Data Privacy Statement
The protection of personal data is important to us. Therefore, the processing of personal data is carried out in accordance with the applicable European and national legal provisions.
You can of course revoke your declaration(s) of consent at any time with effect for the future. To do so, please contact the person responsible in accordance with § 1.
The following declaration provides an overview of the type of data collected, the way in which this data is used and passed on, the security measures we take to protect your data and the way in which you can obtain information about the information given to us.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 p. 1 lit.
a) EU General Data Protection Regulation (DSGVO) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) S. lit. b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
If processing of personal data is necessary for compliance with a legal obligation to which we are subject, Article 6 (1) sentence 1 lit. c) DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 lit. f) DSGVO serves as the legal basis for the processing.
Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned norms
period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.
§ 1 The data controller and the data privacy officer
(1) Name and address of the data controller
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
OBJECT ECM GmbH
Hohe Bleichen 12
(2) Name and address of the data protection officer
The data privacy officer of the data controller is:
E-Mail: [email protected]
Telefon: +49 7531 3691446
§ 2 Definitions
The data protection declaration is based on the terms used by the European legislator when adopting the EU General Data Protection Regulation (hereinafter referred to as: "DSGVO" or "GDPR"). The data protection declaration is intended to be easy to read and understand. To ensure this, the most important terms are explained below:
- Personal data means any information relating to an identified or identifiable natural person (hereinafter: "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
- Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Profiling is any automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
- Pseudonymisation means the processing of personal data in such a way that personal data can no longer be related to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
- The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law./li>
- Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
- Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
- Consent shall mean any freely given specific and informed indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
§ 3 Provision of the website and creation of log files
(1) In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we automatically collect the following data and information from the computer system of the calling computer each time the website is called up:
a) The IP address of the user
b) Information about the type of browser and the version used
c) The user's operating system
d) The user's Internet service provider
e) Date and time of access
f) Websites from which the user's system accesses the website
g) Websites that are accessed by the user's system via our website
h) Content of the calls (specific pages)
i) Amount of data transferred in each case
j) Language and version of the browser software
k) Search engines used
l) Names of downloaded files
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
(2) The legal basis for the temporary storage of the log files is Art. 6 para. 1 p. lit. f) DSGVO.
(3) The temporary storage of the IP address by the system is necessary in order to
a) enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
b) optimise the content of our website and the advertising for it
c) to ensure the functionality of our information technology systems and the technology of our website
d) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
In case IP addresses are stored in the log files:
Log files are stored in order to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f) DSGVO.
(4) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected - in this case at the end of the usage process.
If IP addresses are stored in log files:
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses are deleted or made anonymous so that it is no longer possible to identify the calling client.
is no longer possible.
(5) The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website, which is why there is no possibility to object.
This website uses so-called cookies. Cookies are small text files which, as soon as you visit a website, are sent to your browser by a web server and stored locally on your end device (PC, notebook, tablet, smartphone, etc.) and are stored on your computer and provide the user (i.e. us) with certain information. Cookies are used to make the website more customer-friendly and secure, and in particular to collect usage-related information, such as frequency of use and number of users of the pages, as well as behavioural patterns of page use. Cookies do not cause any damage to the computer and do not contain viruses.
The data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings.
(2) The legal basis for the processing of personal data using cookies is Art. 6 para. 1 p. 1 lit. f) DSGVO.
Cookies in general or delete cookies individually. However, please note that the functionality of this website may be limited if cookies are deactivated. As far as session cookies are concerned, these will be automatically deleted after leaving the website anyway.
§ 5 Newsletter
(1) With your consent, you can subscribe to our free newsletter, with which we inform you about our current interesting offers. The advertised services are named in the declaration of consent.
We use the so-called double-opt-in procedure to subscribe to our newsletter. This means that after your registration we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the
newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses used and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. Mandatory information for sending the newsletter is your e-mail address, as well as the form of address, first name and surname. The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 p. 1 lit. a) DSGVO if consent has been given.
(2) If you purchase goods or services on our website and enter your e-mail address, this may subsequently be used by us to send a newsletter.
In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. The data will be used exclusively for sending the newsletter.
The legal basis for sending the newsletter on the basis of orders for goods or services is Art. 7 (3) UWG.
(3) The collection of the user's e-mail address is used to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
(4) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, your e-mail address and other personal data will be stored as long as the subscription to the newsletter is active.
(5) You can unsubscribe from our newsletter at any time and thus revoke your consent by clicking on the "Unsubscribe from newsletter" field in our newsletter unsubscriber or by sending us an email to [email protected].
This also enables you to revoke your consent to the storage of the personal data collected during the registration process.
§ 6 Downloading files
(1) If you wish to download files (in particular documents in the form of PDF files) from our website, it is necessary for you to provide your personal data, which we require for the release of your downloads are required. The data is entered in an input mask and transmitted to us and stored. The following data may be collected:
· First name
· Your address
· Telephone number
· IP address
· Date and time of the download
The data will not be passed on to third parties.
(2) The legal basis is Art. 6 para. 1 p. 1 lit. b) DS-GVO. With regard to the voluntary data, the legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. a) DSGVO.
(3) The compulsory data collected are necessary for the fulfilment of the download with the user (for the purpose of sending the files). We use the data to answer your enquiries, to process your order and for the purpose of technical administration of the websites. We may also process the data you provide to inform you about other interesting products from our portfolio or to send you e-mails with technical information.
(4) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
(5) If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
Otherwise, you are free to have the personal data provided during registration completely deleted from the controller's database. The controller will provide you with information about the personal data stored about you at any time upon request. Furthermore, the controller will correct or delete personal data at the request or indication of the data subject, provided that this does not conflict with any statutory retention obligations. You can write to the data controller or the data protection officer in accordance with § 1 at any time by e-mail or post and ask for the data to be deleted/changed.
§ 7 Disclosure of personal data to third parties
1. integration of youtube videos
We have integrated Youtube videos into our online offer, which are stored on
https://www.youtube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transmission.
YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all kinds of videos, which is why complete film and television programmes, but also music videos, trailers or videos made by users themselves can be accessed via the internet portal.
The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
Each time one of the individual pages of this website operated by the data controller is called up and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. Within the scope of this technical procedure, YouTube and Google receive information about which specific sub-page of our website is visited by the data subject.
If the data subject is logged into YouTube at the same time, YouTube recognises which specific sub-page of our website the data subject is visiting when a sub-page containing a YouTube video is called up. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged into YouTube at the same time as calling up our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, he or she can prevent the transmission by logging out of his or her YouTube account before accessing our website.
The data protection provisions published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information on the collection, processing and use of personal data by YouTube and Google.
(7) Links to external websites
This website contains links to external sites. We are responsible for our own content. We have no influence on the contents of external links and are therefore not responsible for them, in particular we do not adopt their contents as our own. If you are directed to an external site, the data protection declaration provided there applies. If you notice any illegal activities or content on this site, you are welcome to point this out to us. In this case, we will check the content and react accordingly (notice and take down procedure).
§ 8 Contact form and e-mail contact
(1) Our website contains a contact form which can be used for electronic contact. If you use this option, the data entered in the input mask will be transmitted to us and stored. These data are:
- First and last name
- Subject and message
The following data is also stored at the time the message is sent:
- IP address of the user
- Date and time of the transmission of the request
For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data transmitted with the e-mail will be stored. Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to answer your request.
In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
(2) The legal basis for the processing of the data is Art. 6 para. 1 p. lit. a) DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 p. 1 lit. f) DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b) DSGVO.
(3) The processing of the personal data from the input mask serves us solely to process the contact. We will, of course, use the data from your e-mail enquiries exclusively for the purpose for which you provided them when contacting us. In the case of contacting us by e-mail, we also have the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
(4) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
(5) You have the option to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. Regarding the revocation of consent/opposition to storage, we ask you to contact the person responsible or the data protection officer as per § 1 via e-mail or by post. All personal data stored in the course of contacting us will be deleted in this case.
§ 9 Web analysis by Google Analytics (with pseudonymisation)
(1) On our website, we use the service of Google Inc. (Google Inc., 1600 Amphitheatre Parkway Monutain View, CA 94043, USA to analyse the surfing behaviour of our users. The software sets a cookie on your computer (for cookies, see above). If individual pages of our website are called up, the following data is stored:
a) Two bytes of the IP address of the user's calling system.
b) The web page called up
c) Entry pages, exit pages,
d) The time spent on the website and the abort rate
e) The frequency of access to the website
f) Country of origin and regional origin, language, browser, operating system, screen resolution, use of Flash or Java
g) Search engines used and search terms used.
The information generated by the cookie about the use of this website by users is usually transmitted to a Google server in the USA and stored there.
This website uses Google Analytics with the extension "_anonymizeIp()". The software is set so that the IP addresses are not stored in full, but only in shortened form. In this way, it is no longer possible to assign the shortened IP address to the calling computer. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. However, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
(2) The legal basis for the processing of personal data is Art. 6 para. 1 p. 1 lit. f) DSGVO. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(3) On our behalf, Google will use this information for the purpose of evaluating your use of the website and compiling reports on website activity. By evaluating the data obtained, we are able to compile information about the
information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes are also our legitimate interest in processing the data according to Art. 6 para. 1 lit. f) DSGVO. The anonymisation of the IP address sufficiently takes into account the interest of users in the protection of their personal data.
(4) The data is deleted as soon as it is no longer required for our recording purposes.
In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link. The current link is: "http://tools.google.com/dlpage/gaoptout?hl=de."
§ 10 Social Media Plugins
1. Social plugins of the social network Facebook (Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA) are used on these pages. This plugin allows you to bookmark these pages and thus share them with other participants of the social network. You can recognise this plugin by the Facebook logo or the typical "Like" button. An overview
of the Facebook plugins can be found at http://developers.facebook.com/docs/plugins/.
2. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to Facebook. We give you the opportunity to communicate directly with Facebook via the button. Only when you click on the marked field and thereby activate it, does Facebook receive the information that you have accessed the corresponding website of our online offer.
The data transfer takes place regardless of whether you have an account with Facebook and are logged in there.
a) If you click the Facebook "Like" button while logged into your Facebook account, the contents of these pages can also be linked to your Facebook profile. In this case, Facebook can also assign the visit to these pages to your user account. If you click the activated button and, for example, link the page to your Facebook account, Facebook will also store this information.
Facebook also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating it. We recommend that you log out regularly after using a social network, in particular before activating the button, as this will prevent it from being assigned to your profile.
b) If you are not a member of Facebook or have logged out of Facebook before visiting this site, it is still possible that Facebook will obtain and store your IP address. If you do not want Facebook to be able to assign your visit to our pages to your Facebook user account, you must log out of Facebook before visiting our website or must not activate the plugin.
In this case, the following data is generally transmitted to Facebook:
- Browser-related data such as IP address, browser type, operating system, time and date of the request, website visited.
- User ID (for logged-in Facebook account)
According to Facebook in Germany, the IP addresses are anonymised immediately after collection. By activating the plugin, personal data is therefore transmitted from you to Facebook and stored in the USA. Since Facebook collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the greyed-out box.
3. We have neither influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information about the deletion of the collected data by Facebook.
4. Facebook stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. Through the plugins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user.
5. The legal basis for the use of the plugins is Article 6 (1) sentence 1 lit. a DS-GVO. Facebook has submitted to the EU-US Privacy Shield,
6. You have the right to object to the creation of these user profiles, whereby you must contact Facebook to exercise this right.
7. Settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings at https://www.facebook.com/settings?tap=ads. Further information on the purpose and scope of the data collection and its processing as well as on your respective rights by and vis-à-vis Facebook can be found at http://www.facebook.com/policy.php, http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications sowie http://www.facebook.com/about/privacy/your-info#everyoneinfo
(1) The functions of the Twitter service (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) are used on these pages. By using Twitter and the "Re-Tweet" button, it is possible for you to follow a post or page on Twitter or to link the websites you visit to your Twitter account and share them with other users. You can recognise this plugin by the "Re-Tweet" button or the typical blue bird. You can find an overview of the Twitter buttons and their appearance here: https://twitter.com/about/resources/buttons
(2) We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to Twitter. We give you the opportunity to communicate directly with Twitter via the button. Only when you click on the marked field and thereby activate it, does Twitter receive the information that you have called up the corresponding website of our online offer.
If you click the Twitter button while logged into your Twitter account, the content of these pages can also be linked to your Twitter profile. In this case, Twitter can also assign the visit to these pages to your user account. If you click the activated button and, for example, link the page, Twitter will also store this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you to avoid an assignment to your profile.
In doing so, the following data is generally transmitted to Twitter:
- IP address, browser type, date and time of access, original page, operating system, screen resolution.
- Linking of this data with your account data of the social media operator.
By activating the plugin, your personal data is transmitted to Twitter and stored in the USA.
(3) We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by Twitter.
(4) Twitter stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its service. Such an evaluation is carried out in particular for the display of needs-based advertising and to inform other users of the social network about your activities. Via the plugins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user.
5) The legal basis for the use of the plugins is Art. 6 para. 1 p. 1 lit. a DS-GVO. Twitter has submitted to the EU-US Privacy Shield,
(6) You have the right to object to the creation of these user profiles, and you must contact Twitter to exercise this right.
(7) Further information on the purpose and scope of the data collection and its processing as well as your respective rights by and against Twitter can be found at https://twitter.com/privacy. You can change your data protection settings on Twitter at any time at
§ 11 Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. right to information
2. right to rectification
3. right to restriction of processing
4. right to erasure
5. right to information
6. right to data portability
7. right to object to processing
8. right to withdraw consent under data protection law
9. the right not to have an automated decision taken on your behalf
10. right to complain to a supervisory authority
1. Right to be informed
(1) You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may at any time request from the controller free of charge information about the personal data stored about you and about the following information:
a) the purposes for which the personal data are processed
b) the categories of personal data which are processed
c) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
d) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period
e) the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the controller or a right to object to such processing
f) the existence of a right of appeal to a supervisory authority;
g) any available information on the origin of the data, if the personal data are not collected from the data subject
personenbezogenen Daten nicht bei der betroffenen Person erhoben werden
h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in such cases, meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
(2) You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
2. Right to rectification
You have the right to obtain rectification and/or completion from the controller without undue delay if the personal data processed concerning you is inaccurate or incomplete.
3. Right to restriction of processing
(1) You may request the controller to restrict the processing of personal data concerning you without undue delay under the following conditions:
a) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data
b) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data
c) the controller no longer needs the personal data for the purposes of the processing but you need it for the establishment, exercise or defence of legal claims; or
d) if you object to the processing pursuant to Art. 2 1 para 1 DSGVO and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
(2)Where the processing of personal data relating to you has been restricted, such data may be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to deletion
(1) You may request the controller to erase the personal data concerning you without undue delay if one of the following reasons applies
a) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
b) You withdraw your consent on which the processing was based pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the GDPR and there is no other legal basis for the processing.
c) You object to the processing pursuant to Article 21 (1) of the Regulation and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) of the Regulation.
d) The personal data concerning you have been processed unlawfully.
e) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
f) the personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
(2) If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, the controller shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers processing the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, those personal data.
(3) The right to erasure shall not apply to the extent that the processing is necessary
a) the exercise of the right to freedom of expression and information
b) compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
c) for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR
d) The personal data concerning you have been processed unlawfully.
e) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
f) the personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification/erasure/restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.
6.Right to data portability
(1) You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
the processing is based on consent pursuant to Art. 6 para. 1 lit. A DSGVO or Art. 9 para. 2 lit.a DSGVO or on a contract pursuant to Art. 6 para. 1 lit.b DSGVO and
b) the processing is carried out with the aid of automated procedures.
(2) In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.
(3)The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4) To assert the right to data portability, the data subject may at any time contact the controller.
7. Right to oppose the processing
(1) You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
(2) The controller shall no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
(3) If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes
(4)You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
(5) To exercise the right to object, the data subject may contact the controller directly.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can contact the data controller for this purpose.
9. Automated decision in individual cases including profiling
(1) You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects vis-à-vis you or similarly significantly affects you.
This does not apply if the decision
a) is necessary for the conclusion or performance of a contract between you and the controller,
b) is permissible on the basis of legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests; or
c) is made with your express consent.
(2) However, these decisions may not be based on special
categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
and your legitimate interests have been taken.
(3) With regard to the cases mentioned in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, which include at least the right to obtain the intervention of a data subject on the part of the controller, to express his or her point of view and to contest the decision.
(4) If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact the controller.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.