers of the company. For this, we need a valid email address from you. We use further data such as your first name and last name to send you personalized newsletters. All other data will be collected solely on a voluntary basis. For legal reasons, a confirmation e-mail will be sent to the entered e-mail address at first by the person concerned for the newsletter using the double-opt-in procedure. This data will only be used for sending the newsletter and will not be passed on to third parties. The legal basis for collecting and processing of this data is Art. 6 para. 1 lit a) GDPR.

In addition, when you register for the newsletter, we save the IP address provided by the internet service provider (ISP) as well as date and time of registration for the exclusive purpose of providing proof in the event of a third party misusing an e-mail address to register for the newsletter without the knowledge of the email account holder.

For analytical purposes, the e-mails sent with rapidmail contain tracking pixels, which connect to the servers of rapidmail when the e-mail is opened. This enables us to determine whether a newsletter message has been opened. Furthermore, we can determine whether and which links are clicked on in the newsletter message. All e-mail links are so-called tracking links, which can be used to count your clicks. 

The data stored by us as part of your consent for the purpose of the newsletter will be saved by us until you unsub-scribe from the newsletter and then deleted from both, our servers and the servers of rapidmail after you have can-celled the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

You may revoke your consent to the storage of your data and your e-mail address and its use for sending the newsletter at any time, for example via the ‘unsubscribe’ link in each newsletter. Alternatively, you can also send your unsubscribe request to by e-mail. The legality of the already completed data processing operations remains unaffected by the revocation. After a revocation, your personal data will be deleted from the servers as well as from the servers of rapidmail. A deregistration from the receipt of the newsletter is interpreted as an automatic revocation.


Description and purpose: we use rapidmail to send newsletters.
Recipient: rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany
Data Protection:


Description and purpose: we use DomainFactory to send e-mails from the TYPO3 system of the Hellma website (
Recipient: DomainFactory GmbH, Neuturmstrasse 5, 80331 München, Germany
Data Protection:

Online Conferences, Meetings and Webinars

We make use of the possibility to hold online conferences, meetings and webinars. For this purpose, we use the services of third-party providers, which we have carefully selected. When actively using such offers, data of the communication participants is processed and stored on the servers of the third-party providers used, insofar as it is data required for the communication pro-cess. Usage data and metadata may also be processed in the process.

Categories of persons concerned: participants of the respective online event (conference, meeting, webinar)

Categories of personal data: master data (e.g. name, address), contact data (e.g. email address, phone number), content data (e.g. text input, photographs, videos), meta and communication data (e.g. device information, IP addresses)

Processing purposes: processing of inquiries, increase of efficiency, promotion of cooperation between different companies and sites

Legal basis: contract initiation and execution (art. 6 para. 1 lit. b) DSGVO), consent (art. 6 para. 1 lit. a) DSGVO) Microsoft Teams

Recipient: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18D18 P521, Ireland

Data privacy:


Via our website and social media channels, visitors have the opportunity to register for events. The information we collect, and which is required for the initiation and fulfillment of the contract, is marked as mandatory. The provision of additional data is voluntary.

Categories of persons concerned: participants, interested people

Categories of personal data: master data (, address), contact data (e.g.     e-mail address, telephone number), transaction data (bank details, invoices, payment history), contract data (e.g. contractual object, term)

Processing purposes: contract initiation and execution

Legal basis: contract initiation and execution (Art. 6 Abs. 1 lit. b) DSGVO), consent (Art. 6 Abs. 1 lit. a) DSGVO)

Internal data transfer

We transfer your data internally to the administration, engineering, sales, and HR departments to meet our contractual or legal obligations. Your data will be transferred or disclosed only to the extent required for this purpose and in compliance with the relevant data protection regulations.

Transmission within the Hellma group

Hellma is a global company headquartered in Germany. The data which will be submitted to us will be stored in our centralized customer database in Germany and shared within the Hellma group for management purposes. The data will only be exchanged within the Hellma group to fulfill a contract or as a condition of use for the website. There may also be an interest in sharing this information for internal, administrative purposes. The processing of your data only takes place outside of the European Economic Area (EEA) if this is done in compliance with all applicable data protection laws and especially based on Art. 44 et seq. GDPR.

Transmission to other recipients

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual arrangements (e.g. details of the contractor). Sometimes it may be necessary for a contract to be concluded that an affected person provides us with personal data which must be processed by us in the sequence. For example, the data subject is required to provide us with personal data when our company concludes a contract with the affected person. A not-submittal of the personal data would mean that the contract with the affected person could not be closed.

If the processing of your data takes place outside of the EEA, this transmission takes place in compliance with all applicable data protection laws and especially based on Art. 44 et seq. GDPR instead.

Transmission to a third country

We transfer your data to countries outside the EEA (so-called third countries). This is done for the above-mentioned purposes (transmission throughout the group and transmission to other recipients). The transmission takes place only for the fulfillment of our contractual and legal obligations or on the basis of your consent. In addition, this transmission takes place in compliance with all applicable data protection laws and especially based on Art. 44 et seq. GDPR. In particular, either on the basis of issued adequacy decisions of the European Commission or on the basis of certain guarantees (e.g. standard data protection clauses, etc.).

Transmission to an international organization 

A transfer of data to an international organization does not take place.

Passing automated decision making including profiling

As a responsible company, we refrain from automatic decision-making or profiling.

Storage period

Generally, we store your data for as long as is necessary for the provision of our services or if this has been provided for by the European directives and regulations or any other legislator in laws or regulations which the controller is subject to. In all other cases, we will delete your personal data after completion of the purpose, except for any data we may need to retain in order to comply with legal obligations (e.g. we are required by tax and commercial retention requirements, to provide documents such as contracts and invoices for a certain period of time).

Technical security

Hellma uses technical and organizational security measures to protect your data managed by us from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

This site uses Secure Socket Layer (SSL) encryption in conjunction with the highest encryption level provided by your browser for security and to protect the transmission of sensitive content, such as your requests that you send to us as a site operator. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form can be recognized by the fact that the address line of the browser changes from "http: //" to "https: //" and to the lock symbol in your browser line. When SSL encryption is enabled, the data you submit to us cannot be read by others.

We would like to point out that data transmission over the Internet (e.g. in the case of communication via email) can have security gaps. A complete protection of data from access by third parties is not possible.

The legal basis of processing

Art. 6 para. 1 lit. a) GDPR serves as a legal basis for processing operations for which we have obtained consent for a specific processing purpose.

If the processing of personal data is necessary to fulfill a contract whereas the contracting party is the affected person, this case will be based on Art. 6 para. 1 lit. b) GDPR. For instance in the case of processing operations, whereas the supply of goods or the provision of any other service or consideration is necessary.

The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services.

If we are subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.

If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, the processing is based on Art. 6 para. 1 lit. d) GDPR.

Ultimately, processing operations can be based on Art. 6 para. 1 lit. f) GDPR. Processing operations are based on this legal basis if the processing is necessary to protect a legitimate interest of us or a third party, provided the interests, fundamental rights and fundamental freedom of the person concerned do not prevail.

Protection of minors

People under the age of 16 may not submit personal data to Hellma without the consent of their legal guardian.

Rights of the data subject

According to Art. 15 GDPR, you have the right to ask for a confirmation as to whether we process your data. You may request information about this data as well as the further information listed in Art. 15 para. 1 GDPR and a copy of your data.

According to Art. 16 GDPR you have the right to demand the correction or completion of the data concerning you and processed by us.

You have the right according to Art. 17 GDPR to demand the immediate deletion of your data. Alternatively, you may require us to restrict the processing of your data in accordance with Art. 18 GDPR.

In accordance with Art. 20 GDPR you have the right to demand the provision of the data provided to us by you and to request that you transfer it to another person in charge.

You have the right to complain to the supervisory authority responsible for you in accordance with Art. 77 GDPR.

Revocation of your consent to data processing

Some data processing operations are only possible with your express consent. You have the possibility to revoke an already given consent at any time. For this, send an informal message to by e-mail to us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

External Links

On our website, you will find links to the websites of other providers. We hereby point out that we have no influence on the content on the linked websites and the compliance with data protection regulations by their providers.

Changes to our privacy policy

We reserve the right to amend this Privacy Policy at any time in the event of changes to our website and in compliance with the applicable data protection regulations so that they comply with the legal requirements.

Contact details of the responsible party and the data protection officer

Responsible party:
Hellma GmbH & Co. KG, Klosterrunsstraße 5, 79379 Müllheim
Tel.: +49 (0) 7631 182 0

External data protection office:
Deutsche Datenschutzkanzlei – Stefan Fischerkeller
Tel.: +49 (0) 7542 949 21 00

Note: Your requests will be treated confidentially and forwarded directly to the Data Protection Officer.

This Privacy Policy is created by the Deutsche Datenschutzkanzlei – Office Bodensee.