Below you will find information about which personal data we process, for what purpose, on what basis and for how long:
A. Our contact details and general information on data processing by us
A.1 Name and contact details of the responsible party
Responsible in the sense of data protection law for the collection and use of personal data is
PACE Telematics GmbH
Telephone: 0721/276 664-0
Fax: 0721/276 664-99
represented by: Dr. Martin Kern, Robin Schönbeck, Philip Blatter
A.2 Data protection officer of the data controller
You can reach our company data protection officer as follows: firstname.lastname@example.org
A.3 General information on the legal basis for the processing of personal data
In general, the following applies to the processing of personal data by us:
- Insofar as we obtain your consent for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
- Insofar as processing of personal data is necessary for compliance with a legal obligation to which we are subject, Article 6 (1) (c) GDPR serves as the legal basis. This is the case, for example, with the existing legal storage and archiving obligations for certain data (in particular for tax and commercial law reasons).
- In the event that your vital interests or those of another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis. However, this is unlikely to occur with our services.
- If the processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, this is done on the legal basis of Art. 6(1)(e) GDPR. This legal basis is also not really relevant for our services.
- If the processing is necessary to protect a legitimate interest of us or a third party and your interests, fundamental rights and freedoms do not outweigh this interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
A.4 General information on data deletion and storage period
We generally delete or block the personal data as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject as the responsible party. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Specifically, this means: If we process the personal data on the basis of consent to data processing (Art. 6(1)(a) GDPR), the processing ends with your revocation, unless there is another legal ground for processing the data, which is the case, for example, if we are still entitled to process your data for the purpose of fulfilling a contract at the time of revocation (see below in each case).
If we process the data on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in the context of a previously performed weighing, we store it until the legitimate interest no longer exists, the weighing comes to a different conclusion or you have effectively objected in accordance with Art. 21 GDPR (cf. the visually highlighted “Notice of special right of objection” under C.).
If we process the data for the purpose of fulfilling the contract, then we store the data until the contract has finally been fulfilled and settled and no more claims can be asserted under the contract, i.e. until the statute of limitations has expired. The general limitation period according to § 195 BGB is three (3) years. However, certain claims, such as claims for damages, do not become time-barred until 30 years have elapsed (cf. Section 197 BGB). If there is reasonable cause to believe that this is relevant in an individual case, we will store the personal data for this period. The aforementioned limitation periods begin at the end of the year (i.e. on December 31) in which the claim arose and the creditor becomes aware of the circumstances giving rise to the claim and the person of the debtor or should have become aware of them without gross negligence.
We would like to point out that we are also subject to statutory retention obligations for reasons of commercial law, tax law and accounting law. These oblige us to retain certain data, which may also include personal data, for a period of six (6) to ten (10) years as evidence of our proper business activities or accounting. These retention periods take precedence over the above deletion obligations. The retention periods also begin at the end of the respective year, i.e. on December 31.
A.5 General information on the sources of personal data
The personal data we process originates primarily from the data subjects themselves, for example by them
- as a user of our website, transmitting information, such as the IP address, to us or our web server via the web browser and their terminal device (for example, a PC, smartphone, tablet or notebook),
- as a customer, maintain a customer account (account) with us,
- request information material or an offer from us as an interested party,
- as representatives of the press request information material, press releases, statements or the like from us,
- as suppliers supplying us with goods as agreed or as business partners providing us with services or similar. Exceptionally, the personal data we process may also originate from third parties, for example, if a person acts on behalf of a third party.
A.6 Recipients or categories of recipients of personal data
Your personal data will only be disclosed or transferred to third parties if this is absolutely necessary and permissible for the respective purpose. We explain to whom we pass on data and for what purpose in each case in connection with the data processing described below or, in the case of transfers to other EU countries, additionally in the context of this data protection declaration.
Categories of recipients can generally be:
- Service providers,
- suppliers, business partners,
- accounting department, tax advisor.
A.7 General information on the purposes of data processing
Depending on the category of data involved, we process personal data for the following purposes and on the basis of the legal basis of the General Data Protection Regulation (GDPR) mentioned in each case:
Data of users of our website is collected and processed by us on a non-personal basis. An assignment to specific persons is not possible for us. The IP address is processed exclusively anonymously. If, by way of exception, personal data is nevertheless involved, we process it to protect our legitimate interests on the basis of Art. 6(1)(f) GDPR. Our legitimate interests in this sense are our interest in the security and integrity of our website and the data on our web server (in particular fault and error detection, as well as tracking unauthorized access), as well as marketing interests and interests in statistical surveys (to improve our website and our services and offers). Within the framework of a balancing process, we have come to the conclusion that the data processing is necessary to protect the aforementioned legitimate interests and that your interests or fundamental rights and freedoms, which require the protection of personal data, do not outweigh these interests.
Data of interested parties/data of press representatives Insofar as we process data from persons interested in our services or from representatives of the press, this only occurs if they enter this data in an input field or by e-mail for the purpose of making an inquiry to us and sending it to us. These entries are voluntary. We then process this data exclusively for the purpose of processing the inquiry to us. The processing of this data voluntarily transmitted to us for the purpose of providing information about our services is carried out as pre-contractual processing pursuant to Art. 6(1)(b) GDPR and/or on the basis of your consent given by transmission pursuant to Art. 6(1)(a) GDPR.
Customer data We process the data of our customers for the purpose of contract initiation and contract processing in accordance with Art. 6(1)(b) GDPR or, in the case of a customer account, (also) in accordance with Art. 6(1)(a) GDPR on the basis of consent given during registration.
Supplier data/business partner data We process the data of our suppliers and business partners for the purpose of contract processing pursuant to Art. 6(1)(b) GDPR and/or on the basis of granted consent pursuant to Art. 6(1)(a) GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures (e.g. in the context of the preparation and negotiation of offers).
A.8 Contacting us via e-mail, fax and telephone call.
You can contact us via various contact channels if you wish. For this purpose, you will find e-mail address, telephone number and fax number on the website. Even if you write us an e-mail, call us or send us a fax, we inevitably process personal data from you. Because at least the personal data transmitted with the e-mail, the fax or your telephone are stored by us or our systems.
The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.
Purposes of the data processing The processing of personal data when transmitted by e-mail, fax or telephone, serves us to process your contact and your request. We absolutely need your e-mail address, your fax number or your telephone number in order to be able to reply at all. This is also the legitimate interest in processing the data.
Legal basis for data processing The legal basis for the processing of the data is in the presence of consent pursuant to Art. 6 (1) (a) GDPR, which you have given by actively contacting us. If the contact or your inquiry is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR (implementation of pre-contractual measures).
Duration of storage The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
For personal data sent by e-mail, this is the case when the respective conversation with you has ended and we have clarified whether we may need to refer to your request or the details of the communication again. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
Fax data is stored separately from print data in the device memory of the fax machine. After the fax has been printed out, the occupied memory space is released again so that the next fax can be received and stored there. Parts of the fax can remain temporarily in the device memory after printing until they are overwritten by the next received fax. Normally this leads to an automatic deletion of the data after approx. 1-2 weeks. If it is a computer fax, we receive your fax as an e-mail and the explanations for e-mail apply accordingly.
When you make an incoming telephone call or an outgoing call to us, your telephone number or your name/company name stored with your telephone provider as well as the date and time of the call are stored in our telephone system in a so-called ring buffer, which overwrites the oldest data with new data. As a rule, this leads to an automatic deletion of the data in the telephone system after approx. 3-4 months.
The communication may be subject to a retention obligation under commercial or tax law, which then takes precedence (see the comments above on “Data deletion and storage period”).
Possibility of objection and removal You have the option at any time to revoke any consent given for the processing of personal data or to object to further data processing on the grounds of legitimate interest (cf. the reference to the special right of objection under C. of this data protection notice). In such a case, the conversation cannot be continued. The revocation of consent or the objection to further data processing are made possible by informal communication to us (e.g. by e-mail). All personal data stored in the course of contacting us will be deleted in this case.
B. Scope of the processing of personal data via our website
We collect and use personal data of users in the context of the use of our website only to the extent necessary to provide a functional website and our content and services. As a rule, the collection and use of our users’ personal data only takes place with the user’s consent. An exception applies in those cases where obtaining prior consent is not possible for actual reasons and/or the processing of the data is permitted by legal regulations.
B.1 Provision of the website and creation of log files
Every time the website is accessed, our system automatically collects data and information for technical reasons. These are stored in the log files of the server. These are:
- Date and time of access,
- URL (address) of the referring website (referrer),
- Web pages that are called up by the user’s system via our website,
- screen resolution of the user,
- retrieved file(s) and message about the success of the retrieval,
- amount of data sent,
- the user’s Internet service provider,
- Browser, browser type and browser version, browser engine and engine version,
- operating system, operating system version, operating system type, as well as
- the anonymized IP address and the Internet service provider of the user.
This data is processed separately from other data. Processing of this data together with other personal data of the user does not take place. It is not possible for us to assign this data to a specific person.
Purposes of the data processing
The temporary processing of the data by the system is necessary to enable the delivery of the contents of our website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session for technical reasons.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize our offer and the website and to ensure the security of our information technology systems.
Legal basis of data processing The temporary storage of the data and the log files is based on the legal basis of Art. 6(1)(f) GDPR. Our overriding legitimate interest in this data processing lies in the aforementioned purposes.
Duration of storage The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
Possibility of objection and removal The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object here. However, the user can stop using the website at any time and thus prevent the further collection of the aforementioned data.
B.2 Login / Registration via PACE ID
Via our service PACE ID, users can register on our website by providing personal data and log in to use the customer area. The data are entered into an input mask, transmitted to us and stored. In the context of the registration/login, the specific data protection information for the service PACE ID is displayed and can be taken note of there.
When calling up individual pages, we use so-called cookies. These are small text files that are stored on your terminal device (PC, smartphone, tablet, etc.). If you call up a website, a cookie may be stored by your browser. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is called up again. Cookies are used to make our website usable or more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. Certain data is stored temporarily in the cookies. We ourselves use two cookies on our website. Both cookies are technically necessary for translation:
Our content management system WordPress also uses technically necessary cookies to enable functions such as logging into the administrator area or, if applicable, writing and posting comments for registered visitors (if enabled by us). The setting of cookies is then necessary to recognize logged-in visitors.
In addition, it may be that cookies from third-party providers are used. These cookies could also enable an analysis of the user’s surfing behavior. If this is the case, we will inform you about this separately in this or specific data protection notices directly in the information about the respective third-party tools (such as analysis tools, plugins or similar).
Legal basis for data processing The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR, i.e. a legitimate interest on our part. Our legitimate interest lies in the above-mentioned purposes. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) GDPR if the user has given his consent in this regard; otherwise, it is also a legitimate interest on our part based on the aforementioned purposes pursuant to Art. 6 (1) (f) GDPR.
Duration of storage Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our service providers (third-party providers) to recognize your browser on your next visit (permanent or static cookies). If we have stored the cookies based on the user’s consent, we will terminate further data processing upon revocation by the user. Otherwise, we store the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the weighing comes to a different result or you have effectively objected in accordance with Art. 21 GDPR (see the visually highlighted “Notice of special right of objection” under C.). It is regularly reviewed whether the legitimate interest still exists. In particular, our interest no longer exists if the data is no longer sufficiently relevant for us in terms of evaluation and statistics of website use due to the passage of time, which can be assumed after three years at the latest.
B.4 Data processing for newsletter dispatch
It is possible to subscribe to a newsletter on our website or as part of a request to us. When registering for the newsletter, the data from the input mask is transmitted to us. This is only the e-mail address.
When subscribing to the newsletter, the following data is also collected (opt-in proof):
- Your IP address, as well as
- Date and time of your registration.
This serves to prevent misuse of the services or your e-mail address and to meet our legal obligation to prove that an opt-in, i.e. an explicit consent to receive the newsletter, has actually been given by the e-mail address.
Registration for our newsletter takes place in a so-called double opt-in process. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The click on the link with which you confirm the registration leads to a data collection of your IP address and the exact time (date and time) of the click. This data processing serves to meet our legal obligation to prove that an opt-in, i.e. an explicit consent to receive the newsletter, has actually been given by the e-mail address.
If you purchase goods or services on our website or other of our services and provide your e-mail address, this may subsequently be used by us to send a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter.
The data will be used exclusively for sending the newsletter.
a. Use of the dispatch service provider “MailChimp”.
The dispatch of our e-mail newsletters is carried out via the dispatch service provider MailChimp from the company The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/), to whom we pass on your data provided during the newsletter registration. Please note that your data is usually transferred to a MailChimp server in the USA and stored there. Likewise, any changes to your data stored with MailChimp will be stored there. MailChimp uses the data to send and evaluate the newsletters on our behalf (see “Statistical collection and evaluation” below).
Statistical collection and evaluation: For evaluation purposes, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system).
The data is collected exclusively pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The evaluations serve us exclusively to recognize reading habits and to adapt our content to them or to send different content according to the interests of the readers. The statistical collection and analysis is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interests mentioned above.
Furthermore, MailChimp may use this data itself in accordance with Art. 6 (1) (f) GDPR due to its own legitimate interests in designing and optimizing the service according to needs, as well as for market research purposes, for example to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
It is neither our intention nor that of MailChimp to monitor individual users.
If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
b. Use of the “Mailjet” newsletter dispatch service
In all other respects, the above statements regarding MailChimp also apply analogously to the provider Mailjet.
c. Use of the “Twilio SendGrid” newsletter dispatch service
For sending information to our customers, users and interested parties, we also use, among other things, the service Twilio SendGrid of the service provider Twilio Germany GmbH, Rosenheimer Str. 143C, 81671 Munich (twilio.com). We only send information related to our services via the service. Twilio acts as an order processor. We have concluded a Data Processing Agreement (DPA) (cf.https://www.twilio.com/legal/data-protection-addendum), which secures us instruction and control rights. If data is transferred outside the EU or the EEA, which is possible in principle to the USA, this will take place on the basis of Twilio’s binding internal data protection regulations approved by the data protection authority (Binding Corporate Rules, BCR, available here: https://www.twilio.com/legal/binding-corporate-rules). The transfer is thus permissible pursuant to Art. 46(2)(b) in conjunction with. Art. 47 GDPR permissible.
Purpose of data processing:
The collection and processing of the user’s e-mail address serves to deliver the newsletter. We use the e-mail address for advertising purposes. The collection of IP address and time when clicking on the confirmation link in the double opt-in email serves to meet our legal obligation to provide evidence for obtaining explicit consent. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used. A possible storage beyond the cancellation of the newsletter for up to three years serves the purpose of proving a formerly granted consent and a possible defense against claims.
Legal basis for data processing:
The legal basis for the processing of data after the user has subscribed to the newsletter is your consent pursuant to Art. 6 (1) (a) GDPR. In the event of the prior purchase of similar goods or services, the legal basis for data processing in the context of the newsletter is Section 7 (3) UWG. The legal basis for storing the IP address and time when you click on the confirmation link in the double opt-in email and for possible further storage for up to three years after you have unsubscribed from the newsletter is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. The legitimate interest in this case is to be able to prove a consent formerly given by you and to be able to defend claims derived from it.
Duration of storage:
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, your e-mail address will be stored as long as the subscription to the newsletter is active. We may store the unsubscribed e-mail addresses, together with the data collected when confirming consent to send newsletters, for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove consent formerly given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. The other personal data collected during the registration process is usually deleted after a period of seven days.
Possibility of objection and removal:
The subscription to the newsletter can be cancelled at any time free of charge and without any formalities. For this purpose, there is a corresponding link in each newsletter. This also enables revocation of consent to the storage of personal data collected during the registration process.
B5. Use of the security plugin Limit Login Attempts Reloaded
We use the open-source plugin Limit Login Attempts Reloaded as a WordPress plugin (see https://wordpress.org/plugins/limit-login-attempts-reloaded/). The plugin only processes personal data to a limited extent and only on our own web server, namely the IP address of a potential attacker.
The plugin sets a so-called first party cookie, i.e. a cookie that is set and is the responsibility of us as the operator of the website. No third parties are involved.
Purpose of data processing The plugin serves to protect against so-called brute force attacks. If login data is entered incorrectly several times, this is an indication of an attempt to gain unauthorized access to the login area. Therefore, the plugin blocks the IP address of the Internet user in question for 24 hours. This allows us to ensure the security of our website and our information technology systems.
Legal basis for data processing The legal basis for the processing of personal data is Art. 6 (1) (f) GDPR. Our legitimate interest lies in protecting the website and the login area, and in particular the personal data stored on our web server, especially customer data, from access by unauthorized persons.
Duration of storage We store the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the weighing comes to a different conclusion or you have effectively objected in accordance with Art. 21 GDPR (cf. the visually highlighted “Notice of special right of objection” under C.). In order to defend against attacks on our web server, we consider it necessary and permissible if conspicuous IP addresses can be permanently stored and compared to defend against such attacks.
Possibility of objection and removal The data processing via the plugin serves the security and integrity of our website, the web server and the data stored there. Therefore, the user of our website does not have an objection and removal option in this regard.
B.6 Use of the interactive map from Mapbox
We use the services of Mapbox Inc, 740 15th Street NW, 5 th Floor, Washington, District of Columbia 20005, USA, hereinafter referred to as “Mapbox”. Mapbox is a service and hosting provider of OpenStreetMap based map material. This map material is available to anyone – you do not need to be registered with Mapbox.
Purpose of data processing: We use the services of Mapbox to display interactive maps on the website, for example, to visualize and clarify certain geographical circumstances.
Legal basis of data processing: The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.
Duration of storage:
B.7 Use of YouTube videos (in extended data protection mode)
On our website, there is the option to use YouTube videos (provider: YouTube LLC 901 Cherry Ave, 94066 San Bruno, CA, USA (hereinafter “YouTube”)). We have integrated these YouTube videos in YouTube’s extended data protection mode, which blocks the setting of YouTube cookies until an active click is made on the playback.
The videos are thus only reloaded and thereby cookies are set by YouTube with you when you give your consent to the setting of YouTube cookies by your first click on such a video. We have placed a corresponding notice for you under each video.
YouTube is a subsidiary of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. Each time you call up a product on which a YouTube video has been integrated, the website will play the relevant video from YouTube. As part of this process, YouTube and Google receive knowledge of which product is called up. If you are logged in to YouTube at the same time, YouTube recognizes which specific page you are visiting when you call up a page that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.
Purpose of data processing: YouTube videos are embedded for the purpose of presenting you with multimedia content on the website and thereby enhancing and improving the user experience on the website. Since this makes our website more attractive, the use of YouTube also serves our marketing and advertising purposes. In addition, the own holding and playing of such videos on the web server is associated with high costs and effort.
Legal basis for data processing: The legal basis for the processing of personal data is your expressly given consent. The legal basis for embedding the videos themselves is Art. 6 (1) (f) GDPR, i.e. a legitimate interest on our part. Our legitimate interest here lies in the above-mentioned purposes.
Duration of storage: We do not store any personal data concerning the use of YouTube videos. The accesses and retrievals of the individual videos are evaluated by us, but without reference to a specific person. We have no influence on the storage by YouTube or Google itself. The exact circumstances of the data processing there can be found in the data protection information at Google http://www.google.de/intl/de/policies/privacy.
Possibility of objection and removal: YouTube and Google always receive information that the respective user has visited our website if the user is simultaneously logged into YouTube at the time of using the app; this takes place regardless of whether the data subject clicks on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before accessing the website. Incidentally, you will also find options to minimize data processing by Google in the account settings for YouTube. Since the video portal belongs to Google, the settings can be found in the general configuration of the Google account. There, under the “Activity Settings” (https://myactivity.google.com/activitycontrols), you will find not only options for web and location history, but also special functions for data protection on YouTube. On the one hand, you can pause the video search history so that your searches are no longer saved. On the other hand, you can also turn off the video playback history, so that all your watched videos are not saved either.
Otherwise, you can avoid data processing by not visiting pages with YouTube videos.
B.8 Encryption of the website and communication
All protected areas and forms on the website and thus the data transmissions via them are encrypted according to the SSL standard (HTTPS).
B.9 Transfer of personal data to a third country (other EU countries)
Personal data may be transferred to the United States of America (USA).
The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities, for control and for monitoring purposes, possibly also without any legal remedy.
All companies for which a transfer to a third country is possible have submitted to a regulation comparable to the EU level of data protection by bindingly agreeing to the EU Standard Contractual Clauses (SCC, see Article 46 an (2) c) of the GDPR). The transfer of data to these companies is therefore permissible in principle. Moreover, in the case of commissioned processing, corresponding order processing agreements have been concluded with these companies to safeguard the data and our rights to issue instructions.
C. Data subject rights
If personal data is processed by you, you are a “data subject” and you are entitled to the following rights vis-à-vis us as the data controller:
C.1 Right to information
You have the right to receive confirmation from us free of charge as to whether we are processing personal data relating to you. If this is the case, then you have a right to information about this personal data and to further information, which you can take from Art. 15 GDPR. For this purpose, you can contact us by mail or by e-mail.
C.2 Right to rectification
You have the right to demand that we correct any inaccurate personal data concerning you without delay. Likewise, you have the right – taking into account the above-mentioned purposes of processing – to request the completion of incomplete personal data – also by means of a supplementary declaration. For this purpose, you can contact us by mail or by e-mail.
C.3 Right to erasure
You have the right to demand the immediate deletion of the personal data concerning you if one of the conditions of Art. 17 GDPR applies. For this purpose, you can contact us by mail or by e-mail.
C.4 Right to restriction of processing
You have the right to demand that we restrict processing if one of the conditions of Art. 18 GDPR applies. For this purpose, you can contact us by mail or by e-mail.
C.5 Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.
C.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and you have the right to transfer this data to another controller without hindrance from us, if the conditions of Art. 20 GDPR are met. You can contact us for this purpose by mail or by e-mail.
C.7 Right of objection in case of processing due to legitimate interest, as well as against direct advertising
Insofar as we exceptionally process personal data on the basis of Art. 6(1)(f) GDPR (i.e. because of legitimate interests), you have the right to object to the processing of personal data concerning you by us at any time for reasons arising from your particular situation. If we cannot demonstrate compelling legitimate grounds for further processing that override your interests, rights and freedoms or, alternatively, if we process the data concerned from you for the purpose of direct marketing, we will then no longer process your data (cf. Art. 21 GDPR). You can contact us for this purpose by mail or by e-mail.
A technical procedure that you use, e.g. a clear technical information that your web browser transmits to us (“Do-Not-Track” message), also counts as an objection in this sense.
If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
C.8 Right of revocation in the event of consent granted
You have the right to revoke your consent to the collection and use of personal data at any time with effect for the future. To do so, you can contact us by mail or e-mail. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
C.9 Automated decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. Unless the decision is necessary for the conclusion or performance of a contract between you and us, it is permissible under Union or Member State law to which we are subject and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or the decision is made with your explicit consent. Such automated decision-making does not take place by us.
C.10 Voluntariness of the provision of data
If the provision of personal data is required by law or contract, we will always point this out when collecting the data. In some cases, the data we collect is required for the conclusion of a contract, namely if we would otherwise not be able to fulfill our contractual obligation to you or would not be able to do so sufficiently. There is no obligation for you to provide the personal data. However, failure to provide it may mean that we are unable to perform or offer a service, action, measure or similar requested by you or that it is not possible to conclude a contract with you.
C.11 Right of complaint to a supervisory authority
Without prejudice to any other rights, you have the right to lodge a complaint with a supervisory authority for data protection at any time, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you violates data protection law.