Privacy Policy

All personal data is treated confidentially. Our data protection practices are in accordance with the German Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR). Below we inform you about the details of data protection:

1. Responsible Entity (Controller) in the sense of the GDPR and the BDSG

EK/servicegroup eG
Elpke 109, 33605 Bielefeld
Fon: +49 (0) 521/2092-0
Fax: +49 (0)521/2092-166
E-Mail: info@ek-servicegroup.de

2. Data Protection Officer

The Data Protection Officer of the Responsible Entity is:
Mr. Dipl.-Inform. Olaf Tenti
GDI Gesellschaft für Datenschutz und Informationssicherheit mbH
Körnerstr. 45, 58095 Hagen (NRW)
Fon: +49 (0)2331/356832-0
E-Mail: datenschutz@gdi-mbh.eu
Internet: www.gdi-mbh.eu

3. Reasons for data collection

We collect and process your data to provide our website and to give you the best possible service by providing convenient access to our services.

4. Collection, processing and use of data

4.1 Visiting our website
When you access our website, our servers automatically collect information of a general nature, in particular for the purpose of connection establishment, functionality and system security. The information collected in this way includes: 

  • the IP address,
  • date and time of the request,
  • time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (specific page),
  • access status/HTTP status code,
  • the amount of data transferred,
  • the website from which the request came (so-called referrer),
  • Type and version of the browser used together with the language version used,
  • type and version of the operating system along with the interface used,
  • the domain name of the Internet service provider (ISP) and
  • the duration of the visit to our website.

We automatically analyze the collected data in order to detect functional impairments of our website and services as well as attacks on our technical infrastructure (e.g. through so-called denial-of-service attacks) and to be able to take the necessary countermeasures. It is not possible for us to draw conclusions about specific persons from this data due to the pseudonymization we have carried out. This data is not merged with other data sources.

The aforementioned data is usually deleted after 24 hours or, in the case of longer-lasting threats, after seven days, but at the latest when the data is no longer required for the aforementioned purposes. If there are legal retention obligations, we restrict the processing.

The legal basis is our legitimate interest in displaying our website and ensuring the stability and security of the data connection and our technical systems within the meaning of Art. 6 (1) f) GDPR.

4.2 Contact form

If you contact us via a contact form, on our website or via e-mail address, personal data will be collected. Which data is collected in each case can be seen from the contact form used. Mandatory data is marked in each case, in particular by an asterisk (*). As a rule, at least an e-mail address is required so that we can contact you. All other information is voluntary.

The data will be stored for the purpose of processing your request. We delete the data generated in connection with the contact form after storage is no longer required, or restrict processing if there are legal obligations to retain data.

The legal basis for the processing of your personal data is Art. 6 (1) b) GDPR, if your request is about a contract conclusion. Otherwise, it is our legitimate interest to answer your inquiries, even if they are not related to a contract or a potential conclusion of a contract, so that in this case Art. 6 (1) f) GDPR is the legal basis.

4.3 Opening of a user account / user account

We collect and process personal data if you provide us with this data when executing a contract or opening a user account for our website. Required are the specification of a username and an e-mail address, as well as the assignment of a password. We recommend that you use a pseudonym instead of your real name.

Which data is collected in detail can be seen from the respective input form masks. Some data is stored there as mandatory information. These are usually marked with an asterisk (*). The provision of other data is voluntary.

The legal basis for processing is your consent, which you gave us in accordance with Art. 6 (1) a) DSGVO when opening the user account. You can revoke your consent at any time with effect for the future, without this removing the legal basis for data processing that has already taken place. If you revoke your consent, we will delete personal data related to your user account.

The deletion of your customer account is possible at any time and can be done by sending a message to the contact address of our data protection officer. We will delete your personal data immediately if there are no retention obligations.

4.4 Involvement of external service providers

In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

4.4.1 YouTube-Videos

On our website we use "YouTube", operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

YouTube videos are integrated into our online offer in such a way that the content stored on https://www.youtube.com and can be played directly from our website. No data will be transferred to YouTube if you have not consented to the display of videos. By visiting our website, YouTube then receives the information that you have called up the corresponding sub-page of our website. Data which can be transmitted are 

  • the IP address,
  • Date and time of the request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • content of the request (specific page),
  • access status/HTTP status code,
  • the amount of data transferred,
  • the website from which the request came (so-called referrer),
  • type and version of the browser used together with the language version used as well as
  • type and version of the operating system and the interface used.

übermittelt. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment to your YouTube profile, you must log out of YouTube before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

For more information on the purpose and scope of data collection and its processing by YouTube, please refer to the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://policies.google.com/privacy?hl=de&gl=de.

The legal basis for the collection and processing of data is your consent within the meaning of Art. 6 (1) a) GDPR, which you may have given us when you first visited our website. You can revoke your consent to data processing at any time with effect for the future. To do so, please contact our data protection officer using the contact details provided, delete the cookies of your browser or use the link to manage your consents, which you will find in this privacy policy in the section on "Cookies". The revocation of consent does not affect the lawfulness of the data processing carried out until the revocation.

Since there is no EU Commission adequacy decision for the transfer of personal data to the USA, we have concluded standard data protection clauses within the meaning of Art. 46 (2) c) GDPR with Google, which you can obtain from our data protection officer.

4.4.2 Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The service is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

The purpose of reCAPTCHA is to verify whether the data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place. For individual functions (e.g. sending forms), the manual entry of a so-called captcha is required in order to prove in individual cases that you yourself and not a program is taking action.

The data processing is based on Art. 6 (1) f) GDPR. Our legitimate interest lies in the protection against abusive automated spying, the submission of abusive orders and spam.

For more information on Google reCAPTCHA and Google's privacy policy, please see the following links: https://www.google.com/recaptcha/intro/v3.html and https://policies.google.com/privacy?hl=de

Since there is no EU Commission adequacy decision for the transfer of personal data to the USA, we have concluded standard data protection clauses with Google within the meaning of Art. 46 (2) c) GDPR, which you can obtain from our data protection officer.

4.4.3 Google Ads with Remarketing

Our website uses the functions of "Google Ads" with the module "Remaketing", operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

With Google Ads Remarketing, we advertise this website in Google search results, as well as on third-party websites. For this purpose, Google sets a cookie in the browser of your terminal device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit.

Additional data processing only takes place if you have consented to Google linking your Internet and app browsing history to your Google account and using information from your Google account to personalize ads you view on the web. In this case, if they are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data to form target groups.

Alternatively, you can obtain information about setting cookies and make settings for this from the Digital Advertising Alliance at the Internet address www.aboutads.info. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.

Further information and the privacy policy regarding advertising and Google can be found here: http://www.google.com/policies/technologies/ads/.

Insofar as we use cookies in this context, the legal basis for data processing is your consent within the meaning of Art. 6 (1) a) GDPR. You can revoke your consent at any time with effect for the future. To do so, please contact our data protection officer using the contact details provided, delete the cookies of your browser or use the link to manage your consents, which you will find in this privacy policy in the section on "Cookies". The withdrawal of consent does not affect the lawfulness of the data processing carried out until the withdrawal.

If you have not consented to the use of cookies, we will not use them. The legal basis for displaying advertising is then our legitimate interest in disseminating our offer as well as customer acquisition within the meaning of Art. 6 (1) f) GDPR.

Since there is no EU Commission adequacy decision for the transfer of personal data to the USA, we have concluded standard data protection clauses with Google within the meaning of Art. 46 (2) c) GDPR, which you can obtain from our data protection officer.

4.4.4 Google Analytics

This website uses the web analysis service "Google Analytics", operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site, if you have consented to the use of cookies for marketing purposes.

The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. The data will be deleted after 60 months.

The terms of use and information on data protection can be found at http://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies/.

Google processes your personal data on our behalf. We have therefore concluded an data processing agreement with Google in accordance with Art. 28 (3) GDPR, in which Google undertakes to protect your personal data and not to pass it on to third parties for purposes other than those mentioned above.

The legal basis for the collection and processing of data is your consent within the meaning of Art. 6 (1) a) GDPR, which you may have given us when you first visited our website. You can revoke your consent to data processing at any time with effect for the future. To do so, please contact our data protection officer using the contact details provided, delete the cookies of your browser or use the link to manage your consents, which you will find in this privacy policy in the section on "Cookies". The revocation of consent does not affect the lawfulness of the data processing carried out until the revocation.

Since there is no EU Commission adequacy decision for the transfer of personal data to the USA, we have concluded standard data protection clauses with Google within the meaning of Art. 46 (2) c) GDPR, which you can obtain from our data protection officer. 

  • Yumpu

We use the "Yumpu" service on our website to display catalogs and magazines. The service is operated by i-magazine AG, Gewerbestrasse 3, 9444 Diepoldsau, Switzerland ("i-mag").

By calling up or viewing PDF documents, information is transmitted directly from your browser to Yumpu's servers. Yumpu receives the information that you have called up the corresponding sub-page of our website. Data which can be transmitted are

  • the IP address,
  • date and time of the request,
  • time zone difference to Greenwich Mean Time (GMT),
  • content of the request (specific page),
  • access status/HTTP status code,
  • the amount of data transferred,
  • the website from which the request came (so-called referrer),
  • type and version of the browser used together with the language version used, and
  • type and version of the operating system and the interface used.

This information (including your IP address) is transmitted by your browser directly to a Yumpu server and stored there. These data processing operations are carried out in accordance with Art. 6 (1) f) GDPR. Yumpu uses this data, among other things, to correctly display the PDF documents you have called up in your browser.

You can find the privacy policy as well as further information on data processing by Yumpu under the following link: https://www.yumpu.com/de/info/privacy_policy.

For Switzerland, there is an adequacy decision of the European Commission within the meaning of Art. 45 GDPR, on the basis of which no further special authorization is required for the transfer of data to Switzerland. The adequacy decision of the European Commission is available at: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32000D0518

The legal basis for the processing is our legitimate interest in the uniform display of advertising for products on our website within the meaning of Art. 6 (1) f) GDPR.

5. Cookies

In order to increase the ease of use of the website and preferences of the visitors more appealing, we use cookies. Thus, for example, your information for the selection of a language is stored.

When you visit our website for the first time, you will be asked whether you agree to the use of cookies and if so, which categories (see below) you agree to. 

Cookies are small text files that are placed on your hard drive to enable browser identification when you return to the website. Cookies are generally given a lifetime by us, which can range from a few minutes to 24 months, depending on their purpose. In individual cases, cookies are set permanently (e.g. opt-out cookies to exclude data collection for advertising and analysis purposes).

You can prevent cookies from being stored on your hard drive by making the appropriate browser settings. Cookies that have already been set can be deleted at any time. How to delete cookies or prevent their storage, please refer to the respective browser instructions. If you do not accept cookies, this may impair your use of our website. It may happen that the website or parts of it no longer function at all.

You can view the cookies currently stored in your browser via your browser (see instructions below), or more easily and clearly including the values stored in the cookies, for example, using the following plug-ins: 

5.1 Technical Cookies (Required Cookies)

These cookies are necessary to enable the basic functions of this site, such as providing a secure login.

The legal basis for the processing of necessary or required cookies is Art 6 (1) f) GDPR. Our legitimate interest lies in the technically flawless provision and operation of our website. 

Cookie/Technology

Type

Operator

Storage period

Kind

Legal basis

Description

analytics_cookies_allowed

Cookie

EK/servicegroup eG

permanent

1st-Party

Unless consent has been given: Art. 6 (1) f) GDPR

As far as consent was given: Art. 6 (1) c) GDPR

Documentation whether (1.) Cookie notice has already been displayed, (2.) Consent to use data for marketing and analysis purposes. Technically necessary to make the website usable.

ASP.NET_SessionId

Cookie

EK/servicegroup eG

Session

1st-Party

Art. 6 (1) f) GDPR

Contains random value by means of which the user can be recognized during his page visit. Necessary to technically enable a login. Technically necessary to make the website usable.

typeInfo

Cookie

EK/servicegroup eG

1 hour

1st-Party

Art. 6 (1) f) GDPR

Keeps track of the category in which the user is located when using a contact form. Technically necessary to make the website usable.

5.2 Marketing Cookies

These cookies are used to present you with advertising that better suits you and to optimize our advertising campaigns. We may share this data with advertisers or advertising networks or use it to better understand the interests of our website visitors and, based on this knowledge, to conduct our marketing campaigns more efficiently.

The legal basis for the processing of cookies is your consent pursuant to Art. 6 (1) a) GDPR, provided that you gave us this consent when you first accessed our website. You can revoke this consent at any time with effect for the future by sending an e-mail to the contact address of the data protection officer or by deleting the cookies in your browser (see below for instructions). Collections and processing of data that have already been carried out remain lawful even in the event of revocation. If you delete your cookies, your browser will ask you again the next time you visit our site whether you agree to our use of functional cookies. 

Cookie/Technologie

Type

Operator

Storage period

Kind

Legal basis

Recipient

Descriptio

Google Analytics

Service

EK/servicegroup eG

26 months

1st-Party

Art. 6 (1) a) GDPR

Google LLC

Analysis and statistics tool of the US company Google LLC, which is used to analyze website traffic, create user statistics and display user flows.

YouTube Videos 

Plug-in

Google LLC

-

3rd-Party

Art. 6 (1) a) GDPR

Google LLC

plug-in from YouTube presentation of media content in the "enhanced privacy" variant. No cookies are set in this case.

Google Ads

Service

Google LLC

-

3rd-Party

Art. 6 (1) a) GDPR.

Or if no consent has been given: Art. 6 (1) f) GDPR for the display of advertising.

Google LLC

The service is used to display advertising on our website and - if consent has been given - to display interest-based and effective advertising for our products on other websites and services.

5.3 Deleting Cookies

Cookies are stored on your terminal device until you delete these cookies, which is possible at any time. Furthermore, expired cookies are automatically deleted by your browser if you have set up your browser accordingly. Expired cookies are no longer sent to our servers by your browser and can therefore no longer be used by us.

Here you will find information regarding the most common browsers on how to delete cookies in your browser and manage the cookie settings:

5.3.1 Desktop-PC / Laptop 

5.3.2 Mobile devices 

5.3.3 Opt-Out Cookies

For marketing and analysis functions, we also offer you the option of storing opt-out cookies in your browser (see the individual points below). The use of opt-out cookies is not required. Opt-out cookies make it easier for the respective services to identify your browser in such a way that you do not want marketing and analysis cookies to be used. Based on this identification, the respective service providers refrain from user tracking as well as from setting further identifying cookies, e.g. for marketing and analysis purposes.

The legal basis for setting opt-out cookies is our legitimate interest within the meaning of Art. 6 (1) f) GDPR. Our legitimate interest is the observance of your objection to the data collection and the lawful collection and processing of data within the meaning of the GDPR.

6. Data security

We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Depending on the browser used, data is transmitted using 128 bit or 256 bit SSL encryption (transport encryption). Transport encryption ensures that third parties who intercept data transmitted via the Internet cannot gain knowledge of the content of the transmission. Transport encryption is not suitable for metadata, i.e., in particular the time of data transmission, IP addresses of the communication participants, and the amount and size of the transmitted data.

We point out that despite regular checks and constant improvement of our security measures, complete protection against all dangers is not possible.

7. Deletion

Personal data will be deleted or blocked as soon as the purpose of the storage ceases to apply or you request the deletion. Data will also be deleted if a storage period prescribed by the aforementioned standard expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract or you have given your consent in this regard.

8. Transfer of data to third countries

We use various service providers who provide us with different technologies and/or products. Many of them use servers in third countries, i.e. outside the European Union or the European Economic Area, for which the EU Commission has not determined by so-called adequacy decision a level of data protection generally equivalent to European data protection law.

These countries include in particular the United States of America (USA). The associated transfer of personal data must be permissible pursuant to Art. 44 et seq. GDPR. The European Court of Justice (ECJ) ruled in July 2020 that the Privacy Shield Agreement between the EU and the USA (EU-US Privacy Shield) can no longer be used to transfer personal data to the USA. This means that the original adequacy decision has been repealed. However, the Privacy Shield as such and the accompanying self-certification remain in place. It follows that U.S. companies that have self-certified and registered with the U.S. Department of Commerce's International Trade Administration (see overview at https://www.privacyshield.gov/list) are still obligated to comply with the provisions of the Privacy Shield, which means that an adequate level of data protection can be assured to the greatest possible extent.

Furthermore, we agree with service providers who process personal data in a third country for which the EU Commission has not established a sufficiently equivalent level of data protection under an adequacy decision, on the standard data protection clauses issued by the EU Commission, which continue to apply. Where possible, we also agree on additional guarantees to ensure that adequate data protection is guaranteed in the USA or other third countries.

For some service providers, there are also approved rules of conduct (Binding Corporate Rules, BCR) which ensure that European data protection standards are complied with in the company. Insofar as these exist, we do not agree on separate standard contractual clauses with the service providers subject to the respective BCR.

Nevertheless, it may happen that despite contractual and technical protective measures, the level of data protection in the third country does not correspond to that in the EU. For these cases, we ask you, if necessary, in the context of cookie consent, in (contact) forms or other registrations and logins for your consent to the transfer of personal data to your third country pursuant to Art. 49 (1) a) GDPR. This refers in particular to the transfer of data to the USA. There, authorities and intelligence services such as the National Security Agency (NSA) may have access rights and reading possibilities with regard to personal data without us as data exporter or you as data subject being aware of this and without any suitable legal means being available to prevent this or to take action against such access. However, some of our service providers undertake to exercise and exhaust any remedies available to them under U.S. law against any government access to your data. Some of them additionally publish transparency reports listing - to the extent legally possible - regulatory requests and responses.

In the Consent Management Tool, which is linked in the section on "Cookies" of this Privacy Policy, you will also find information about service providers from third countries that we use, as well as the legal basis and purpose of the data transfer.

9. Rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against the controller:

9.1 Right of access

You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing is taking place, you may request information from the controller about the following: 

  • The purposes for which the personal data are processed;
  • the categories of personal data which are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;
  • the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information about the origin of the data, if the personal data are not collected from the data subject.

9.2 Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

9.3 Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions: 

  • if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
  • the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defense of legal claims; or
  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.

If the processing of personal data concerning you has been restricted, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

9.4 Right to erasure

9.4.1 Obligation to delete

You may request the controller to erase the personal data concerning you without undue delay, and the controller shall be obliged to erase such data without undue delay, if one of the following reasons applies: 

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • The personal data concerning you has been processed unlawfully.
  • The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

9.4.2 Information to third parties

If the controller has made the personal data relating to you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers who process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.

9.4.3 Exceptions

The right to erasure does not exist to the extent that the processing is necessary 

  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
  • for the assertion, exercise or defense of legal claims.

9.5 Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

9.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that 

  • the processing is based on consent pursuant to Art. 6 (1) a) GDPR or Art. 9 (2) a) GDPR or on a contract pursuant to Art. 6 (1) b) GDPR and
  • the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

9.7 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9.8 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects vis-à-vis you or similarly significantly affects you. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the controller, is permitted by Union or Member State law to which the controller is subject, and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or is made with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) a) or g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

9.9 Right of objection

You have the right to object at any time, on grounds arising from your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) e) or f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

9.10 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

10. Changes to this website, updating of the privacy policy

Our website is under constant development. Therefore, we update this privacy policy from time to time. To stay up to date, we therefore recommend that you visit this privacy policy regularly. You can see if there are any changes by the status mentioned below.

 

Last update: 19.04.2022