General Privacy Policy - Data protection
I. General information
The protection of your personal data is important to us. We would therefore like to inform you in detail below about what data we collect from you in the context of ongoing business relationships on the one hand and when you visit our website and use our offers there on the other, and how we process or use this data in the following and what rights you are entitled to in this respect. Your personal data, such as your name, address, email address or telephone number, will only be processed by us on the basis of statutory data protection law, i.e. the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG-neu) and the German Telemedia Act (TMG). The scope of the data collected and processed by us differs depending on whether you only visit our website to retrieve information or also make use of services offered by us via our website or elsewhere.
II Definitions
Our privacy policy uses the terms of the EU General Data Protection Regulation (GDPR), which we would like to briefly explain for you for easier understanding. These and other definitions can be found in Art. 4 GDPR.
a) Personal data
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Persons concerned
"Data subject" means any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
"Restriction of processing" means the marking of stored personal data with the aim of restricting its future processing.
e) Pseudonymization
"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
f) Person responsible
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
g) Processor
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
h) Recipient
"Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
i) Third party
"third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
j) Consent
"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
III. Name and address of the controller responsible for the processing of personal data
The controller within the meaning of the General Data Protection Regulation is
emlen GmbH, represented by the management
Dudweiler Str. 71
66111 Saarbrücken
Germany
IV. Name and contact details of the data protection officer
The data protection officer of the controller is
Mr. Oliver Pikolleck
Lawyer and certified external
data protection officer (TÜV-cert.)
hiLevDATA GmbH & Co.KG
Contact:
pikolleck@hilevdata.de
Any data subject can contact our data protection officer directly at any time with any questions or suggestions relating to data protection.
V. General information on data processing
1. categories of personal data
We process the following categories of personal data:
-Inventory data (e.g. names, addresses, functions, organizational affiliation, etc.);
-contact details (e.g. e-mail, telephone/fax numbers, etc.);
-content data (e.g. text entries, image files, videos, etc.);
-usage data (e.g. access data);
-Meta/communication data (e.g. IP addresses).
2. recipients or categories of recipients of personal data/legal basis
If we disclose data to other persons and companies such as web hosts, processors or third parties as part of our processing, transfer it to them or otherwise grant them access to the data, this is done on the basis of legal permission (e.g. if the transfer of data to third parties is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), if the data subjects have given their consent or if a legal obligation provides for this.
3. duration of the storage of personal data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data will be deleted if it is no longer required to achieve the purpose, fulfill the contract or initiate a contract.
4. transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR, i.e. the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
VI. Data processing in the context of visiting our website
1. log files
Every time a data subject accesses our website, general data and information is stored in the log files of our system:
- Date and time of retrieval (timestamp);
- Request details and destination address (protocol version, HTTP method, referer, user agent string);
- Name of the retrieved file and amount of data transferred (requested URL incl. query string, size in bytes);
- message indicating whether the request was successful (HTTP status code).
When using this general data and information, we do not draw any conclusions about the data subject. There is no personal evaluation or evaluation of the data for marketing purposes or profiling. The IP address is not stored in this context.
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the secure operation of our website. Consequently, the data subject has no option to object.
2. malware detection and log data analysis
We collect log data that is generated during the operation of our company's communication technology and evaluate it automatically, insofar as this is necessary for the detection, limitation or elimination of malfunctions or errors in communication technology or the defense against attacks on our information technology or the detection and defense against malware.
The legal basis for the temporary storage and analysis of the data is Art. 6 para. 1 lit. f GDPR. The storage and analysis of the data is absolutely necessary for the provision of the website and for its secure operation. Consequently, the data subject has no option to object.
3. cookies
Cookies are used on our website. Cookies are small text files that are exchanged between the web browser and the hosting server. Cookies are stored on the user's computer and transmitted by it to our website. In the web browser you are using, you can restrict or prevent the use of cookies by selecting the appropriate settings. Cookies that have already been saved can be deleted at any time. If cookies are deactivated for our website, this may mean that the website cannot be displayed or used to its full extent.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR for cookies required for site operation and Art. 6 para. 1 lit. b GDPR for other cookies.
4. hosting
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating our website.
In doing so, we or our processor process inventory data, contact data, content data, contract data, usage data, meta and communication data of users of our website on the basis of our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a contract for order processing).
5. use of a registration function
Our website offers you the opportunity to register. The data you enter will only be collected and stored for the use of our website. It will not be passed on to third parties.
6. use of Google Analytics and Google Tag Manager
(1) This website uses Google Analytics, a web analysis service of Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are further processed in abbreviated form, so that they cannot be linked to individuals. If the data collected about you is personally identifiable, it will be excluded immediately and the personal data will be deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.
(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the privacy policy: http://www.google.de/intl/de/policies/privacy.
(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".
(8) Use of the Google Tag Manager application: Google Tag Manager is an application with which website tags can be managed via an interface. The Google Tag Manager application itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The application triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at cookie or domain level, this remains in place for all tracking tags that are implemented with Google Tag Manager. http://www.google.de/tagmanager/use-policy.html
The legal basis for the processing of personal data using Google Analytics and Google Tag Manager is Art. 6 para. 1 lit. a GDPR.
7. use from Matomo
(1) This website uses the web analysis service Matomo to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is Art. 6 para. 1 sentence 1 lit. a DS GDPR .
(2) Cookies are stored on your computer for this analysis. You can adjust the analysis by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent. You can prevent the storage of cookies by changing the settings in your browser.
(3) This website uses Matomo with the extension "AnonymizeIP". This means that IP addresses are further processed in abbreviated form, so that they cannot be directly linked to individuals. The IP address transmitted by your browser using Matomo is not merged with other data collected by us.
(4) The Matomo program is an open source project. Information from the third-party provider on data protection can be found at https://matomo.org/privacy-policy/.
8. use of Hubspot
This website uses HubSpot, a service of HubSpot Inc. with a branch in Ireland (HubSpot Inc., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland), with which we cover various areas of our online marketing. These include, among others:
- Content management (e.g. website content)
- E-mail marketing (newsletters and automated mailings)
- Social media publishing & reporting (e.g. LinkedIn)
- Reporting (e.g. traffic sources, accesses, etc. ...)
- Contact management (e.g. user segmentation & CRM)
- Provision of landing pages and contact forms
Hubspot uses so-called "cookies" and "web beacons", which are stored on your computer and enable us to analyze your use of the website. Hubspot evaluates the information collected (e.g. IP address, location, type of browser, duration of visit and pages accessed) on our behalf in order to compile reports on the visit and the pages you have used. The legal basis for the processing of personal data using Hubspot is Art. 6 para. 1 lit. a GDPR, i.e. your consent .
The data collected by us via Hubspot is used by us exclusively to provide and optimize our marketing. Your data can then be used by us to get in touch with you as a visitor to our website and to determine which of our company's services are of interest to you. If you subscribe to our e-mail news and download studies and other documents, we can also use HubSpot to record your visits on a personal basis using your additional details (in particular your name/e-mail address) and, if necessary, inform you in a targeted manner about your preferred topics. We also use HubSpot to provide our registration service. The registration service enables you as a visitor to our website to find out more about our company, download content and provide us with your contact information and other information about yourself and your company. Where required by law, we will ask for your prior and separate consent to collect, store and process your data.
The data we collect using Hubspot is stored on the servers of our contractor HubSpot in the USA. We have created the necessary conditions to ensure that this meets the requirements of EU data protection law, in particular the German Federal Data Protection Act. We have concluded an order processing agreement with Hubspot, including EU standard contractual clauses. Hubspot Inc. provides further information regarding HubSpot's compliance with EU data protection regulations here: https://www.hubspot.de/data-privacy/gdpr/product-readiness.
9. use of Google Fonts
Our website uses so-called Google Fonts, which are provided by Google Inc. for the uniform display of texts and fonts. When a page is called up, your Internet browser loads the required fonts into your browser cache in order to display texts and fonts correctly. For this purpose, your browser must establish a connection to the servers of Google Inc. This gives Google Inc. knowledge that our website has been accessed via your IP address. The use of Google Fronts serves our interest in a uniform and visually appealing presentation of our online offer. This constitutes a so-called legitimate interest within the meaning of Art. 6 para. 1 letter f. GDPR.
If your browser does not support Google Fonts, a standard font from your PC will be used.
Additional information about Google Fronts can be found at https://developers.google.com/fonts/faq and in the privacy policy of Google Inc. at https://policies.google.com/privacy.
10. use of social media components
We use the social media components described below on our website:
Our website uses plugins from the social network Facebook, from the provider Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
By using our website, a direct connection is established between your browser and the Facebook server via this plugin and Facebook receives the information that you have visited our site with your IP address. By clicking on the Facebook "Like button" while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. Facebook can then associate your visit to our site with your user account.
We would like to point out that, as the provider of our website, we have no knowledge of the data transmitted to and used by Facebook. Further information on data usage can be found at http://de-de.facebook.com/about/privacy/.
Please log out of your Facebook user account before you visit our site if you do not want Facebook to associate your visit to our website with your user account.
Conversion measurement with the conversion pixel from Facebook
We use the visitor action pixel of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). By calling up this pixel from your browser, Facebook can recognize whether one of its own advertisements was successful. For this purpose, we only receive statistical data from Facebook without reference to a specific person. This allows us to record the effectiveness of Facebook ads for statistical and analysis purposes. We also refer you to the Facebook data protection information.
Please go to https://www.facebook.com/ads/preferences/ if you wish to withdraw your consent to Conversion Pixel.
Our website uses plugins from LinkedIn, offered by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. By using our website, a direct connection is established between your browser and the LinkedIn server via this plugin and LinkedIn receives the information that you have visited our site with your IP address. By clicking on the LinkedIn Recommend button while you are logged into your LinkedIn account, you can link the content of our pages to your LinkedIn profile. LinkedIn can then associate your visit to our site with your user account. We would like to point out that, as the provider of our website, we have no knowledge of the data transmitted to and used by LinkedIn. Further information on data use can be found at http://www.linkedin.com/legal/privacy-policy.
11. use of the Stripe payment method
On our website we offer, among other things, payment via the service provider Stripe and the payment methods offered via Stripe. The provider of these payment services is Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2. If you select payment via Stripe, the data you enter will be transmitted to Stripe Payments Europe Ltd.
The transmission of your data to Stripe is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). All data required for payment processing is used exclusively for the execution of payments and transmitted via the "SSL" procedure. Stripe may process personal data outside the EU/EEA. Stripe is subject to the Safe Harbor Agreement. Information on data protection at Stripe Payments Europe Ltd can be found here: https://stripe.com/de/privacy.
12. use of Google Search Console
No personal user or tracking data is processed or transmitted to Google as part of the use of Google Search Console.
13. use of Hotjar
We use Hotjar to better understand the needs of our users and to optimize this service and their experience. Hotjar is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they click, what users like and dislike, etc.) and this allows us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data about our users' behavior and their devices. This includes a device's IP address (processed during your session and stored in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only) and preferred language to view our website. Hotjar stores this information in a pseudonymized user profile on our behalf. Hotjar is contractually obliged not to sell any of the data collected on our behalf.
Further information can be found in the section "About Hotjar" on the Hotjar support page. The legal basis for the processing of your personal data using Hotjar is Art. 6 para. 1 lit. a GDPR.
VII. Data processing in the context of establishing contact
1. contact by e-mail
You can contact our company by e-mail using the e-mail addresses published on our website.
If you use this contact channel, the data you provide (e.g. surname, first name, address), but at least the e-mail address, as well as the information contained in the e-mail and any personal data you provide will be stored for the purpose of contacting you and processing your request. The following data is also collected by our system:
-IP address of the calling computer;
-Date and time of the e-mail.
The legal basis for the processing of personal data in the context of e-mails sent to us is Art. 6 para. 1 lit. b or lit. f GDPR.
2. contact via website contact form
If you use the contact form provided on our website for communication, it is necessary to provide your surname and first name as well as your e-mail address. Without this data, your request sent via the contact form cannot be processed. Providing your address is optional and enables us to process your request by post if you wish.
In addition, the following data is collected by our system:
-IP address of the calling computer;
-Date and time of registration.
The legal basis for the processing of personal data in the context of e-mails sent to us is Art. 6 para. 1 lit. b or lit. f GDPR.
3. contact via in-platform chat
For the purpose of customer service and to enable the fastest possible support for the user of our homepage, we use the live chat service of the company Text, Inc., 101 Arch Street, 8th Floor, Boston MA 02110, USA for the in-platform chat.
Live Chat only uses user data for the technical processing of inquiries and, according to the company, does not pass it on to third parties. Pseudonymous use is possible when using Live Chat. In the course of processing service requests, it may be necessary to collect further data provided by you. The use of live chat is optional and serves to improve and speed up our customer and user service. The legal basis for the processing of personal data via the in-platform chat of the provider Live Chat is Art. 6 para. 1 lit. b) and f) GDPR.
If users do not agree to data collection via and data storage in Live Chat's external system, we offer them the alternative contact options for submitting service requests mentioned in this privacy policy.
Further information on the processing of personal data by Live Chat can be found in the privacy policy of the provider Live Chat: https://www.livechat.com/legal/privacy-policy/ .
4. contact by letter and fax
If you send us a letter or fax, the data transmitted by you (e.g. surname, first name, address) and the information contained in the letter or fax, together with any personal data transmitted by you, will be stored for the purpose of contacting you and processing your request.
The legal basis for the processing of personal data in the context of letters and faxes sent to us is Art. 6 para. 1 lit. b or lit. f GDPR.
VIII. Data processing when subscribing to our newsletter
If you subscribe to our newsletter mailing list, your e-mail address and the newsletter you have selected will be stored by us on a server.
In addition, the following data is collected by the system during registration:
-IP address of the calling computer;
-Date and time of registration.
Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy. The data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and within the scope of the legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
We use this data exclusively for sending the newsletter. The registration system with an additional confirmation message containing a link to the final registration (double opt-in) ensures that the newsletter was requested by you and not by a third party. When you register, your data is stored on our servers and a confirmation message with a link to the final registration is generated and sent to the e-mail address you have provided. Only when you confirm the link in the email will your data for sending the newsletter be stored for the duration of your use of our service.
If you no longer agree to the storage of your data for this purpose and therefore no longer wish to use our services, you can unsubscribe from our newsletter at any time. There is a corresponding link in every newsletter for this purpose. The personal data you have provided to subscribe to the newsletter will then be deleted.
Use of the German shipping service provider "Sendinblue/Brevo"
Our newsletter is sent using "Brevo", an application of the German company Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin. The email addresses of the recipients of our newsletter, as well as their other data described in this data protection notice, are stored on the servers of Sendinblue GmbH. Sendinblue uses this information to send and analyze the newsletter on our behalf. Sendinblue provides information on the functions used here: https://www.brevo.com/de/features/ .
Furthermore, Brevo will use the above-mentioned data to optimize its own services. However, Brevo does not use the personal data of the recipients of our newsletter to contact them itself or to pass it on to unauthorized third parties. Please refer to the privacy policy of Sendinblue GmbH; https://www.brevo.com/de/legal/privacypolicy/. Sendinblue is an ISO-certified service provider with certified data protection management (certificate: https://www.brevo.com/wp-content/uploads/2022/11/SENDINBLUE-ISO27001-Certificate.pdf.)
The legal basis for the processing of personal data in the context of the described newsletter dispatch via Brevo including performance measurement is Art. 6 para. 1 lit. a), Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or, in the event that consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 lt. f) GDPR in conjunction with § 7 para. 3 UWG. § Section 7 (3) UWG.
We have concluded an order processing agreement with Sendinblue in accordance with Art. 28 GDPR, in which Sendinblue undertakes to protect the data of our users, to process it on our behalf in accordance with applicable data protection regulations and, in particular, not to pass it on to third parties. This agreement can be viewed at the following link: https://de.sendinblue.com/wp-content/uploads/sites/3/2 020/10/AV_Muster_DE-aktuell.pdf.
Unsubscribe from the newsletter
You can unsubscribe from our newsletter at any time. Your consent to receive the newsletter via Sendinblue and the statistical analyses will then expire at the same time. Unfortunately, it is not possible to cancel the sending of the newsletter via Sendinblue or the statistical analysis separately. You will find a link to unsubscribe from the newsletter at the end of each newsletter. On the basis of our legitimate interests, we will retain the unsubscribed email addresses for up to three years before deleting them, also in order to be able to prove the previously given consent to receive the newsletter.
IX. Your rights
As a data subject, you have the following rights in connection with the processing of your personal data:
1. right to information
(1) The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data that are processed;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the existence of a right of appeal to a supervisory authority;
g) if the personal data are not collected from the data subject, all available information about the origin of the data;
h) the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
(2) Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2. right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. right to erasure
(1) The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
b) The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
c) The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
d) The personal data have been processed unlawfully.
e) The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
f) The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
(2) Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
(3) Paragraphs 1 and 2 shall not apply if the processing is necessary
a) to exercise the right to freedom of expression and information;
(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR;
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the assertion, exercise or defense of legal claims.
4. right to restriction of processing
(1) The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims, or
d) the data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
(2. Where processing has been restricted pursuant to paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
5. right to data portability
(1) The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
b) the processing is carried out by automated means.
(2) In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of other persons.
This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
6. right of objection
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
7. right of withdrawal
The data subject has the right to withdraw their declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8. right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
X. Changes to this privacy policy
We reserve the right to amend these data protection provisions at any time with effect for the future. A current version is always available on the website. Please visit the website regularly and inform yourself about the applicable data protection provisions.
Status: 03/2024