Data Privacy Policy
1. Name and address of the data controller in charge of the processing
Data controller in the meaning of the General Data Protection Regulation is:
projekt0708 GmbH
Managing Directors: Michael Scheffler, Dirk Jäckel, Matthias Grün
Address: Leopoldstraße 37a, 80802 München
Telephone: +49 (89) 46 13 23 - 27
Fax: +49 (89) 46 13 23 - 28
E-Mail: hello@projekt0708.com
2. Name and address of the data protection officer
The Data Protection Officer responsible for the processing is: intersoft consulting services AG
Name: Katja Hauser
Address: Beim Strohhause 17, 20097 Hamburg
Telephone: +49 40 790 235 0
E-Mail: datenschutz@projekt0708.com
3. Use of cookies
The Internet pages of projekt0708 GmbH use cookies. Cookies are data which are stored by the Internet browser on the computer system of the user. The cookies can be transmitted to a page when it is called up and thus enable the user to be identified. Cookies help to simplify use of Internet pages by the user.
It is possible to object to the setting of cookies at any time by changing the settings in the Internet browser accordingly. Cookies that have been placed can be deleted. Please note that if cookies are deactivated, it is possible that not all functions of our website can be used to the full extent.
3.1 Usercentrics
This website uses Usercentrics' consent technology to obtain your consent for storing certain cookies on your device or for using certain technologies, and to document this consent in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Website: usercentrics.com/de/ (hereinafter "Usercentrics").
When you visit our website, the following personal data will be transmitted to Usercentrics:
- Your consent(s) or the withdrawal of your consent(s)
- Your IP address
- Information about your browser
- Information about your device
- The time of your visit to the website
Additionally, Usercentrics stores a cookie in your browser to be able to assign the given consents or their withdrawal. The data collected in this way is stored until you request us to delete it, you delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected.
The use of Usercentrics is to obtain the legally required consents for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
3.2 Tools used
3.2.1 Cloudflare
For our website, we use services from CloudFlare Inc., 101 Townsend St, San Francisco, CA 94107 USA. Cloudflare provides a so-called Content Delivery Network (CDN). This is a network of globally distributed servers capable of optimally delivering content to website users. This allows large media files to be delivered through a network of locally distributed servers connected via the Internet. This serves the secure and efficient provision of our website and helps to improve performance and stability.
For this purpose, personal data may be processed in Cloudflare's server log files. Cloudflare also collects statistical data about visits to this website. The data is deleted as soon as it is no longer needed for processing purposes. The collected data includes:
- Name of the accessed website
- Accessed file
- Date and time of access
- Amount of data transferred
- Notification of successful retrieval
- Browser type and version
- User's operating system
- Referrer URL
- IP address
- Requesting provider
The legal basis for this data processing is our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the smooth and secure operation of our website.
Your data may be processed in the USA and transferred there, i.e., to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA according to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself under the US-EU Data Privacy Framework and thus committed to complying with the EU data protection level.
For more information on data processing by Cloudflare, especially on data protection and data security, please visit: https://www.cloudflare.com/de-de/privacypolicy/
3.2.2 DoubleClick
As long as you have given your consent, the online marketing tool DoubleClick by Google is used on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
DoubleClick uses cookies to display relevant ads to users, improve campaign performance reports, or prevent users from seeing the same ads multiple times. Google uses a cookie ID to track which ads are displayed in which browser, ensuring that the same ad is not shown multiple times. Additionally, DoubleClick can use cookie IDs to track conversions related to ads. This happens, for example, when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and makes a purchase. The data is deleted as soon as it is no longer needed for processing purposes.
When you access a page that uses DoubleClick and the DoubleClick script is allowed, your browser automatically establishes a direct connection to Google's server. By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can associate the visit with your account.
You can prevent tracking by this procedure in various ways:
- By adjusting your browser settings. Suppressing third-party cookies will prevent you from seeing ads from third-party providers.
- By disabling cookies for conversion tracking, you will prevent interest-based ads from being displayed. To do this, you need to block cookies from the domain "www.googleadservices.com" in your browser.
- At www.google.de/settings/ads, you can set an opt-out cookie. However, this setting will be deleted if you delete all your cookies.
- By disabling interest-based ads from providers that are part of the self-regulation campaign "About Ads" via the link www.aboutads.info/choices, noting that this setting will be deleted if you delete your cookies.
- By permanently disabling cookies in your browser under the link www.google.com/settings/ads/plugin. Please note that in this case, you may not be able to use all the functions of our website to their full extent.
For more information about DoubleClick by Google, visit www.google.de/doubleclick and support.google.com/adsense/answer/2839090, and for general information on data protection at Google: www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at www.networkadvertising.org.
Your data may be processed in the USA and transferred there, i.e., to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA according to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself under the US-EU Data Privacy Framework and thus committed to complying with the EU data protection level.
The legal basis for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings in our consent management platform via the fingerprint button at the bottom left of the screen and changing your selection there.
3.2.3 Google Analytics
As long as you have given your consent, we use Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Analytics uses cookies to enable the analysis of your use of our websites. The information collected by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.
We use the User-ID feature. With the help of the User-ID, we can assign a unique, permanent ID to one or more sessions (and the activities within those sessions) and analyze user behavior across devices.
We use Google Signals. This allows additional information about users who have enabled personalized ads (interests and demographic data) to be collected in Google Analytics, and ads can be delivered to these users in cross-device remarketing campaigns.
We use the 'anonymizeIP' function (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
During your website visit, the following data, among others, is collected:
- The pages you access, your "click path"
- Achievement of "website goals" (conversions, e.g., newsletter sign-ups, downloads)
- Your user behavior (e.g., clicks, time spent, bounce rates)
- Your approximate location (region)
- Your IP address (in shortened form)
- Technical information about your browser and the devices you use (e.g., language setting, screen resolution)
- Your internet provider
- The referrer URL (through which website/advertising medium you came to this website)
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a processor. For this purpose, we have concluded a data processing agreement with Google. Google LLC, based in California, USA, and possibly US authorities can access the data stored by Google.
The data we send and link to cookies are automatically deleted after a time period of 14 months. Data whose retention period has been reached is automatically deleted once a month.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by
a. Not giving your consent to the setting of the cookie, or
b. Downloading and installing the browser add-on to disable Google Analytics HERE.
You can also prevent the storage of cookies by adjusting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites.
For more information on the terms of use of Google Analytics and data protection at Google, please visit marketingplatform.google.com/about/analytics/terms/en/ and policies.google.com.
The legal basis for this data processing is your consent, according to Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings via the fingerprint button at the bottom left of the screen and changing your selection there.
3.2.4 Google Tag Manager
For transparency reasons, we would like to inform you that we use Google Tag Manager. This is a tag management system for managing JavaScript and HTML tags used to implement tracking and analytics tools. It is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The responsible entity in the EU/EEA is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Google Tag Manager itself does not collect any personal data. The Tag Manager helps us integrate and manage our tags. Tags are small code elements that, among other things, measure traffic and visitor behavior, track the impact of online advertising and social channels, set up remarketing and targeting, and test and optimize websites. If you have opted out, this opt-out will be taken into account by Google Tag Manager.
Recipients of the data are:
- Google Ireland Limited, EU
- Google LLC, USA
- Alphabet Inc., USA
Your data may be processed in the USA and transferred there, i.e., to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA according to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself under the US-EU Data Privacy Framework and thus committed to complying with the EU data protection level.
For more information on Google Tag Manager, please visit: https://www.google.com/intl/de/tagmanager/use-policy.html
3.2.5 Mailchimp
We use "Mailchimp" as our marketing platform. This is a service provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service that can be used to organize and analyze the sending of newsletters. Data for the purpose of receiving newsletters, such as your email address, is stored on MailChimp's servers in the USA. MailChimp allows us to analyze our newsletter campaigns. For example, if you open an email sent via MailChimp, a file contained in the email (called a web beacon) connects to MailChimp's servers in the USA to determine whether a newsletter message has been opened and which links may have been clicked. Additionally, device-specific information such as the time of retrieval, IP address, browser type, and operating system used is collected. This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients. For more details, please refer to MailChimp's privacy policy at: mailchimp.com/legal/terms/.
The basis for processing in the USA is standard contractual clauses (https://mailchimp.com/legal/data-processing-addendum) supplemented by special security measures (https://mailchimp.com/help/Mailchimp-european-data-transfers/).
The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from MailChimp's servers after you unsubscribe. Data stored by us for other purposes (e.g., email addresses for the members' area) remain unaffected.
If you do not want MailChimp to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. The legal basis for sending the respective newsletter is your consent according to Art. 6 para. 1 lit. a) GDPR in conjunction with § 7 para. 2 no. 3 UWG or the legal permission according to § 7 para. 3 UWG. You can revoke this consent at any time with effect for the future by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by your revocation.
3.2.6 Podigee
We use the podcast hosting service Podigee provided by Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded or transmitted by Podigee.
Podigee processes IP addresses and device information to enable podcast downloads/plays and to determine statistical data, such as access numbers. This data is anonymized or pseudonymized before being stored in Podigee's database, unless it is necessary for the provision of the podcasts. The data is deleted as soon as it is no longer needed for processing purposes.
For more information, please refer to Podigee's privacy policy: www.podigee.com/en/about/privacy/.
The legal basis for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings in our consent management platform via the fingerprint button at the bottom left of the screen and changing your selection there.
3.2.7 Podlove
Our website uses the Podlove Podcast Publisher, an open-source solution provided by Podlove UG (limited liability), Otto-Suhr-Allee 59, 10585 Berlin, Germany, for managing and providing our podcasts. Podlove allows us to offer podcast content directly on our website and create anonymized usage statistics. In this process, data such as your IP address, information about the browser and device used, the date and time of access, and accessed content (e.g., which podcast episode was played) may be processed. This data is used to provide our content and improve our offerings by analyzing usage behavior.
The data collected by Podlove is processed exclusively on our servers and is not shared with third parties. Storage only occurs as long as it is necessary for the mentioned purposes.
For more information on data processing by Podlove, please refer to Podlove's privacy policy at www.podlove.org/privacy/
The legal basis for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings in our consent management platform via the fingerprint button at the bottom left of the screen and changing your selection there.
3.2.8 YouTube
We use services from YouTube, LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, a subsidiary of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, is the data controller responsible for your data. YouTube is an online platform where users can upload, watch, share, and comment on videos. It offers a variety of content, including music videos, vlogs, tutorials, and more.
When you access a page with an embedded YouTube video, a connection to the YouTube servers is only established when you click the confirmation button. In this case, YouTube will set cookies and use your visit data for its own purposes. If you are logged into YouTube at that time, the information about the videos you have watched will be associated with your YouTube member account. You can prevent this by logging out of your member account before visiting our website. If you have not given consent via the Consent Manager, you have the option to do so later using the so-called "2-click procedure."
Your personal data will only be stored as long as it is necessary to fulfill the respective processing purposes or until you revoke your consent, provided there are no legal retention obligations to the contrary.
Your data may be processed in the USA and transferred there, i.e., to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA according to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself under the US-EU Data Privacy Framework and thus committed to complying with the EU data protection level.
Further information on YouTube's data protection is provided by Google at the following link: www.google.de/intl/de/policies/privacy/.
The legal basis for this data processing is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings via the fingerprint button at the bottom left of the screen and changing your selection there.
4. Data Processing When Simply Visiting the Website
When you use the website for informational purposes only, i.e., if you do not register or otherwise provide us with information (e.g., via a contact form), we collect the following technical information (log file data):
- Operating system of the device you use to visit our website
- Browser (type, version & language settings)
- Amount of data transferred
- Anonymized IP address of the device you use to visit our website
- Date and time of access
- URL of the previously visited website (referrer)
- URL of the (sub)page you access on the website
The collection of this data is technically necessary to display our website to you and to ensure stability and security. Neither we nor our service provider regularly know who is behind an IP address. We do not combine the above data with other data. Your personal data will only be stored as long as it is necessary to fulfill the respective processing purposes, provided there are no legal retention obligations to the contrary.
The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Since the collection of data for the provision of the website and the storage in log files is essential for the operation of the website and to protect against misuse, our legitimate interest in data processing prevails at this point.
5. Newsletter
If the newsletter of our company is subscribed to, the data in the respective input mask will be transmitted to the data controller responsible for processing.
When subscribing to the newsletter, the IP address of the user as well as the date and time of registration are stored. This serves to prevent abuse of the services or the e-mail address of the data subject. The data will not be passed on to third parties. An exception is made if there is a legal obligation to pass on data.
The data are used exclusively for sending the newsletter. Subscription to the newsletter can be cancelled by the data subject at any time. Consent to the storage of personal data may also be revoked at any time. A corresponding link is provided for in every newsletter for this purpose.
6. E-Book Order
You can receive an e-book through our website. For this, we need your email address and your name. You will then receive the e-book as well as current news, offers, and discounts sent to the provided email address.
We use the so-called double opt-in procedure for signing up for our newsletters. This means that after your registration, we will send you an email to the provided email address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted after 3 days.
The information provided will be used to address you personally. After your confirmation, we will store your email address for the purpose of sending the newsletter and until you revoke it. We also store your current IP address at the time of registration, the time of registration, and the confirmation for up to three years after registration (statute of limitations). The purpose of this procedure is to be able to prove your registration in case of doubt and, if necessary, to clarify any misuse of your personal data. The legal basis for logging the registration is our legitimate interest according to Art. 6 para. 1 lit. f) GDPR in proving a previously given consent, see also Art. 7 para. 1 GDPR.
The legal basis for sending the e-book and the respective newsletter is your consent according to Art. 6 para. 1 lit. a) GDPR in conjunction with § 7 para. 2 no. 3 UWG or the legal permission according to § 7 para. 3 UWG.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each newsletter email.
7. Registration for Free Events and Webinars
If you register for one of our free webinars or events, we need your email address and your name. By registering, you gain access to the event and simultaneously subscribe to our newsletter. Through this, we regularly inform you about current topics, offers, and future events.
We use the so-called double opt-in procedure for signing up for our newsletter. After registration, you will receive an email in which we ask you to confirm that you actually want to subscribe to the newsletter. If no confirmation is received, your data will be automatically deleted within three days. Upon confirmation, we store your email address for the purpose of sending the newsletter and your name (if provided) to address you personally. This data is stored until you revoke your consent.
Additionally, we store the IP address used at the time of registration as well as the time of registration and confirmation. This data is retained for up to three years after registration to be able to prove your consent in case of legal disputes. The legal basis for this logging is our legitimate interest according to Art. 6 para. 1 lit. f GDPR in conjunction with Art. 7 para. 1 GDPR.
The processing of your data for sending the newsletter and organizing the event is based on your consent according to Art. 6 para. 1 lit. a GDPR. If you no longer wish to receive the newsletter, you can revoke your consent at any time. To do so, simply click on the corresponding unsubscribe link in each newsletter email. After revocation, your data will be deleted for the newsletter dispatch, provided there are no legal retention obligations.
Please note that registration for our free webinars or events is not possible without consent to receive the newsletter. For more information on data processing, please refer to our privacy policy.
8. Career
You can apply to our company via email through our application portal at https://www.projekt0708.com/en/jobs-career/job-offers/. Please note that emails sent unencrypted are not protected against unauthorized access.
Your information will be used to process your application and to decide on the establishment of an employment relationship. The legal basis is § 26 para. 1 in conjunction with para. 8 sentence 2 BDSG. Furthermore, your personal data may be processed to the extent necessary to defend against legal claims asserted against us from the application process. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. The specified purposes also constitute our legitimate interest in processing.
If an employment relationship is established between you and us, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with § 26 para. 1 BDSG, if this is necessary for the execution or termination of the employment relationship or for the exercise or fulfillment of rights and obligations of employee representation arising from a law or a collective agreement, a works or service agreement (collective agreement).
Your application data will not be processed beyond the described use.
Your personal data will be deleted no later than 6 months after the conclusion of the application process, unless there are legitimate interests on our part that prevent deletion or you have given us consent for longer storage. Such legitimate interest in this sense is, for example, a duty to provide evidence in a procedure under the General Equal Treatment Act (AGG).
9. Data processing when you contact us
When you contact us via email or through a contact form, the information you provide (your email address, and if applicable, your name and phone number) is stored by us to answer your questions and handle your inquiries. The legal basis for this is Art. 6(1) sentence 1 lit. f GDPR.
If our contact form requests input that is not necessary for contacting us, such fields are always marked as optional. Such information helps us to clarify your request and process your concerns more effectively. Providing this information is entirely voluntary and based on your consent (Art. 6(1) sentence 1 lit. a GDPR). If you provide details regarding communication channels (e.g., email address or phone number), you also consent to us contacting you via these channels to address your inquiry. You may withdraw this consent at any time with future effect.
The data we collect during your contact with us will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected, your inquiry has been fully resolved, and no further communication is required or requested by you.
10. Routine deletion and blocking of personal data
The data controller responsible for the processing will process and store personal data relating to the data subject only for as long as necessary to achieve the purpose of storage. In addition, data may be stored for as long as this is provided for by European or national lawmakers in Union regulations, laws or other provisions to which the data controller responsible for processing is subject.
As soon as the purpose of storage ceases to apply or a storage period stipulated in the aforementioned regulations expires, personal data are routinely blocked or deleted.
11. Rights of the data subject
If your personal data is processed, you are deemed to be the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the data controller:
11.1 Right to information
You can request confirmation from the data controller as to whether personal data concerning you are being processed by us.
If such processing has taken place, you can request information from the data controller on the following:
- the purposes for which the personal data are processed
- the categories of personal data which are processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of storage of the personal data relating to you or, if it is not possible to provide specific details, criteria for determining the duration of storage;
- the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the data controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any information available as to the origin of the data when the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) of the GDPR and, at least in these cases, useful information on the logic involved and the scope and intended impact of such processing on the data subject.
You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in connection with the transmission in accordance with Art. 46 of the GDPR.
11.2 Right to rectification
You have the right to have the data controller rectify and/or integrate any personal data processed concerning you if these data are incorrect or incomplete. The data controller will perform the correction without delay.
11.3 Right to restrict processing
If the following conditions are met, you may request that the processing of personal data concerning you be restricted:
- if you dispute the accuracy of the personal data concerning you for a period of time which enables the data controller to verify the accuracy of the personal data
- the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data;
- the data controller no longer needs the personal data for the purposes of the processing, but you need the data in order to assert, exercise or defend legal claims; or
- if you have lodged an objection to the processing pursuant to Art. 21 (1) of the GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh your reasons.
If the processing of personal data relating to you has been restricted, such data - apart from being stored - may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.
11.4 Right to erasure
11.4.1. You may request the data controller to delete personal data concerning you without undue delay, and the data controller is obligated to delete such data without undue delay if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
- You revoke your consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) of the GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) of the GDPR.
- The personal data concerning you have been processed unlawfully.
- The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- The personal data concerning you have been collected in relation to information society services provided, in accordance with Art. 8 (1) of the GDPR.
11.4.2. If the data controller has made the personal data concerning you public and is obligated to delete these data pursuant to Art. 17 (1) of the GDPR, he shall take reasonable measures, including technical measures, while taking into account the available technology and costs of implementation, to inform data controllers who process the personal data that you, in your capacity as data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.
11.4.3. The right of deletion does not apply whenever the processing is necessary
- to exercise the right to freedom of expression and information
- to comply with a legal obligation requiring processing under Union or national law of the Member States to which the data controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) of the GDPR;
- for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 (1) of the GDPR if the right referred to in section 1 is likely to render impossible or seriously hamper the attainment of the objectives of such processing, or
- to assert, exercise or defend legal claims.
11.5 Right to be informed
If you have exercised the right to rectify, erase or limit the processing, the data controller is obligated to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the data controller.
11.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without interference from the data controller to whom the personal data have been made available, provided that
- the processing is based on a consent pursuant to Art. 6 (1) (a) of the GDPR or Art. 9 (2) (a) of the GDPR or on a contractual agreement pursuant to Art. 6 (1) (b) of the GDPR and
- the processing is performed using automated procedures.
In exercising this right, you are furthermore entitled to have the personal data concerning you transferred directly from one data controller to another data controller to the extent that this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data transferability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
11.7 Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to Article 6 (1) (e) or (f) of the GDPR, including profiling based on these provisions.
The data controller will no longer process the personal data concerning you unless he or she can demonstrate compelling legitimate reasons for processing such which outweigh your interests, rights and freedoms, or unless the processing is for the purpose of asserting, exercising or defending legal claims.
Whenever personal data relating to you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing, including profiling, insofar as this processing involves such direct marketing.
If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for such purposes.
You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures using technical specifications.
11.8 Right of revocation of the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent up until revocation.
11.9 Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or significantly affects you in a similar way. This shall not apply if the decision
- is necessary for the conclusion or fulfilment of a contractual agreement between you and the data controller
- is authorised by Union or national legal provisions to which the data controller is subject and such legal provisions provide for appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
- is made with your express consent.
However, these decisions may not be based on special categories of personal data in accordance with Art. 9 (1) of the GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
With regard to the cases referred to in (a) and (c), the data controller will take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the domain of the data controller, to express your point of view and to contest the decision.
11.10 Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of employment or the place where the alleged infringement occurred, if you believe that the processing of personal data relating to you is in breach of the GDPR.
The supervisory authority to which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 of the GDPR.
12. Disclosure / Recipients
Your data will not be transferred to third parties unless we are legally obliged to do so, the data transfer is necessary for the execution of the contractual relationship, or you have expressly consented to the transfer of your data in advance.
External service providers and partner companies, such as online payment providers or shipping companies responsible for delivery, will only receive your data to the extent necessary to process your order. In these cases, the scope of the transmitted data is limited to the necessary minimum. If our service providers come into contact with your personal data and process it on our behalf under our instructions, we ensure that they comply with the provisions of data protection laws in the same manner as we do, in accordance with Art. 28 GDPR. Please also note the respective data protection notices of the providers. The respective service provider is responsible for the content of external services, although we review the services for compliance with legal requirements within the scope of reasonableness.
13. Legal basis of the processing
If we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for such.
In the processing of personal data which are necessary for the performance of a contractual agreement to which the data subject is a party, Art. 6 (1) (b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.
If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) of the GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) of the GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights or freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) of the GDPR serves as the legal basis for the processing. The legitimate interest of our company is the conduct of our business.
14. Duration of storage of personal data
Personal data are stored for the duration of the respective legal period of retention. After expiry of the period, the data are routinely deleted, unless such data are necessary for the initiation or fulfilment of a contractual agreement.