Data protection information relating to the Applications of Management Services Helwig Schmitt GmbH

We, the Management Helwig Schmitt GmbH, Garnisonstr. 12, 34369 Hofgeismar/Germany, Tel.: +49 5671 50 85 - 0, would like to set out below which of your data we process from you within our applications including, without limitation, MIS Sales, MIS After-Sales, OptiNet, MIScubes, MISelements, mobileMIS (collectively „MIS“) and how we do this. Should you have any questions relating to data protection, our data protection officer would be happy to respond at

Purpose, legal basis, categories of recipients, storage duration of the data processing

The purpose of data processing is the provision and operation of MIS, combined with the possibility for users to contact contact persons at Management Services Helwig Schmitt GmbH in a targeted manner. Further purposes of data processing are user support and ensuring system security.
Usually the MIS is provided to you via your employer. In this case, the processing of employee data for authentication or management of authorizations takes place within the scope of commissioned processing pursuant to Art. 28 GDPR.

Furthermore, we are processing personal data based on following legal bases:

In the context of the provision of services for special sectors we use service providers that have been separately bound to maintain confidentiality and protect data. Data disclosure to authorities requires the existence of overriding statutory provisions. A transmission of data to third countries cannot be completely excluded when using mobileMIS with activated crash reports and event metrics.

Visiting MIS, a connection is established with your browser. The below mentioned information is stored in temporary system files and recorded automatically: IP address of your device, date and time of access, name and URL of accessed files, website from which the access is initiated or from which you are directed to our site (referrer-URL), the browser used, and, if applicable, the operating system of your device as well as the name of your provider.

The data mentioned are processed by us for the purpose of smooth connection and for system security. The data will be automatically deleted, the duration of data retention is generally 180 days max. If MIS is used improperly, log files, needed to be retained for evidence purposes, shall be saved until the incident is clarified.

Use of cookies

Our applications use "cookies", which are text files placed on your computer, to help the application analyze how users use the site. The information generated by the cookie about your use of the application is used to evaluate your visit to the application and to improve the information we provide.

If cookies that are not necessary for the operation of the application are used, we ask for your consent in advance; the legal basis for data processing is Art. 6 para. 1 lit. a DSGVO (consent).

If the use of cookies is necessary for the functionality of the application, we use cookies on the basis of our legitimate interests. The legal basis for data processing is then Art. 6 para. 1 lit. f DSGVO (legitimate interests). The cookies will be deleted after one day at the latest. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of the application. The data collection is anonymized; the collected data cannot be related to you.

Customer account

As user of MIS we process your data (name, e-mail address, contact details, authentification and authorization information). Legal basis is Art. 6 paragraph 1 lit. b GDPR. The data are processed by us within this application as part of a processing order according to Art. 28 GDPR. The data will only be passed on to third parties if necessary for the purpose of the contract and according to instructions. In addition, we evaluate this technical data anonymously and for statistical purposes only in order to be able to continuously optimize our services and create even more attractive offers. The data will be deleted according to the instructions of the controller. The data is stored in the user account for as long as the customer account exists.

Customer satisfaction surveys

For the optimization of our application, we conduct customer satisfaction surveys within the application. The legal basis for the data processing is our legitimate interest according to Art. 6 (1) lit. f GDPR in conjunction with Recital 47 sentence 7 GDPR. Your participation is voluntary. You can object to the data processing at any time after participation with effect for the future. To do so, send us an e-mail to The processed data (User ID, frequency of participation) will then be deleted.

Additional Privacy information for users of mobileMIS

The purpose of data processing is to provide, maintain and service mobileMIS. With mobileMIS, you can use the functions of MIS Sales on your smartphone. In doing so, mobileMIS requires access

- to your data connection in order to communicate with the MIS server,
- to your data storage to save mobileMIS,
- to the password storage functions on your smartphone, if enabled.

To be able to use mobileMIS, you need access to MIS Sales. Should you uninstall mobileMIS, your MIS Sales account will not be deleted.

Crash reports and event metrics within mobileMIS

In order to continuously improve the availability, integrity and resilience of mobileMIS, we use the "Microsoft Diagnostics" and "Microsoft Analytics" services provided by the Visual Studio App Center of Microsoft Ireland Operations Ltd., The Atrium Building, Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18, Ireland. Microsoft Diagnostics generates an automated error report when the app crashes, if any. Microsoft Analytics helps us understand how the app is being used. More information about the data processed can be found here:

For the use of both functions your consent is required according to Art. 6 para. 1 lit. a, 7 DSGVO. You can fully use mobileMIS without enabling Microsoft Analytics and Microsoft Diagnostics. You can object to the use of your data at any time with effect for the future. To do so, deselect the selection in the "Usage analysis/ Crash reports" area in the settings. Any further usage data that accrues will then no longer be included in the reporting; the existing data is only recorded statistically and can no longer be related to you personally.

We have concluded a data processing agreement with Microsoft Ireland Ltd. Access by the parent company Microsoft Corporation, Redmond, WA 98052-6399, USA cannot be completely ruled out. Therefore, you consent at the same time according to Art. 49 para. 1 p. 1 lit. a DSGVO that your data is processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, possibly also without any legal remedy.

Your right to information, rectification, deletion, object and data portability

You may avail yourself of your right to information, rectification and deletion of data at any time. Simply contact us using one of the methods described above. Should you require data to be deleted, which we are still legally obligated to retain, access to your data will be restricted (blocked). The same applies to an appeal. You may avail yourself of your right to data portability if the recipient and ourselves have the technical means.

Right of appeal

You have the option at any time to lodge an appeal with a data protection supervisory authority. Below please find the contact information of the competent authority in Hesse:

Der Hessische Datenschutzbeauftragte
Address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden
PO Box 31 63, 65021 Wiesbaden
Telephone: +49 611 1408 - 0
Telefax: +49 611 1408 - 900

Data security / encryption

This website uses “Hypertext Transfer Protocol Secure” (https). The connection between your browser or app and our server is encrypted.

Currency of and changes to this privacy statement

We reserve the right to change the content of this privacy statement at any time. This is usually done if the services used are subject to further development or adaptation.

Date of this statement: 24.01.2022