Data protection information

Data protection information

- Information pursuant to Article 12 et seq. of the General Data Protection Regulation (GDPR) -

In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled according to the data protection regulations, in particular the European Data Protection Regulation (GDPR).

Personal data in the sense of the GDPR are all data that can be personally related to you, e.g. name, address, e-mail addresses, date of birth etc.

We use the data protection terms used in our data protection information according to the GDPR. This includes terms such as personal data, processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, undertaking, supervisory authority and international organisation. For these terms, you can find corresponding definitions in Art. 4 GDPR.

Notice regarding the transmission of third party data by yourself:

If you transfer personal data about your spouse, life partner, relatives or other third parties, please inform them about the processing of their personal data by us and refer to this data protection information. If necessary, the consent of these persons to the data transfer is required.

1. Who is responsible for data processing and whom can I contact?


Am Burgberg 20
58642 Iserlohn

Please direct any enquiries regarding data protection to us as follows:

mip Consult GmbH
Rechtsanwalt Dietrich Felgner
Wilhelm-Kabus-Str. 9
10829 Berlin

2. For what purposes do we process your data and on what legal basis?

We process personal data that we receive from you as part of your use of our website and, if applicable, our business relationship.

In the case of solely informative use of the website, i.e if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website solely for information purposes, we collect the following access data, which are technically necessary for us to display our website to you and to ensure its stability and security. This access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, browser type as well as language and version of the browser software, notification of successful retrieval.

Furthermore, we receive your personal data if you contact us, via contact form or e-mail. Personal data here are e.g. name, address, e-mail, telephone number, employer company and, if applicable, the data you send us as a message (hereinafter referred to as "contact data"). We process personal data for the following purposes and on the following legal basis:  

Purposes Legal basis
We process your personal data in order to contact you and establishing a contractual relationship.
For the establishment of the business contract, we process the following data in particular:
  • General personal data: name, first name, e-mail, telephone number,
  • Further data: foto, current occupation, employer, disposable.
For the fulfilment of pre-contractual and contractual obligations, art. 6 para. 1b GDPR
Where necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties. This included in particular the following data processing:
  • Assertion of legal claims and defence in legal disputes
  • to prevent fraud and other criminal offences
For legitimate interests, art. 6 para. 1f GDPR
In addition, we are subject to legal obligations. These include, in particular, the fulfilment of storage, control and reporting obligations under tax law. Due to legal requirements, Art. 6 para. 1c GDPR, or in the public interest, art. 6 para. 1 e GDPR
If you have given us your consent to process personal data for certain purposes (e.g. storing your data for future offers, passing on data to third parties, sending newsletters), this processing is lawful on the basis of your consent.
Consent given can be revoked at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
Based on your consent, art. 6 para. 1a GDPR

3. Who can access my data?

Within our company, only those departments will have access to your data that need it to fulfil our contractual and legal obligations.

Processors used by us (Art. 28 GDPR) may also receive data for these purposes. These are companies in the categories of IT services for the maintenance of our hardware and software, logistics or printing services and letter shops. If we use processors to provide our services, we take appropriate legal precautions and technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal requirements.

Data is only transferred to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, e.g. on the basis of Art. 6 para. 1 b) GDPR for contractual purposes or based on legitimate interests pursuant to Art. 6 para. 1 f) GDPR in an economic and effective operation of our business or if you have consented to the data transfer. Under these conditions, recipients of personal data can be in particular:

  • Scheu Holding GmbH (corporate company);
  • CA-Digital GmbH (corporate company);
  • SMILE-Dental-Handelsgesellschaft mbH (corporate company).


4. How long will my data be stored?

For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.

As far as necessary, we process and store your personal data for the duration of our business relationship. Photo-data regarding the post-card-event IDS Messe 2023 will be stored until 31.03.2023 and will be deleted without undue delay afterwards.

In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years. For example, we must retain the contract containing your personal data for at least 10 years - calculated from the end of the business relationship.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.

5. Is data transferred to a third country or to an international organisation?

A data transfer to third countries (countries outside the European Union or the European Economic Union) does not take place.

6. What data protection rights do I have?

Each data subject shall have

  • the right to access their data according to Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
  • the right to rectification in accordance with Art. 16 GDPR (i.e. in the event that your personal data is inaccurate or incomplete, you may request that it be rectified),
  • the right to erasure according to Art. 17 GDPR and the right to restriction of processing according to Art. 18 GDPR (i.e. you may have the right to request the erasure or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require the continued storage),
  • the right to data portability from Art. 20 GDPR (i.e. you may have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller without hindrance).

Furthermore, you can withdraw your consent, in principle with effect for the future.

In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at

In addition, we would like to point out your right of objection according to Art 21 GDPR:

Information about your right to object according to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) of the GDPR (data processing in the public interest) and Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) of the GDPR which we use for questionnaire evaluation or advertising purposes. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. The objection can be made form-free and no transmission costs other than those according to the base rates will be incurred. The objection should be sent to the contact details provided above.

7. To what extent is there automated decision making including profiling in individual cases?

For the establishment and implementation of the business relationship, we do not use fully automated automatic decision-making pursuant to Article 22 GDPR. We also do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

8. Is there an obligation for me to provide data?

On our website, you must provide the personal data necessary for using our Website for technical or IT security reasons. You cannot use our website unless you provide the above-mentioned data.

When contacting us via form or by e-mail, you only need to provide the personal data required to process your request. Otherwise we will be unable to process your request.

Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, execution and termination of the business contract or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the business contract or will no longer be able to execute an existing agreement and may have to terminate it. If a statement can be made voluntarily, we have marked this statement accordingly in the respective survey form.

9. Where do we get your data from and what categories of data are involved?

We process personal data that we receive from you in the course of our business relationship.

10. Cookies

We use cookies on our Internet pages. Cookies are small text files, usually consisting of letters and numbers, which are stored on the user's computer when visiting certain Internet pages.

By default, we only use necessary cookies. Necessary cookies enable the core functionalities of our website. The website cannot be displayed properly without these cookies or individual areas may not function properly. Necessary cookies can only be prevented by making the appropriate settings in your browser (the browser's help page will tell you how to set cookie handling).


to top