toggle menu
mail icon de deutsch
Berentzen Group Data Protection Policy

Data Protection Policy

Privacy policy

Welcome to the privacy policy of our website. As the operator of the https://www.berentzen-gruppe.de/ website, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations, your selection in the cookie banner and this privacy policy.

 

Name and address of the responsible organisation

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

Berentzen Group Aktiengesellschaft

Phone: +49 (0) 59 61 / 502-0

Fax: +49 (0) 59 61 / 502-268

E-mail: info@berentzen.de

 

If you have any questions about data protection, please contact our external data protection officer at Prico GmbH using the keyword "Data protection homepage".

Please send your enquiry by e-mail to Mr Sebastian Feldmann, datenschutz@berentzen.de

 

General information on data processing
 

Scope of the processing of personal data

We only process our users' personal data to the extent necessary to provide a functional website and the content and services. As a rule, personal data is only processed with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
 

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing.
 

Data erasure and storage duration

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies and there are no legal retention periods or other requirements to the contrary.

 

Provision of the website and creation of log files
 

Description and scope of data processing

Each time our website is accessed, data and information are automatically collected by the computer system of the accessing computer. The following data is collected:

  • IP address of the requesting computer (host name)
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer
  • Name of your access provider.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
 

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.
 

Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

Data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR.
 

Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.
 

Possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

 

E-mail contact
 

Description and scope of data processing

Website users can contact us using the contact details provided on the website by sending us an e-mail. If a user makes use of this option, the data entered will be transmitted to us and stored. These data are

  • First name and surname of the user, if applicable
  • Your e-mail address
  • Additional personal data provided by you in the context of your message
     

Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
 

Purpose of data processing

The processing of personal data serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
 

Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
 

Right of objection and removal

If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

The user can object to the processing of their data by e-mail or by post. All personal data stored in the course of making contact will be deleted in this case.

 

Newsletter
 

Type and purpose of processing:

We send out newsletters with current information about our products and offers. Personal data is processed for this purpose. Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy. The purpose of collecting your email address is to send you the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. Data will not be passed on to other third parties. The data is used exclusively for sending the newsletter
 

Legal basis:

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a) GDPR if the user has given consent.
 

Storage duration:

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user's e-mail address is therefore stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process is generally deleted after a period of seven days.
 

Right of objection and removal

You can cancel your subscription to the newsletter at any time. For this purpose, each newsletter contains a corresponding link to unsubscribe. This also enables you to withdraw your consent to the storage of the personal data collected during the registration process.

 

Data transfer to third countries

Tools from companies based in so-called third countries (i.e. outside the European Union (EU), the European Economic Area (EEA)) may be integrated on our website. If these tools are active, your personal data may be forwarded to the servers of the respective companies. We have no influence on this data processing.

If we process data in a third country or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the following legal requirements pursuant to Art. 44 et seq. GDPR:

  • Basis of an adequacy decision
  • Internal data protection regulations
  • Approved rules of conduct
  • Standard data protection clauses
  • Authorised certification mechanism pursuant to Art. 46 para. 2 lit. a) - f) GDPR

 

Use of cookies
 

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer system. When a user accesses a website, a cookie may be stored on the user's operating system. These cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

We also use cookies on our website that enable us to analyse the surfing behaviour of users. The user data collected in this way is anonymised by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal user data.
 

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f) GDPR.

Insofar as cookies are used to analyse user behaviour, this is done on the basis of consent in accordance with Art. 6 (1) (a) GDPR.
 

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change. As the website operator, we have a legitimate interest in the storage of cookies for the technically error-free and optimised provision of our services.

The user data collected by technically necessary cookies is not used to create user profiles.

The purpose of using analytics cookies is to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.
 

Duration of storage, objection and removal options

Cookies are stored on the user's device and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

 

Cookie consent

Our website uses the cookie consent technology "Cookiebot" from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection regulations.

When you visit our website, you will be shown a banner in which you can actively select various cookies and thus give your consent to their use. So that the cookie consent tool can assign your visit to you as a user and individually record, log and store the consent settings you have made for a session duration, certain user information (including the IP address) is collected and stored by the cookie consent tool when you visit our website.

The data collected will be stored until you ask us to delete it or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.

Cookie consent technology is used to obtain the legally required consent for the use of technically unnecessary cookies. The legal basis for this is Art. 6 para. 1 lit. c) GDPR.

 

Cookies used, services and other functions of the website
 

Matomo

Description and purpose

This website uses Matomo (formerly Piwik), an open source software for the statistical analysis of visitor access. The provider of Matomo is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.

Matomo uses cookies that are stored on your computer, which enable an anonymised analysis of your website usage. It is generally not possible to draw conclusions about a specific person, as your IP address is anonymised immediately after processing and before storage.

We use Matomo to improve the quality of our website and its content. By learning how our website is used, we can continuously optimise our website offering.

The following data is stored when the individual pages of our website are accessed:

  1. Two bytes of the IP address of the user's calling system
  2. The website called up
  3. The website from which the user accessed the website (referrer url)
  4. Subpages that are accessed from the accessed website
  5. Time spent on the website
  6. Frequency of visits to the website.

The software runs exclusively on the servers of our website or our website support, and the user's personal data is only stored there. The user's IP address is not stored in full but only shortened by masking only 2 bytes of the IP address. It is then not possible to assign the IP address shortened in this way to the user's end device.

The processing of users' personal data enables us to analyse user behaviour on our website.

 

Legal basis

The legal basis for this processing of your personal data is Art. 6 para. 1 lit. f) GDPR.
 

Data recipients, data transfer and data transfer to third countries

The recipient of your anonymised data is the website operator and website support. Data will not be transferred to a third country. The data will also not be passed on to third parties in any other way.

 

Duration and scope of data storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected and processed. The data will also be deleted if you assert your right to data deletion in accordance with Art. 17 para. 1 GDPR.

For further data subject rights, see below in this privacy policy.

There is no contractual or legal obligation to provide the data.

 

Further information on the processing of your personal data by Matomo can be found here: https://matomo.org/privacy-policy/

 

Social media presence
 

Facebook

Shared responsibility

In accordance with the jurisdiction of the European Court of Justice, we are jointly responsible with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook) for the processing of personal data collected when you visit our Facebook page.
 

Data collection and processing

When you visit our Facebook page, Facebook automatically collects personal data from you, such as IP address, device information and interaction behaviour. Further information on this can be found in Facebook's privacy policy.
 

Use of cookies

Facebook uses cookies to store and process the data. If you have a Facebook profile and are logged in, the data is also stored and analysed across devices. Information on the use of cookies by Facebook can be found here.
 

Possibilities of objection

You can object to the use of cookies on the following pages:

Page insights and usage analysis

Facebook provides us with anonymised statistics about the use of our site. This includes data such as page views, "Like" information and post interactions. We use this data to optimise our site and content in accordance with Art. 6 para. 1 lit. f) GDPR.
 

Further information on shared responsibility

The duties of joint responsibility are regulated in the "Page Insights Addendum": Page Insights Agreement.

 

Instagram

Shared responsibility

We are jointly responsible for data processing on our Instagram page with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
 

Data collection and processing

When you visit our Instagram page, Instagram collects personal data such as IP address, user behaviour and interactions with our page. Further information on this can be found in Instagram's privacy policy.
 

Use of cookies

Instagram uses cookies to analyse user behaviour. For logged-in users, the analysis can take place across devices. Further information on the use of cookies can be found here.
 

Possibilities of objection

You can object to the processing of your data by Instagram in your Instagram settings or under Your Online Choices.
 

Page insights and usage analysis

Instagram provides us with anonymised usage statistics that we use to improve our site. This is done on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.
 

Further information on shared responsibility

Further details on joint responsibility can be found in the Instagram Joint Responsibility Agreement.

 

LinkedIn

Shared responsibility

Together with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, we are responsible for data processing in connection with visits to our LinkedIn page.
 

Data collection and processing

When you visit our LinkedIn page, LinkedIn collects personal data from you, including information about your use of and interaction with our site. Further details can be found in LinkedIn's privacy policy.
 

Use of cookies

LinkedIn uses cookies to analyse user behaviour on our website. Registered LinkedIn members can be analysed across all devices. Information on the use of cookies by LinkedIn can be found here.
 

Possibilities of objection

You can object to the use of cookies and the processing of your data:

Page insights and usage analysis

LinkedIn provides us with anonymised statistics about the use of our site. This information is used to optimise our content in accordance with Art. 6 para. 1 lit. f) GDPR.
 

Further information on shared responsibility

The reciprocal responsibilities are regulated in the LinkedIn Joint Responsibility Agreement.

 

XING

Shared responsibility

Together with New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany, we are jointly responsible for data processing on our XING page.
 

Data collection and processing

When you visit our XING page, XING collects personal data in order to analyse user behaviour and interactions. Details can be found in XING's privacy policy.
 

Use of cookies

XING uses cookies to store and analyse user data. If you are logged in as a XING member, the analysis also takes place across devices.
 

Possibilities of objection

You can object to the use of cookies by XING in your XING settings.
 

Page insights and usage analysis

XING provides us with anonymised data to analyse the use of our site and to optimise content based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR.
 

Further information on shared responsibility

Further information can be found in XING's privacy policy.

 

Kununu

Shared responsibility

We are jointly responsible for data processing on our Kununu page with New Work SE, which operates Kununu.
 

Data collection and processing

Kununu collects personal data such as IP address and usage behaviour when you visit our company's presence on the platform. Further information can be found in Kununu's privacy policy.
 

Use of cookies

Kununu uses cookies to collect and analyse usage data. You can find information on the use of cookies in the settings of your Kununu profile.
 

Possibilities of objection

You can object to the use of cookies in the Kununu or XING settings.
 

Page insights and usage analysis

Kununu provides us with anonymised statistics that we use to optimise our content. This data processing is carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.
 

Further information on shared responsibility

For more information on joint responsibility with Kununu, please refer to the Kununu privacy policy.

 

YouTube

Shared responsibility

We are jointly responsible for data processing in connection with our YouTube page with Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
 

Data collection and processing

When you visit our YouTube page, YouTube automatically collects personal data, including IP address, information about the device used and interaction behaviour. This data can be processed for usage statistics and used to improve the platform. Further details on this can be found in YouTube's privacy policy.
 

Use of cookies

YouTube uses cookies to store and analyse user behaviour. If you have a Google account and are logged in, the data can also be analysed across devices. Information on the use of cookies by YouTube can be found in the YouTube cookie policy.
 

Possibilities of objection

You can object to the processing of your data by YouTube by adjusting the cookie settings in your Google account. Further options for deactivating personalised advertising can be found under Google Ads settings and under Your Online Choices.
 

Page insights and usage analysis

YouTube provides us with anonymised data and statistics on the use of our site. We use this information to improve our content on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR.
 

Further information on shared responsibility

The responsibilities in the joint responsibility are defined in the "YouTube Joint Responsibility Agreement". Google assumes primary responsibility for the processing and fulfilment of data protection obligations in accordance with the GDPR. Further information can be found in the YouTube Privacy Policy.

 

Applicant data protection

If you apply to us electronically, i.e. by e-mail or via our web form, we will collect and process your personal data for the purpose of handling the application process and implementing pre-contractual measures. We use a specialised software provider to handle the application process. The applicant portal is operated by softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin, with whom we have concluded a contract for order processing.

By submitting an application, you are expressing your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application. In particular, the following data will be collected: First and last name, e-mail address, telephone number, XING profile if applicable.

You also have the option of uploading or sending documents such as a cover letter, your CV and certificates. These may contain further personal data such as date of birth, address, etc.

The legal basis for the processing of your applicant data is Art. 6 para. 1 lit. b) GDPR and Art. 9 para. 2 lit. b) GDPR. Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. b) GDPR (e.g. health data, such as severely disabled status).

Only authorised employees from the HR department or persons involved in the application process have access to your data.

Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.

Your data will be stored for a period of 6 months after the end of the application process. This is usually done to fulfil legal obligations or to defend against any claims arising from legal regulations. You have the option of giving us your consent for us to include you in the applicant pool in order to consider you for future vacancies. Your data will then be deleted immediately after your consent has expired or if you withdraw your consent. We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical analyses.

 

Integration of additional services and content from third parties

Third-party content, such as videos, fonts or graphics originating from other websites, may be integrated into this online offering. In order for this content to be displayed, it is necessary for the respective providers of this content (hereinafter referred to as "third-party providers") to collect the IP address of the user. Without the IP address, it would not be possible to transmit the content to the user's browser, as this is necessary for the display. We endeavour to only integrate content whose providers use the IP address exclusively to provide the content. Nevertheless, we have no influence on whether third-party providers store the IP address for statistical purposes, for example. If we are aware of this, we will inform users accordingly. We would like to provide and optimise our online offering through these integrations.

The legal basis for the integration of additional third-party services and content is Article 6(1)(f) GDPR. Our overriding legitimate interest lies in the best possible presentation of our online presence and in the user-friendly and economically efficient provision of our services. Please check the respective data protection conditions before you transmit personal data to these websites.

 

Other data recipients

If the legal requirements are met (e.g. your consent has been obtained), we may share your personal data with other recipients who provide services for us. Taking into account the principle of data minimisation, we limit the disclosure of your personal data to what is necessary. The service providers used receive your personal data as processors (order processing contract in accordance with Art. 28 GDPR) or as independent data processors. The following categories of service providers or data recipients may receive your data

  • Operator of the server & hosting provider
  • Marketing agencies & website support
  • External legal & tax advice
  • Service provider in the field of recruiting
  • Service provider for postal and delivery services
  • Other services and tools

Access to your data is only granted under strict conditions (confidentiality requirements).

 

Data security

Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of data transmitted to and via our website via the Internet. However, we take the best possible technical and organisational measures to protect our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorised persons.

We take precautions to ensure the security of your personal data. Your data is conscientiously protected against loss, destruction, falsification, manipulation and unauthorised access or unauthorised disclosure.

 

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following "data subject rights" vis-à-vis the controller:
 

Right to information pursuant to Art. 15 GDPR

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the controller:
 

  1. the purposes for which the personal data are processed;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information about the origin of the data if the personal data is not collected from the data subject;
     

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

 

Right to rectification pursuant to Art. 16 GDPR

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

 

Right to restriction of processing pursuant to Art. 18 GDPR

Under the following conditions, you may request the restriction of the processing of your personal data:
 

  1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
  4. if you have objected to processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate grounds of the controller override your grounds.
     

If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

 

Right to erasure pursuant to Art. 17 GDPR

a) Cancellation obligation

You may request us to delete the personal data concerning you immediately and we are obliged to delete this data immediately if one of the following reasons applies:
 

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  4. The personal data concerning you has been processed unlawfully
  5. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

 

b) Information to third parties

If we have made the personal data concerning you public and we are obliged to delete it in accordance with Art. 17 para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
 

c) Exceptions

The right to erasure does not exist if the processing is necessary
 

  1. to exercise the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  5. for the assertion, exercise or defence of legal claims.

 

Right to information pursuant to Art. 19 GDPR

If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the controller.

 

Right to data portability pursuant to Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
 

  1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
  2. the processing is carried out using automated procedures.
     

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
 

Right to object pursuant to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR.

We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures that use technical specifications.

 

Right to revoke the declaration of consent under data protection law pursuant to Art. 7 para. 3 GDPR

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent or to object, simply send us an e-mail.

 

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

 

Automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
 

  1. is necessary for the conclusion or fulfilment of a contract between you and the controller,
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

 

Changes to the data protection provisions

We reserve the right to amend this privacy policy at any time with effect for the future so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services.