1. general information on the processing of personal data

1.1 Person responsible

The responsible party pursuant to Art. 4 (7) of the EU General Data Protection Regulation (DSGVO) is:

Maximator Hydrogen GmbH
Petriblick 2
99734 Nordhausen
Phone: +49 3631 65100-0

1. 2 Data protection officer

You can reach our data protection officer at:

Gesellschaft für Personaldienstleistungen mbH
Pestalozzistrasse 27
34119 Kassel
Phone: +49 561 78968-93
Fax: +49 561 78968-610

2. information on the collection of personal data

With the following information, we inform you transparently about the type and scope of the processing of personal data in the context of visiting our website, using our online training portal and in the relationship with our business partners. The legal basis for our data protection is in particular the requirements of the General Data Protection Regulation ("GDPR") and the supplementary regulations of the Federal Data Protection Act ("BDSG-Neu").


2.1 Purposes and legal bases

In such cases where we obtain your consent for processing operations of personal data, Art. 6 (1) lit. a DSGVO serves as the legal basis.

In the case of processing of personal data that is necessary for the performance of a contract concluded between you and us, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

In the event that processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO is the legal basis.

In the event that the processing of personal data is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not override the first-mentioned interest, Art. 6 (1) lit. f DSGVO is the legal basis for the processing.


2.2 Disclosure of personal data

If, in the course of our processing, we transfer your personal data to other entities or disclose it to them, this will only be done on the basis of one of the aforementioned legal grounds. Recipients of this data may include, for example, payment service providers in the context of contract performance. In such cases where we are required to do so by law or by court order, we must disclose your data to bodies entitled to receive such information.

If external service providers support us in processing your data (e.g. data analysis, newsletter dispatch, etc.), this is done as part of commissioned processing pursuant to Art. 28 DSGVO. In this context, we only conclude corresponding contracts with service providers that offer sufficient guarantees that appropriate technical and organizational measures ensure the protection of your data.

2.3 Data transfer to third countries

A data transfer to third countries does not take place.

2.4 Storage of data

As soon as the respective purpose for storage ceases to apply, we will delete or block your personal data. Furthermore, your personal data will only be stored if special legal retention periods (in particular commercial and tax retention obligations) at national or European level prevent deletion.

3. definitions

Our data protection notices are based on terminology used in the GDPR and defined there. To ensure that our data protection notice is easy to read and understand, we would like to explain the most important terms in advance.

Personal data  

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Person in charge

"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.


"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the addition of further information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.


"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.


"Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.

Third Party

"Third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.


"Consent" means any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or other unambiguous affirmative act by which the data subject signifies that he or she consents to the processing of personal data relating to him or her.


"Profiling" means any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

4. data subject rights

The processing of personal data gives you, as a data subject, rights that you can exercise against us at any time. These are:
- Right to revoke a declaration of consent under data protection law in accordance with Art. 7 (3) GDPR,
- Right to information about your personal data stored by us in accordance with Art.15 GDPR,
- Right to correct incorrect data or to complete incomplete data in accordance with Art. 16 of the GDPR,
- Right to have your data stored by us deleted in accordance with Art. 17 GDPR,
- Right to restrict the processing of your data in accordance with Art. 18 GDPR,
- Right to data portability pursuant to Art. 20 GDPR,
- Right of objection pursuant to Art. 21 GDPR,
- automated decisions in individual cases including profiling pursuant to Art. 22 GDPR.

Right to information

You have the right to find out from us whether and - if so - which personal data we process from you, as well as to request copies of your personal data from us. Please note that your right to information may be restricted under certain circumstances in accordance with the law.

Right to rectification

If the information concerning you is not (or is no longer) accurate, you have the right to request that we correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data without undue delay.

Right to deletion

In accordance with legal requirements, you have the right to demand that data relating to you be deleted without delay, e.g. if the data is no longer required for the purposes pursued and the legal storage and archiving regulations do not prevent deletion.

Right to restriction of processing

Within the framework of the requirements of Art. 18 DSGVO, you have the right to request a restriction of the processing of the data concerning you, e.g. if you have objected to the processing, for the duration of the examination as to whether the objection can be upheld.

Right to data portability

You have the right to have data that you have provided to us handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Right to revoke a declaration of consent under data protection law

If the processing of your personal data is based on a consent given to us, you have the right to revoke this consent at any time. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Right to object to processing

Under the conditions of Art. 21 (1) DSGVO, you may object to data processing based on Art. 6 (1) lit. e or f DSGVO for reasons arising from your particular situation. This also applies to profiling based on these provisions. If you exercise your right to object, we will no longer process your personal data concerned, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Article 21 (2) of the GDPR; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing.


Right of complaint to the data protection authority

In accordance with Art. 77 DSGVO, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not carried out lawfully.

The address of the supervisory authority responsible for our company is:

The Thuringian Data Protection Commissioner
P.O. Box 90 04 55
99107 Erfurt or Häßlerstraße 8
99096 Erfurt
Telephone: 03 61/57 311 29 00

Automatic decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you.


5. online offers

In the following, we inform you when and in what context data is processed when you use our online offers.

5.1 Collection of personal data when visiting our website

In the case of merely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):

- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status / HTTP status code
- amount of data transferred in each case
- Website from which the request comes
- browser
- Operating system and its interface

This data is temporarily stored in the log files of our system for a maximum of 2 days. Storage beyond this period is possible, but in this case the IP addresses are partially deleted or alienated, so that an assignment of the calling client is no longer possible.

5.2 Use of cookies

In addition to the previously mentioned data, cookies are stored on your terminal device when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.

This website uses the following types of cookies, the scope and functionality of which are explained here:
Transient cookies
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies
Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

We only use so-called "first-party cookies" on our website. These are generated only by us as the website operator and are necessary for the full functionality and presentation of our offer on the website. We use these cookies for legitimate interest according to Art. 6 para. 1 lit. f DSGVO to ensure our online offer.

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that this may prevent you from using all functions of this website.

5.3 SSL or TLS encryption

Our website uses TLS encryption (formerly SSL) for security and to protect the transmission of confidential content. Orders or contact requests that you send to us are thus made via transport encryption. Depending on the browser type, you can recognize this either by the lock symbol and / or the https protocol in the address line.

5.4 Contact us

Contact form

When you contact us via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. The processing of the data entered in the contact form is thus based on your consent (Art. 6 para. 1 lit. a DSGVO). If your contact request is related to the performance of a contract or the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO. We delete the data accruing in this context after storage is no longer necessary or restrict processing if there are legal retention obligations. You can revoke this consent at any time. For this purpose, an informal communication by e-mail to is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Inquiry by e-mail, telephone, fax

When you contact us by e-mail, telephone or fax, the personal data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to process your request. We do not pass on this data without your consent.

Data processing is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, we process your data on the basis of your consent pursuant to Art. 6 (1) a DSGVO and / or on the basis of our legitimate interests (Art. 6 (1) f DSGVO). Our legitimate interest lies in particular in the effective processing of your request.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

5.5 Online video conferencing tools

Microsoft Teams

We use the tool "Microsoft Teams" to conduct telephone and video conferences, online meetings, as well as video consulting (hereinafter: "Online Meetings"). Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
If you access the Microsoft Teams website (, Microsoft is responsible for data processing. The call of this website is necessary for the download of the necessary software, if a use should not or can not take place directly and without a download via an internet browser.

Data categories

When using Microsoft Teams, different types of data are processed. The total volume of data processing also depends on the information provided by the user before, during and after an "online meeting".
The following personal data may in principle be the subject of processing:

User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department (optional).

Meeting metadata: Topic, description (optional), date, time, duration, attendee IP addresses, device/hardware information.

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an "online meeting". The text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. In order to enable the display of video and the playback of audio, data is processed to a microphone and a possible video camera of the end device during the meeting. The data transmission from the camera and microphone can be switched off or muted at any time and by any user independently via the Microsoft Teams applications.
In order to participate in an "online meeting" or to enter the "meeting room", at least your name is required.

Storage of the data

There will be no recording of "online meetings". If we want to record "online meetings", we will notify you in advance and obtain consent. The fact of recording will also be displayed to you in the Microsoft Teams app. The content of chats will be logged by Microsoft when you use Microsoft Teams. If it is necessary for the purposes of logging the results of an online meeting, chat content may also be logged by us. Automated decision-making within the meaning of Art. 22 DSGVO is not used.

Legal basis for data processing

Insofar as personal data is processed by GfP employees, § 26 BDSG is the legal basis for data processing. If, in connection with the use of Microsoft Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of Microsoft Teams, Art. 6 (1) lit. f DSGVO is the legal basis for data processing. In these cases, our interest is in the effective implementation of "online meetings". Otherwise, the legal basis for data processing when conducting "online meetings" is Art. 6 (1) lit. b DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

Recipients / passing on of data

Personal data processed in connection with participation in "online meetings" will not be passed on to third parties as a matter of principle, unless they are specifically intended to be passed on. Apart from this, data will only be passed on to third parties if we are legally obliged to do so (e.g. by court order), or if the persons concerned have expressly consented to their data being passed on. The Microsoft Teams provider that supports us in conducting "online meetings" necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with Microsoft. 

Microsoft is obligated to comply with the legal requirements of the applicable data protection law via the order processing concluded with Microsoft teams, on the basis of EU standard contractual clauses.  A currently valid version can be viewed at the following link:

Data processing outside the European Union

In principle, there is no data processing outside the European Union (EU), as we have limited our storage location to data centers in the European Union. However, we cannot technically completely rule out routing or storage on servers outside the European Union at the processor Microsoft.

A secure level of data protection is ensured by concluding supplemented EU standard data protection clauses as well as technical-organizational measures. For example, the data is encrypted during transport over the Internet and thus generally protected against unauthorized access by third parties. Furthermore, in a statement dated July 20, 2020, with regard to personal data stored by Microsoft in the U.S. and Europe that may be subject to government requests for information from authorities in the U.S., Microsoft guarantees that such orders will be challenged in court that would allow access to personal data.

Further information on data protection at Microsoft Teams
For more information about Microsoft's privacy practices, visit (section "Online Services for Business"), and visit:

6. data protection information for customers, interested parties, partners

The following information shows you how we handle your data when you contact us, when contractual negotiations take place with us and/or when contractual agreements exist with us.

6.1 Processing purposes and legal basis

Your personal data is processed for the purpose of contract management of the care contracts concluded between us and our customers as well as for information purposes to those interested in our service. The legal basis for this is Art. 6 (1) lit. b DSGVO.
Your personal data will also be collected or processed for the purpose of issuing a SEPA mandate. The legal basis for this is your consent according to Art. 6 para. 1 lit. a DSGVO.

6.2 Data category and data origin

We process the following categories of data: Salutation, name (first and last name), department, function in the company, address, e-mail address, telephone numbers, fax numbers, contract data, bank data (account holder, IBAN, BIC, name and registered office of the credit institution). The data from the aforementioned data categories were provided to us directly by the customers and interested parties.

6.3 Recipients

We do not pass on your personal data to third parties. Exceptions to this are our service partners, if this is necessary for the fulfillment of the contract, such as parcel and mail delivery companies, tax advisors, financial authorities, as well as our specialists for occupational medicine and safety experts as required.

6.4 Duration of storage

The data stored about you will be deleted after the contract has been fulfilled, provided that there are no further legal obligations to retain the data. These include, for example, data required by commercial and financial law. In accordance with legal regulations, these will be deleted after ten years, unless longer retention periods are prescribed or required for legitimate reasons. If you revoke your consent to the use of your data, it will be deleted immediately, unless the above reasons indicate otherwise.

6.5 Right of objection

You have the right to object to the processing.

You can object to the use of your data at any time. Please send your objection to Maximator Hydrogen GmbH, Petriblick 2, 99734 Nordhausen, Germany, +49 3631 65100-0

6.6 Provision of the data

The provision of personal data is contractually required or necessary for the conclusion of a contract. Failure to provide the required personal data would result in our not being able to enter into a business relationship with you.