top of page

DATA PROTECTION

1 Introduction

This data protection declaration explains the type, scope and purpose of the processing of personal data within our online offer and the websites, functions and content associated with it (hereinafter jointly referred to as "online offer" or "website"). The data protection declaration applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is run.

 

2. Controller

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:

Kenneth Terfurt

Ina-Seidel-Strasse 15

40885 Ratingen

Kenny@do-epic-shit-shop.com

Germany

 

 

3. Data Protection Officer

The data protection officer of the person responsible for processing is:

Kenneth Terfurt

Ina-Seidel-Strasse 15

40885 Ratingen

Kenny@do-epic-shit-shop.com

Germany

 

Every data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

 

4. Definition of terms

Our data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public as well as for our customers and business partners.

To ensure this, we would like to explain the terms used in advance. The terms used, such as "personal data" or their "processing" are defined in Article 4 of the General Data Protection Regulation (GDPR).

We use the following terms, among others, in this data protection declaration:

Personal Data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person is considered to be identifiable if, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

Affected person

Affected person is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.

processing

Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.

restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

profiling

Profiling is any type of automated processing of personal data, which consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal Analyze or predict that natural person’s preferences, interests, reliability, behavior, whereabouts or relocation.

pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data not assigned to an identified or identifiable natural person.

Responsible or responsible for processing

The person responsible or responsible for processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his appointment can be determined according to Union law or the lawder Member States are provided.

processor

Processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the person responsible.

Recipient

Recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.

consent

Consent is any expression of will voluntarily given by the data subject in an informed manner and unequivocally for the specific case in the form of a declaration or other clear confirmatory action with which the data subject indicates that they consent to the processing of their personal data is.

 

5. General information on data processing

Scope of processing of personal data

In principle, we only collect and use personal data from our users to the extent that this is necessary to provide a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 Letter f GDPR serves as the legal basis for the processing.

Data Erasure and Storage Duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject.

The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Technical and organizational measures

In order to ensure that personal data cannot be read, copied, changed or removed without authorization during electronic transmission, during transport or storage on data carriers, we use a state-of-the-art encryption process in accordance with Article 9 GDPR.

This site uses TLS (Transport Layer Security) encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to our system. Data that you transmit to our system cannot be easily read by third parties.

You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

 

6. Provision of the website and creation of log files

Description and scope of data processing

Each time you open the net side, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected here:

Information about the browser type and version used

the user's operating system

the user's internet service provider

the IP address of the user

the date and time of access

Websites from which the user's system accesses our website

Websites accessed by the user's system through our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Article 6 (1) (f) GDPR.

purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR also lies in these purposes.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

Possibility of objection and elimination

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

 

7. Use of Cookies

Description and scope of data processing

Based on our legitimate interests, we use so-called cookies on this website. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again.

Technically necessary cookies

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data can be stored and transmitted in the cookies:

Session cookies, which save certain user settings, e.g.:

-         Cart Contents

-           Language settings

-         Remember search terms

-           Login data

Opt-out cookies, with the information whether the user has actively consented to the setting of technically necessary and unnecessary cookies.

Test cookies, with the information whether the user allows the setting of cookies in his browser

Cookies for analysis, advertising and marketing purposes.

When accessing our website, users are informed by an information banner about the use of technically necessary cookies and are referred to this data protection declaration. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings.

Technically unnecessary cookies

If we use other cookies than technically necessary cookies, you will be informed about this on the website.

Legal basis for data processing

The legal basis for the processing of personal data using cookies for analysis, marketing and/or tracking purposes is Article 6 Paragraph 1 Sentence 1 lit.

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) sentence 1 lit. a GDPR if the user has given their consent. If the user has not consented, the legal basis is Art. 6 (1) sentence 1 lit. f GDPR.

purpose of data processing

The technically necessary cookies are used for the purpose of improving the use of websites to simplify for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. The user data collected by technically necessary cookies are not used to create user profiles.

Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

When accessing our website, users are informed by an info banner about the use of cookies and the user is asked whether they also agree to the setting of the named cookies. The user can freely decide whether to make a selection and whether to consent. If the user does not give their consent, no / only technically necessary cookies will be set and no further storage of cookies will take place.

 

8. Newsletters

Description and scope of data processing

Based on our legitimate interests on this website, we offer our users the opportunity to subscribe to a free newsletter.

We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient or legal permission. When registering for the newsletter, the data from the input mask is transmitted to us.

If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the consent of the user. Our newsletter also contains information about our products, offers, promotions and our company.

The following user data is collected:

the E-Mail adress

the first and last name

the chosen language

In addition, the following data is collected during registration and when data changes:

IP address of the calling computer

Date and Time

Your consent will be obtained for the processing of the data as part of the registration process and reference will be made to this data protection declaration.

Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else's e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

If you purchase goods or services on our website and enter your e-mail address, this can subsequently be used by us to send a newsletter. In such a case, only direct advertising for your own similar goods or services will be sent via the newsletter.

There is no transfer of data to third parties in connection with data processing for sending newsletters. The data will only be used to send the newsletter.

The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server of the shipping service provider when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our aim nor that of the shipping service provider to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Legal basis for data processing 

The legal basis for processing the data after the user has registered for the newsletter is Article 6(1)(a) GDPR if the user has given their consent.

The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

The legal basis for the statistical surveys and analyzes is Article 6 (1) (f) GDPR.

purpose of data processing

In order to register for the newsletter, you must provide your e-mail address, your name and the desired language of the newsletter. The collection of the user's e-mail address serves to deliver the newsletter. The recording of the name serves to address you personally in the newsletter. The language must be selected because we offer our newsletter in several languages.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

The purpose of the statistical surveys is to use a user-friendly and secure newsletter system that serves our business interests and meets user expectations.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active.

The other personal data collected as part of the registration process is usually deleted after a period of seven days.

Possibility of objection and elimination

The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.

This also enables a revocation of the consent to the storage of the personal data collected during the registration process.

At the same time, your consent to the statistical analyzes expires. Unfortunately, a separate revocation of the dispatch by the dispatch service provider or the statistical evaluation is not possible.

If the users have only registered for the newsletter and canceled this registration, their personal data will be deleted.

 

9. Registration

Description and scope of data processing

Based on our legitimate interests on this website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. A transfer of data to third parties does not take place.

The following data is collected as part of the registration process:

the E-Mail adress

the first and last name

date of birth

the billing address and, if applicable, a different delivery address

the telephone number

 

At the time of registration, the following data is also stored:

Date and time of registration

As part of the registration process, the user's consent to the processing of this data is obtained.

Legal basis for data processing

The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent.

If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for the processing of the data is Article 6 (1) (b) GDPR.

purpose of data processing

Registration of the user is required for the provision of certain content and services on our website.

Orders in the web shop

Registration of the user is required to fulfill a contract with the user or to carry out pre-contractual measures.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

This is the case for the data collected during the registration process if the registration on our website is canceled or changed.

This is the case during the registration process to fulfill a contract or to carry out pre-contractual measures if the data is no longer required for the execution of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

[Permanent obligations require the storage of personal data during the contract period. In addition, warranty periods must be observed and the storage of data for tax purposes. Which storage periods are to be observed cannot be fixed in general terms, but must be determined for the respective concluded contracts and contracting parties on a case-by-case basis.]

Possibility of objection and elimination

As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time.

You can change your data yourself in the customer area of the web shop or via our customer service. Our customer service, which can be reached by telephone or email, can delete your account for you.

If the data is required to fulfill a contract or to carry out pre-contractual measures, the data can only be deleted prematurely if there are no contractual or legal obligations to the contrary.

10.Google Analytics

Scope of processing of personal data

Based on our legitimate interests, we use the web analytics service Google Analytics from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). It is used to analyze the surfing behavior of our users.

Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.

By setting the cookie, Google is able to analyze the use of our website. Each time one of the individual pages of this website is called up, which is operated by the person responsible for processing and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated by the respective Google Analytics component to transmit data to Google for online analysis. As part of this technical process, Google gains knowledge of personal data, such as the IP address of the person concerned, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission statements.

The cookie is used to store personal information, such as access time, the location from which access was made and the frequency of visits to our website by the person concerned. Each time you visit our website, this personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

If individual pages of our website are called up, the following data is stored:

The accessed website

The website from which the user accessed the accessed website (referrer)

The sub-pages that are accessed from the accessed website

The length of stay on the website

The frequency of visits to the website

Google has recognized the EU Commission's standard contractual clauses for the transfer of personal data to third countries, thereby offering a guarantee of compliance with European data protection law.

Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and internet usage. Pseudonymous user profiles can be created from the processed data.

The IP address transmitted by the user's browser is not merged with other Google data.

We use Google Analytics to only display the ads placed within the advertising services of Google and its partners to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products, which are based on the visited website). websites are determined), which we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interests of users and are not annoying.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

Legal basis for processing personal data

The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.

purpose of data processing

The processing of users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. Our legitimate interest in the processing of the data according to Art. 6 (1) (f) GDPR also lies in these purposes.

By making the IP address anonymous, the interest of the user in the protection of their personal data is sufficiently taken into account.

Duration of storage

The data will be deleted as soon as they are no longer required for our recording purposes.

In our case, this is the case after 50 months.

Possibility of objection and elimination

Cookies are stored on the user's computer and transmitted to our site and Google. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

Users can prevent the storage of cookies by setting their browser software accordingly; In addition, users can prevent the data generated by the cookie and related to their use of the online offer from being collected and processed by Google by downloading and installing the browser plug-in available under the following link: http://tools .google.com/dlpage/gaoptout?hl=en.

This browser plugin tells Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser plug-in is evaluated by Google as a contradiction. If the information technology system of the person concerned is later deleted, formatted or reinstalled, the person concerned must reinstall the browser plug-in in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the person concerned or another person who is attributable to their sphere of influence, there is the possibility of reinstalling or reactivating the browser plug-in.

You can find more information on data use by Google, setting and objection options on the Google website: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when using websites or apps our partners”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses, to show you advertising”).

 

11. Google Fonts

Scope of processing of personal data

Based on our legitimate interests, we use the Google Fonts service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").

Google Fonts provides an intuitive and robust repository of open source designer web fonts. With an extensive catalog, typography can be seamlessly incorporated and incorporated into any design project.

The service is used to integrate fonts (web fonts) on our website. The integration of the Google Fonts takes place through a server call at Google, usually via the URL https://fonts.google.com. The fonts come from different designers and are open source.

When users call up our online offer, a request is usually sent to a Google server in the USA and stored and processed there.

Technically, the fonts embedded in our website are stored on a Google server and then loaded from there when the page is accessed. By using Google Fonts, Google's servers send the appropriate file to each user, based on the technologies supported by the user's browser.

Google has recognized the EU Commission's standard contractual clauses for the transfer of personal data to third countries, thereby offering a guarantee of compliance with European data protection law.

The connection to Google Fonts is not authenticated. When you visit our website, no cookies or login information are sent to Google via the Google Fonts service. Corresponding requests to the servers of the Google Fonts service are made to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com, so that requests for fonts are generally separate from login information that is otherwise sent to domains from Google, e.g. google.com or google .de, can be sent and authenticated.

Google Fonts keeps records of CSS and font file requests. For statistical purposes, Google assigns aggregate usage numbers of how popular font families are and publishes these results on an analytics page (https://fonts.google.com/analytics).

More information about the Google Fonts service can be found at https://developers.google.com/fonts/faq.

Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is Article 6 (1) (a) GDPR.

purpose of data processing

The data processing takes place in the interest of analysis, optimization and the economic operation of the online offer in order to integrate content or service offers from third parties or their content and services.

We use Google Fonts to design our website independently of the fonts installed by the user, the so-called system fonts, and to ensure a consistent display image on different systems.

The purpose and scope of the data collection and the further processing and use of the data by Google can be found in Google's data protection declaration at https://policies.google.com/privacy?hl=de.

Duration of storage

The data will be deleted as soon as they are no longer required for our recording purposes.

Possibility of objection and elimination

Further information on data use by Google, setting and objection options can be found on the Google website https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use our partners’ websites or apps "), http://www.google.com/policies/technologies/ads ("Data use for advertising purposes"), http://www.google.de/settings/ads ("Manage information that Google uses to offer you display advertising”).

 

12.Google Maps

Scope of processing of personal data

Based on our legitimate interests, we use the Google Maps service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").

Google Maps is an online map service from Google. The surface of the earth can be viewed as a street map or as an aerial or satellite image.

The service is used to integrate map data on our website. The integration of Google Maps takes place through a server call at Google via an interface, the Google Maps API.

When a page of our online offer is called up, in which a corresponding map section has been integrated, a request is sent to a Google server in the USA and stored and processed there. By using Google Maps, the Google servers send the relevant data to display the map material to the user's browser.

Google has recognized the EU Commission's standard contractual clauses for the transfer of personal data to third countries, thereby offering a guarantee of compliance with European data protection law.

More information about the Google Maps service can be found at https://support.google.com/maps/.

Legal basis for processing personal data

The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.

purpose of data processing

The data processing takes place in the interest of analysis, optimization and the economic operation of the online offer in order to integrate content or service offers from third parties or their content and services.

We use Google Maps to integrate verified map data into our online presence.

 

The purpose and scope of the data collection and the further processing and use of the data by Google can be found in Google's data protection declaration at https://policies.google.com/privacy?hl=de.

Duration of storage

The data will be deleted as soon as they are no longer required for our recording purposes.

Possibility of objection and elimination

Further information on data use by Google, setting and objection options can be found on the Google website https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use our partners’ websites or apps "), http://www.google.com/policies/technologies/ads ("Data use for advertising purposes"), http://www.google.de/settings/ads ("Manage information that Google uses to offer you display advertising”).

 

13.Facebook

Description and scope of data processing

Based on our legitimate interests, we use social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white "f" on a blue tile, the terms "Like", "I like" or a "thumbs up" sign ) or are marked with the addition "Facebook Social Plugin". The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook has the EU Commission's standard contractual clauses for the transmission of personal data.

Related data in third countries and thus offers a guarantee of compliance with European data protection law.

If a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to the user's device, which integrates it into the online offer. User profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

By integrating the plugin, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by pressing the Like button or making a comment, the corresponding information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany.

Legal basis for data processing

The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.

purpose of data processing

The data processing takes place in the interest of analysis, optimization and the economic operation of the online offer.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options for protecting the privacy of users can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/ .

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Possibility of objection and elimination

If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his member data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies.

Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info /choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

 

14. Facebook, Custom Audiences and Facebook Marketing Services

Description and scope of data processing

Due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 , USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

Facebook has recognized the EU Commission's standard contractual clauses for the transfer of personal data to third countries, thereby offering a guarantee of compliance with European data protection law.

With the help of the Facebook pixel, Facebook is able to determine the visitors of our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to only display the Facebook ads we have placed to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products, which are based on the visited website). websites are determined), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and are not annoying. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

The Facebook pixel is integrated directly by Facebook when you visit our website and can save a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook while logged in, the visit to our online offer is noted in your profile. The data collected about you is anonymous to us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we should transmit data to Facebook for comparison purposes, this will be encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of making a comparison with the data that is similarly encrypted by Facebook.

Furthermore, when using the Facebook pixel, we use the additional function "extended comparison" (here data such as telephone numbers, e-mail addresses or Facebook IDs of the users are used) to form target groups ("Custom Audiences" or "Look Alike Audiences") Facebook (encrypted) transmitted. Further information on "extended matching": https://www.facebook.com/business/help/611774685654668).

Also on the basis of our legitimate interests, we use the "Custom Audiences from File" procedure of the social network Facebook, Inc. In this case, the e-mail addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload serves solely to determine recipients of our Facebook ads. We want to ensure that the ads are only displayed to users who are interested in our information and services.

The processing of the data by Facebook takes place within the framework of Facebook's data usage guidelines. Accordingly, general information on the display of Facebook ads in Facebook's data usage guidelines: https://www.facebook.com/policy.php. You can find specific information and details about the Facebook pixel and how it works in the Facebook help area: https://www.facebook.com/business/help/651294705016616.

Legal basis for data processing

The legal basis for the processing of users' personal data is Article 6 (1) (a) GDPR.

purpose of data processing

The data processing takes place in the interest of analysis, optimization and the economic operation of the online offer.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options for protecting the privacy of users can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/ .

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Possibility of objection and elimination

You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. In order to set which types of advertisements are displayed to you within Facebook, you can call up the page set up by Facebook and follow the instructions on the settings for usage-based advertising there: You can also prevent the use of cookies, which serve to measure reach and for advertising purposes, via the Deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/ uk/your-ad-choices/) object.

 

15.Instagram

Description and scope of data processing

Based on our legitimate interests, we use components of the Instagram service operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA ("Instagram").

Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also retransmit such data on other social networks.

Each time one of the individual pages of this website is called up, which is operated by the person responsible for processing and on which an Instagram component (Insta button) has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated by the respective Instagram component causes a representation of the corresponding component to be downloaded from Instagram. As part of this technical process, Instagram is informed which specific subpage of our website is visited by the person concerned.

If the person concerned is logged in to Instagram at the same time, Instagram recognizes which specific subpage the person concerned is visiting each time the person concerned calls up our website and for the entire duration of the respective stay on our website 

person visited. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the person concerned. If the person concerned clicks on one of the Instagram buttons integrated on our website, the data and information thus transmitted are assigned to the personal Instagram user account of the person concerned and stored and processed by Instagram.

Instagram always receives information via the Instagram component that the person concerned has visited our website if the person concerned is logged in to Instagram at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, they can prevent the transmission by logging out of their Instagram account before accessing our website.

Legal basis for data processing

The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.

purpose of data processing

The data processing takes place in the interest of analysis, optimization and the economic operation of the online offer.

The purpose and scope of the data collection and the further processing and use of the data by Instagram can be found in Instagram's data protection declaration at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/ become.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Possibility of objection and elimination

If a user is also a user of Instagram services and does not want Instagram to collect data about him via this online offer and link it to his user data stored on Instagram, he must log out of Instagram before using our online offer and delete his cookies.

 

16.Pinterest

Description and scope of data processing

Based on our legitimate interests, we use components of the Pinterest service operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA ("Pinterest").

Pinterest is an internet-based social network. A social network is a social meeting place operated on the Internet, an online community that usually enables users to communicate with one another and to interact in virtual space. A social network can serve as a platform for exchanging opinions and experiences, or it allows the Internet community to provide personal or company-related information. Pinterest enables users of the social network, among other things, to publish collections of images and individual images as well as descriptions on virtual pin boards (so-called pinning), which in turn can be shared (so-called repinning) or commented on by other users.

Each time one of the individual pages of this website is called up, which is operated by the person responsible for processing and on which a Pinterest component (Pinterest plug-in) has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated by the respective Pinterest component causes a representation of the corresponding Pinterest component to be downloaded from Pinterest. More information about Pinterest is available at https://pinterest.com/. As part of this technical process, Pinterest is informed which specific subpage of our website is visited by the person concerned.

If the person concerned is logged in to Pinterest at the same time, Pinterest recognizes which specific subpage of our website the person concerned is visiting each time the person concerned calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Pinterest component and assigned by Pinterest to the respective Pinterest account of the data subject. If the person concerned clicks on a Pinterest button integrated on our website, Pinterest assigns this information to the personal Pinterest user account of the person concerned and saves this personal data.

Pinterest always receives information via the Pinterest component that the person concerned has visited our website if the person concerned is logged in to Pinterest at the same time as accessing our website; this takes place regardless of whether the person concerned clicks on the Pinterest component or not.

If the data subject does not want this information to be sent to Pinterest, they can prevent the transmission by logging out of their Pinterest account before accessing our website.

Legal basis for data processing

The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.

 

purpose of data processing

The data processing takes place in the interest of analysis, optimization and the economic operation of the online offer.

The purpose and scope of the data collection and the further processing and use of the data by Pinterest can be found in Pinterest's data protection declaration at https://about.pinterest.com/privacy-policy. LinkedIn's cookie policy is available at https://policy.pinterest.com/cookies.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Possibility of objection and elimination

If a user is also a user of Pinterest services and does not want Pinterest to collect data about him via this online offer and link it to his user data stored on Pinterest, he must log out of Pinterest before using our online offer and delete his cookies.

Pinterest offers the option to unsubscribe from targeted ads at https://help.pinterest.com/en/articles/personalization-and-data.

 

17. LinkedIn

Description and scope of data processing

Based on our legitimate interests, we use components of the LinkedIn service, which is operated by the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA.

LinkedIn is an internet-based social network that enables users to connect with existing business contacts and establish new business contacts.

Each time our website, which is equipped with a LinkedIn component (LinkedIn plug-in), is called up, this component causes the browser used by the person concerned to download a corresponding representation of the LinkedIn component.

Further information on the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn is informed which specific subpage of our website is visited by the person concerned.

If the person concerned is logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website the person concerned is visiting each time the person concerned calls up our website and for the entire duration of the respective stay on our website. This information is collected by the LinkedIn component and assigned to the respective LinkedIn account of the person concerned by LinkedIn. If the person concerned clicks on a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the person concerned and saves this personal data.

 

LinkedIn always receives information via the LinkedIn component that the person concerned has visited our website if the person concerned is logged in to LinkedIn at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account before accessing our website.

Legal basis for data processing

The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.

purpose of data processing

The data processing takes place in the interest of analysis, optimization and the economic operation of the online offer.

The purpose and scope of the data collection and the further processing and use of the data by LinkedIn can be found in LinkedIn's data protection declaration at https://www.linkedin.com/legal/cookie-policy.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Possibility of objection and elimination

If a user is also a user of LinkedIn services and does not want LinkedIn to collect data about him via this online offer and link it to his user data stored on LinkedIn, he must log out of LinkedIn before using our online offer and delete his cookies.

At https://www.linkedin.com/psettings/guest-controls LinkedIn offers the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads as well as ad settings 

to manage.

LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame who may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy.

LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection issues outside the USA.

 

18. XING

Description and scope of data processing

Based on our legitimate interests, we use components of the XING service, which is operated by XING AG, Dammtorstraße 30, 20354 Hamburg, Germany ("Xing").

Xing is an Internet-based social network that enables users to connect with existing business contacts and establish new business contacts. Individual users can create a personal profile for themselves on Xing. For example, companies can create company profiles or publish job offers on Xing.

 

Each time one of the individual pages of this website is called up, which is operated by the person responsible for processing and on which a Xing component (Xing plug-in) has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated by the respective Xing component causes Xing to download a representation of the corresponding Xing component. Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins. As part of this technical process, Xing is informed which specific subpage of our website is visited by the person concerned.

If the person concerned is logged in to Xing at the same time, Xing recognizes which specific subpage of our website the person concerned is visiting each time the person concerned calls up our website and for the entire duration of their stay on our website. This information is collected by the Xing component and assigned to the respective Xing account of the data subject by Xing. If the person concerned clicks on one of the Xing buttons integrated on our website, for example the "Share" button, Xing assigns this information to the personal Xing user account of the person concerned and stores this personal data.

Xing always receives information via the Xing component that the person concerned has visited our website if the person concerned is logged in to Xing at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing, they can prevent the transmission by logging out of their Xing account before accessing our website.

Legal basis for data processing

The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.

purpose of data processing

The data processing takes place in the interest of analysis, optimization and the economic operation of the online offer.

The purpose and scope of the data collection and the further processing and use of the data by Xing can be found in Xing's data protection declaration at https://www.xing.com/privacy. You can find data protection information for the share button at https://www.xing.com/app/share?op=data_protection.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Possibility of objection and elimination

If a user is also a user of Xing services and does not want Xing to collect data about him via this online offer and link it to his user data stored on Xing, he must log out of Xing before using our online offer and delete his cookies.

Xing offers the option of objecting to web analysis at https://nats.xing.com/optout.html?popup=1&locale=de_DE. You can find more opt-out options from Xing at https://www.xing.com/privacy.

 

19. Youtube

Description and scope of data processing

Based on our legitimate interests, we use components of the YouTube service operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube").

YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube permits the publication of all types of videos, which is why both complete film and television programs as well as music videos, trailers and videos made by users themselves can be accessed via the Internet portal.

Each time one of the individual pages of this website is called up, which is operated by the person responsible for processing and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated by the respective YouTube component caused to download a representation of the relevant YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google are informed which specific subpage of our website is visited by the person concerned.

If the person concerned is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website the person concerned is visiting by calling up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google always receive information via the YouTube component that the person concerned has visited our website if the person concerned is logged in to YouTube at the same time as accessing our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before accessing our website.

Legal basis for data processing

The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.

purpose of data processing

The data processing takes place in the interest of analysis, optimization and the economic operation of the online offer.

The purpose and scope of the data collection and the further processing and use of the data by YouTube can be found in YouTube's data protection declaration at https://www.google.de/intl/de/policies/privacy/.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Possibility of objection and elimination

If a user is also a user of YouTube services and does not want YouTube to collect data about him via this online offer and link it to his user data stored on YouTube, he must log out of YouTube before using our online offer and delete his cookies.

YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. Accordingly, it could be necessary for the user to also log out of a possible Google Inc. user account and delete their cookies.

YouTube offers the possibility to object to targeted advertising at https://www.google.de/settings/ads/authenticated.

20. PayPal

Description and scope of data processing

Based on our legitimate interests, we use components of the PayPal service provided by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg ("PayPal").

PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services.

If the data subject selects "PayPal" as the payment option during the ordering process in our online shop, the data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually

the first and last name

the E-Mail adress

the IP address

the phone number and/or mobile phone number

order no

Amount

Articles in shopping cart

or other data necessary for payment processing. Personal data related to the respective order are also required to process the purchase contract.

The personal data exchanged between PayPal and the person responsible for processing may be transmitted by PayPal to credit agencies. A list which personal data could be released by PayPal can be viewed at https://www.paypal.com/de/webapps/mpp/ua/third-parties-list?locale.x=de_DE.

PayPal may pass on the personal data to affiliated companies and service providers or subcontractors insofar as this is necessary to fulfill the contractual obligations or the data is to be processed in the order.

Legal basis for data processing

The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.

purpose of data processing

The data processing takes place in the interest of analysis, optimization and the economic operation of the online offer.

The purpose of transmitting the data to PayPal is to process payments and prevent fraud. The person responsible for processing will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission.

The purpose of transmitting data to credit agencies is to check identity and creditworthiness.

The purpose and scope of the data collection and the further processing and use of the data by PayPal can be found in PayPal's data protection declaration at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Possibility of objection and elimination

The data subject has the option of withdrawing their consent to the handling of personal data from PayPal at any time.

A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

 

21. Rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

right of providing information

You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.

If such processing is present, you can request information from the person responsible for the following information:

the purposes for which the personal data are processed;

the categories of personal data being processed;

the recipients or categories of recipients to whom your personal data has been or will be disclosed;

the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;

the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;

the existence of a right of appeal to a supervisory authority;

all available information about the origin of the data if the personal data are not collected from the data subject;

the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

Right to Rectification

You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

Right to restriction of processing

Under the following conditions, you can request the restriction of the processing of your personal data:

if you contest the accuracy of the personal data concerning you for a period that enables the person responsible to check the accuracy of the personal data;

the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

if you object to the processing pursuant to Art. 21 Para. 1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed.

If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

Right to Erasure

You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

You revoke your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.

You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.

The personal data concerning you have been processed unlawfully.

The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

information to third parties

If the person responsible has made the personal data relating to you public and is obliged to delete it in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, to protect the person responsible for data processing, taking into account the available technology and the implementation costs , who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

exceptions

The right to erasure does not exist if processing is necessary

to exercise the right to freedom of expression and information;

to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller;

for reasons of public interest in the field of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) GDPR;

for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the law mentioned under section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or

to assert, exercise or defend legal claims.

right to information

If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the person responsible.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that

the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and

the processing is carried out using automated procedures.

In exercising this right, you also have the right to obtain that

the personal data concerning you are transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.

The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.

Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

is necessary for the conclusion or performance of a contract between you and the person responsible (1),

is permitted on the basis of legal provisions of the Union or the Member States to which the person responsible is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests or

takes place with your express consent(3).

However, these decisions may not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR unless Article 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests .

With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to challenge the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR.

The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

bottom of page