DATA PROTECTION
All personal data is treated confidentially. Our data protection practices are in line with the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR). Below we provide you with details on data protection:
RESPONSIBLE PERSON IN THE SENSE OF THE GDPR AND THE BDSG
R View Productions | Owner Michael Rudolf
Zellach 126
9413 St. Gertraud
Tel.: +43 664 3563936
Email: heldendernachtofficial@gmail.com
DATA PROTECTION OFFICER
You can reach the data protection officer at:
Email: heldendernachtofficial@gmail.com
1. THE REASONS FOR DATA COLLECTION
We collect and process your data to provide our website and to provide you with the best possible service by providing convenient access to our services.
2. WHICH DATA IS COLLECTED, PROCESSED OR USED?
2.1 VISITING OUR WEBSITE
When you access our website, our servers automatically record information of a general nature, in particular for the purpose of establishing a connection, functionality and system security. This includes the type of browser used, the operating system used, the domain name of the Internet service provider, the connection data of the computer used (IP address), the website from which you visit us (referrer URL), the pages you visit on our site and the date and duration of the visit. Due to pseudonymization, it is not possible for us to draw conclusions about specific people from this data.
2.2 CONTACT FORM
If you contact us via a contact form, personal data will be collected. Which data is collected in each case can be found in the contact form. The data will be stored for the purpose of processing your request. Mandatory information is marked with an asterisk (*). All other information is voluntary. We delete the data collected in connection with the contact form once storage is no longer required or restrict processing if statutory retention periods apply. The legal basis for the processing of your personal data is Art. 6 Para. 1 lit. b) GDPR if it concerns contacting you in the context of concluding a contract. Furthermore, it is our legitimate interest to answer your inquiries, so in this case Art. 6 Para. 1 lit. f) GDPR is the legal basis.
2.3 NEWSLETTER REGISTRATION
With your consent, you can subscribe to our free email newsletter, with which we inform you about current, interesting offers. We use the so-called double opt-in procedure to register for the newsletter. This means that after you register, we will send you an email to the email address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted after one month. In addition, we save the IP addresses you used and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The only mandatory information for sending the newsletter is your email address. All other information is voluntary. After you confirm, we will save your data for the purpose of sending the newsletter. You can unsubscribe from the newsletter at any time by notifying the person responsible, see at the beginning of our data protection policy, e.g. by email to heldendernachtofficial@gmail.com. The legal basis is Art. 6 Para. 1 S. 1 lit. a) GDPR.
2.4 SENDING OUR E-MAIL NEWSLETTER TO OUR EXISTING CUSTOMERS
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range to those you have already purchased by email. In accordance with Section 7 Paragraph 3 of the German Act Against Unfair Competition (UWG), no separate consent is required from you for this. The data processing is carried out on the basis of our legitimate interest in the transmission of personalized direct advertising in accordance with Art. 6 Paragraph 1 Letter f) of GDPR. However, if you have initially objected to the use of your email address for this aforementioned purpose, we will of course not send you any emails. Even if you did not initially object, you are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the person responsible, see the beginning of our data protection policy. This only incurs transmission costs according to the basic rates. After receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.
2.5 DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT/REGISTRATION
We collect personal data and process it when you provide it to us when executing a contract or opening a customer account. The legal basis is Art. 6 Paragraph 1 Letter b) of GDPR. Which data is collected can be found in the respective input form masks. Your customer account can be deleted at any time and can be done by sending a message to the contact address of the person responsible. We store and use the data you provide to process the contract between you and us. After the contract has been fully processed or your customer account has been deleted, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use of the data that is permitted by law, about which we will inform you with this data protection declaration.
2.6 DATA PROCESSING FOR GUEST ORDERING
You have the option of placing an order without registering a customer account. Personal data will also be collected and processed in accordance with Art. 6 Paragraph 1 Letter b of GDPR. The data collected and processed can be seen from the respective input forms. We store and use the data you provide as part of the guest order to process the contract. After the contract has been fully processed, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to use the data in a legally permitted manner, about which we will inform you in this data protection policy.
2.7 DATA PROCESSING FOR THE PROCESSING OF THE ORDER - DATA TRANSFER TO THIRD PARTIES
DATA TRANSFER TO SHIPPING SERVICE PROVIDERS
The personal data we collect will be passed on to the transport company commissioned with the delivery (e.g. DHL-Deutsche Post AG, GLS-General Logistics Systems Germany GmbH & Co. OHG) as part of the contract processing, insofar as this is necessary for the delivery of the goods. For the purpose of agreeing the delivery date for freight forwarding goods, we will also send the transport company your telephone number. The legal basis for the transfer of data is Art. 6 Para. 1 lit. b) and f) GDPR.
DATA TRANSFER TO PAYMENT SERVICE PROVIDERS AND CREDIT CHECKS
AMAZON PAYMENT
If you select the Amazon Pay payment method, we will pass on your payment data primarily to Amazon Payments Europe sca, and secondarily to Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three located at 5, Rue Plaetis L 2338 Luxembourg (hereinafter "Amazon Payments"). Amazon Payments reserves the right to carry out a credit check. Amazon Payments uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. In addition, Amazon Payments is entitled to pass on your data to unnamed third parties (banks, e-service providers, service partners, but also auditors, analysis services, credit agencies, marketing partners, cloud service providers, retargeting providers, affiliated companies). This data processing is necessary for the execution or fulfillment of the contract (Art. 6 Para. 1 b GDPR). For further information on data protection, including on the credit agencies used, please refer to the Amazon Payments privacy policy: pay.amazon.com/de/help/201751600
PAYPAL
We have integrated PayPal components on our website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts.
The European operating company of PayPal is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject selects “PayPal” as a payment option during the ordering process in our online shop, the data subject’s data will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that is necessary for payment processing. Personal data that is related to the respective order is also necessary for processing the purchase contract.
The purpose of transmitting the data is to process payments and prevent fraud. The controller will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the controller may be transmitted by PayPal to credit reporting agencies. This transmission is for the purpose of checking identity and creditworthiness.
PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on their behalf.
The data subject has the option of revoking his or her consent to PayPal handling personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
PayPal’s applicable data protection regulations can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
KLARNA
We have integrated components from Klarna on our website. Klarna is an online payment service provider that enables purchase on account/installment purchase, instant transfer, credit card and direct debit. Klarna also offers other services, such as buyer protection or identity and credit checks. Klarna's operating company is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden. If you select one of the above payment methods, the data of the person concerned will be automatically transmitted to Klarna.
The personal data transmitted to Klarna is usually first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number and other data that is necessary to process an invoice or installment purchase. Personal data that is related to the respective order is also necessary to process the purchase contract. In particular, there may be a mutual exchange of payment information, such as bank details, card number, expiry date and CVC code, number of items, article number, data on goods and services, prices and taxes, information on previous purchasing behavior or other information on the financial situation of the person concerned. The purpose of transmitting the data is in particular to verify identity, administer payments and prevent fraud. The person responsible for processing will transmit personal data to Klarna in particular if there is a legitimate interest in the transmission. The personal data exchanged between Klarna and the person responsible for processing will be transmitted by Klarna to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. Klarna also passes on the personal data to affiliated companies (Klarna Group) and service providers or subcontractors if this is necessary to fulfil the contractual obligations or if the data is to be processed on behalf of them.
If you choose the payment method "purchase on account" or "installment purchase", Klarna collects and uses data and information about the previous payment behavior of the person concerned as well as probability values for their behavior in the future (so-called scoring) to decide on the establishment, implementation or termination of a contractual relationship. The scoring is calculated on the basis of scientifically recognized mathematical and statistical procedures. The legal basis is Art. 6 Para. 1 lit. b) GDPR.
The data subject has the option of revoking his or her consent to Klarna handling personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
Klarna’s applicable data protection regulations can be found at https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.
3. COMPETITIONS
From time to time you have the opportunity to take part in competitions on our website. As part of these competitions, personal data (email address, name, address and, if applicable, other data required for the competition) may also be collected and stored for the purpose of running the competition. The personal information you provide to us will only be used to run the competition (e.g. to determine the winner, notify the winner and hand over the prize). As part of the competition, we will specifically inform the participant about data processing for the specific competition. After our competitions have ended, the participants' data will be deleted.
4. DELETION
Personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies or you request deletion. Data will also be deleted if a storage period prescribed by the standard mentioned expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract or you have given your consent to this.
5. COOKIES
Cookies are used to make the use of the website and the preferences of website visitors more attractive. This means that, for example, your details for selecting a language are saved. Cookies are text files that are created on your hard disk to enable the browser to be identified when the website is accessed again.
You can prevent cookies from being saved on your hard disk by making the appropriate browser settings. Cookies that have already been saved can be deleted at any time. Please refer to your browser's instructions to find out how to delete cookies or prevent them from being saved. If you do not accept cookies, this may affect your ability to use our website.
The legal basis for the processing of cookies is Art. 6 (1) lit. f) GDPR.
6. DATA SECURITY
We use technical and organizational measures to protect our website and other systems against loss, destruction, access, alteration or distribution of your data by unauthorized persons. Depending on the browser used, data is transmitted using 128-bit to 256-bit SSL encryption. Despite regular checks and constant improvement of our security measures, complete protection against all risks is not possible.
7. FACEBOOK CUSTOM AUDIENCE VIA THE PIXEL PROCESS
This website uses the “Facebook Pixel” of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). If you give your explicit consent, this can be used to track the behavior of users after they have seen or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising measures. The data collected is anonymous to us and therefore does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). You can allow Facebook and its partners to place advertisements on and outside of Facebook. A cookie may also be stored on your computer for these purposes. These processing operations are only carried out if explicit consent is given in accordance with Art. 6 Paragraph 1 Letter a) of GDPR. Consent to the use of the Facebook pixel may only be given by users who are older than 13 years. If you are younger, we ask you to ask your legal guardian for permission. Facebook Inc., based in the USA, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. To deactivate the use of cookies on your computer, you can set your Internet browser so that no more cookies can be stored on your computer in the future or cookies that have already been stored are deleted. However, deactivating all cookies may mean that some functions on our website can no longer be carried out. You can also deactivate the use of cookies by third parties such as Facebook on the following Digital Advertising Alliance website: https://www.aboutads.info/choices/
8. GOOGLE ADWORDS REMARKETING
Our website uses the functions of Google AdWords Remarketing, with which we advertise this website in Google search results and on third-party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, Google places a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. The processing is carried out on the basis of our legitimate interest in the optimal marketing of our website in accordance with Art. 6 Para. 1 lit. f) GDPR.
Any further data processing will only take place if you have given Google your consent to link your internet and app browsing history to your Google account and to use information from your Google account to personalize ads that you view on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To do this, Google will temporarily link your personal data to Google Analytics data to create target groups. You can permanently deactivate the setting of cookies for ad preferences by downloading and installing the browser plug-in available under the following link:
https://www.google.com/settings/ads/onweb/
Alternatively, you can find out more about the use of cookies and change the settings at the Digital Advertising Alliance at www.aboutads.info. Finally, you can set your browser so that you are informed about the use of cookies and decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. If you do not accept cookies, the functionality of our website may be restricted.
Google LLC, based in the USA, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. Further information and the data protection provisions regarding advertising and Google can be found here: https://www.google.com/policies/technologies/ads/
9. GOOGLE ADSENSE
The controller has integrated Google AdSense on this website. Google AdSense is an online service that enables advertising to be placed on third-party websites. Google AdSense is based on an algorithm that selects the advertisements displayed on third-party websites to match the content of the respective third-party website. Google AdSense allows interest-based targeting of Internet users, which is implemented by generating individual user profiles.
The operator of the Google AdSense component is Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of the Google AdSense component is the integration of advertisements on our website. Google AdSense sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Alphabet Inc. is enabled to analyze the use of our website. With each call-up to one of the individual pages of this website, which is operated by the controller and on which a Google AdSense component was integrated, the Internet browser on the information technology system of the data subject is automatically prompted through the respective Google AdSense component to transmit data to Alphabet Inc. for the purpose of online advertising and the settlement of commissions. As part of this technical procedure, Alphabet Inc. receives knowledge of personal data, such as the IP address of the data subject, which Alphabet Inc. uses, among other things, to trace the origin of visitors and clicks and subsequently enable commission settlements.
The data subject can prevent the setting of cookies through our website, as already explained above, at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Alphabet Inc. from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Alphabet Inc. can be deleted at any time via the Internet browser or other software programs.
Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in Internet pages to enable log file recording and log file analysis, which enables statistical evaluation to be carried out. Using the embedded tracking pixel, Alphabet Inc. can determine whether and when a website was opened by a data subject and which links were clicked by the data subject. Tracking pixels are used, among other things, to evaluate the flow of visitors to a website.
Via Google AdSense, personal data and information, which also includes the IP address and is necessary for the recording and billing of the advertisements displayed, is transferred to Alphabet Inc. in the United States of America. This personal data is stored and processed in the United States of America. Alphabet Inc. may pass on this personal data collected via the technical process to third parties.
Google AdSense is explained in more detail at this link https://www.google.de/intl/de/adsense/start/.
10. USE OF SOCIAL MEDIA PLUG-INS
10.1 WHICH PROVIDERS DO WE USE?
We currently use the following social media plug-ins: Facebook, Instagram, Google+, Pinterest. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the plug-in providers. You can recognize the plug-in provider by the marking on the box above its initial letter or logo. We give you the opportunity to communicate directly with the plug-in provider via the button. Only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offering. In addition, the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software are transmitted. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data will be transmitted to the respective plug-in provider and stored there (in the USA for US providers). Since the plug-in provider collects data primarily via cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the grayed-out box.
10.2 NO INFLUENCE BY US
We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
10.3 USE BY PROVIDER
The plug-in provider saves the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right you must contact the respective plug-in provider. We use the plug-ins to offer you the opportunity to interact with social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 Paragraph 1 Clause 1 Letter f) of GDPR.
10.4 DATA TRANSFER
The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collect will be assigned directly to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent your data from being assigned to your profile with the plug-in provider.
10.5 PROVIDER'S PRIVACY POLICY
Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the privacy policies of these providers provided below. There you will also find further information on your rights in this regard and setting options for protecting your privacy.
Addresses of the respective plug-in providers and URL with their data protection information:
• Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
• Instagram LLC, 1 Hacker Way, Building 14 First Floor, Mento Park, CA, USA, https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy
• Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
• Pinterest Inc., 808 Braunau Street, San Francisco, CA 94103-490, USA, https://about.pinterest.com/de/privacy-policies.
13. PROVIDER AND PRODUCT RATINGS
For the purpose of provider and product evaluations by our customers and for our own quality management, we have integrated the evaluation software of the independent provider eKomi Ltd. ("eKomi") on our websites. You can use eKomi to submit an anonymous evaluation of your experience with us. After concluding a contract, we will send you an email (possibly also via eKomi) asking you to submit a evaluation and with which we will send you a link to the appropriate evaluation form. Personal data is made available to eKomi for this purpose. You can find more detailed information on eKomi's data protection at www.ekomi.de/de/datenschutz. The legal basis for data processing is Art. 6 Paragraph 1 Clause 1 Letter f) of GDPR.
You can object to this use of your data at any time.
When you submit your review via eKomi, you can enter your email address, which we can use later to contact you regarding your review. This way, we can, for example, respond to your criticism individually, answer your questions or provide other assistance. Please note that providing your email address is voluntary and subject to the data protection regulations of our independent service provider eKomi. eKomi alone is responsible for handling personal data that you provide directly to eKomi.
14. APPLICATIONS
We also collect and process personal data from applicants for the purpose of processing the application process we carry out. The processing can also be carried out electronically. This is always the case when the applicant sends us application documents electronically, i.e. by email or via a web form implemented on our website. If we conclude an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. However, if no employment contract is concluded between us and the applicant, the application documents will be deleted four months after notification of the rejection decision, provided that there are no other legitimate interests of the person responsible that conflict with deletion. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). We would like to evaluate all applicants solely on the basis of their qualifications and therefore ask that, if possible, you refrain from providing information about racial or ethnic origin, political opinions, religious or ideological beliefs or any trade union membership, genetic data, biometric data for the unique identification of a natural person, health data or data about your sex life or sexual orientation in your application.
15. RIGHTS OF THE DATA SUBJECT
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
15.1 RIGHT TO INFORMATION
You can request confirmation from the controller as to whether personal data concerning you are being processed by us.
If such processing takes place, you can request the following information from the controller:
• the purposes for which the personal data are processed;
• the categories of personal data being processed;
• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
• the planned duration for which the personal data concerning you will be stored or, if specific information is not possible, the criteria used to determine that period;
• the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
• the existence of a right to lodge a complaint with a supervisory authority;
• all available information about the origin of the data, if the personal data are not collected from the data subject.
15.2 RIGHT TO CORRECTION
You have the right to request rectification and/or completion from the controller if the personal data concerning you that are processed are incorrect or incomplete. The controller must carry out the rectification immediately.
15.3 RIGHT TO RESTRICTION OF PROCESSING
You can request the restriction of the processing of personal data concerning you under the following conditions:
• if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
• the controller no longer needs the personal data for the purposes of processing, but you require them to assert, exercise or defend legal claims, or
• if you have objected to processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, these data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above-mentioned requirements, you will be informed by the controller before the restriction is lifted.
15.4 RIGHT TO ERASURE
• Obligation to delete
You may request that the controller delete the personal data concerning you immediately, and the controller is obliged to delete this data immediately if one of the following reasons applies:
• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You withdraw your consent on which the processing is based according to Art. 6 Para. 1 lit. a) or Art. 9 Para. 2 lit. a) GDPR, and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 Para. 2 GDPR.
• The personal data concerning you have been processed unlawfully.
• The erasure of personal data concerning you is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.
• The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.
• Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Art. 17 Para. 1 GDPR, the controller shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers which process the personal data that you, as the data subject, have requested the erasure by them of all links to these personal data or of copies or replications of these personal data.
• Exceptions
The right to erasure does not exist if the processing is necessary
• to exercise the right to freedom of expression and information;
• to fulfill a legal obligation which requires processing by Union or Member State law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
• to assert, exercise or defend legal claims.
15.5 RIGHT TO INFORMATION
If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the responsible party, this party is obliged to inform all recipients to whom the personal data concerning you was disclosed of said rectification, erasure or restriction of processing, unless doing so should prove impossible or involve disproportionate expenditure. You have the right to be informed by the responsible party of these recipients.
15.6 RIGHT TO DATA PORTABILITY
You have the right to receive the personal data concerning you that you have made available to the controller in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was made available, provided that
• the processing is based on consent in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a) GDPR or on a contract in accordance with Art. 6 Para. 1 lit. b) GDPR and
• the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible.
The freedoms and rights of other persons must not be impaired thereby.
15.7 RIGHT OF OBJECTION
You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In connection with the use of information society services, you have the option of exercising your right of objection by means of automated procedures that use technical specifications, notwithstanding Directive 2002/58/EC.
15.8. RIGHT TO REVOKE THE DATA PROTECTION CONSENT DECLARATION
You have the right to revoke your consent to data protection at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
15.9 AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES INCLUDING PROFILING
You have the right not to be subjected to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
• is necessary for the conclusion or performance of a contract between you and the controller,
• is permitted by Union or Member State law to which the controller is subject, and this law contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
• with your express consent.
However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2)(a) or (g) GDPR applies and appropriate measures to protect your rights and freedoms as well as your legitimate interests have been taken.
15.10 RIGHT TO COMPLAIN TO A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
Status: September 2023