Privacy Policy

 

I) Name and address of the person responsible

The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Publishing Director: Michel Koutchouk

Registered name: Infotel Conseil
Simplified joint-stock company with share capital of €108,587,484
R.C.S. Nanterre: 344 122 262
Registered office: 13 rue Madeleine Michelis – CS 80104 – 92523 NEUILLY SUR SEINE CEDEX (France)
Phone number: 33 (0) 1 55 62 19 20
Hosting: Infotel Conseil

 

II) General information on data processing

1. Scope and purpose of processing personal data

In principle, we only process the personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user (e.g. through the use of a cookie banner). An exception applies in such cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

 

2. Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) GDPR serves as the legal basis.

Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is required to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 lit. f GDPR serves as the legal basis for the processing.

 

3. Data Erasure and Storage Duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

 

4. Data transfer to third parties, processors and joint controllers

We only transfer personal data if the transfer is lawful under the applicable data protection laws. This can be the case, for example, if we are obliged by law to transmit data to (investigative) authorities. However, a transfer is also possible if we transfer personal data to processors or share them with joint controllers.

If it is possible or even required by law, every data transmission is recorded in writing and regulated by clearly defined rights and obligations. This means that we conclude contracts with our processors, for example, which are intended to help protect your personal data.

If data is transmitted, you will be informed accordingly.

 

III) Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system (and possibly also the system of our hosting provider) automatically collects data and information from the computer system of the accessing computer.

As a rule, the following data is collected here:

1. Information about the browser type and version used
2. The user’s operating system
3. The user’s internet service provider
4. The IP address of the user
5. Date and time of access
6. Websites from which the user’s system accesses our website
7. Websites accessed by the user’s system through our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

 

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 Paragraph 1 Letter f of the GDPR.

 

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR also lies in these purposes.

 

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. The reason for the storage are various security reasons (e.g. to investigate criminal offenses) – for this reason, further storage is possible. If the data is stored elsewhere, the IP addresses of the users will be deleted or alienated so that it is no longer possible to assign the calling client.

 

5. Possibility of objection and elimination

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

 

IV) Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user calls up a website, a cookie can be stored on the user’s operating system. A cookie contains a characteristic character string that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change (e.g. log-in information, website settings, etc.).

We also use cookies on our website, which enable an analysis of the surfing behavior of users.

In this way, data can be transmitted that says something about the frequency of page views or the use of website functions.

The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.

When accessing our website, users are informed by an information banner (cookie banner) about the use of cookies for analysis purposes and are referred to this data protection declaration. The use of cookies for analysis purposes (or range measurement) requires your consent. Consent is only given by clicking on the corresponding button on the info banner. Processing for analysis purposes will not take place without your consent. In this context, there may also be an indication of how the storage of cookies can be prevented in the browser settings.

 

b) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 Para. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes and range measurement is Article 6(1)(a) GDPR if the user has given their consent.

 

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change.

The user data collected by technically necessary cookies are not used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.

Our legitimate interest in the processing of personal data in accordance with Article 6 (1) (f) GDPR and for analysis purposes in accordance with Article 6 (1) (a) GDPR also lies in these purposes.

 

e) Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

 

V) Contact

Every time you contact us (e.g. via contact form, e-mail, telephone or via social media), the information provided by the user is used to process the specific contact request and its processing in accordance with Article 6 (1) b. (in the context of contractual/pre-contractual relationships), Art. 6 Paragraph 1 lit. f. (other inquiries) GDPR processed. Furthermore, we would like to point out that the information can be stored on a computer/software system (e.g. in a “CRM system”). The reason for storage in a computer/software system is the objective of optimizing and accelerating our processes (Art. 6 Para. 1 lit. f GDPR).

We delete the data as soon as they are no longer required. Check the necessity every two years (the necessity of storage can also be given by legal regulations).

 

VI) Contact form and email contact

1. Description and scope of data processing

There is a contact form on our website which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved. These dates are:

1. Name
2. Business
3. E-mail
4. Regarding
5. message/text

At the time the message is sent, the following data can also be stored:

1. The IP address of the user
2. Date and time of registration

Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration.

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

 

2. Legal basis for data processing

The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 Paragraph 1 Letter f of the GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.

 

3. Purpose of data processing

The processing of the personal data from the input mask serves us solely to process the contact. If contact is made by e-mail, this is also the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

 

5. Possibility of objection and elimination

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

The revocation of consent must be sent to us in writing (our contact details can be found above – name and address of the person responsible).

All personal data that was saved in the course of making contact will be deleted in this case.

 

VII) Web analysis by Google Analytics / Google Tag Manager

We use Google Analytics, a web analytics service provided by Google Inc. ( https://www.google.de/intl/de/about/ ) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). Google offers guarantees to comply with European data protection regulations ( https://support.google.com/analytics/answer/9019185?hl=de&ref_topic=2919631 ).

In this context, pseudonymised usage profiles are created on our behalf and cookies (see below) are used. The information generated by a cookie about your use of this website such as

• Browser type/version
• Operating system used
• Referrer-URL
• Host name of the accessing computer
• Time of server request

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and the needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).

In principle, the use of Google Analytics requires your consent in accordance with Article 6 (1) (a) GDPR. You will be informed about this when you visit our site (cookie banner).

You can also prevent the installation of cookies by setting your browser software accordingly; we would like to point out to you however that in this case not all functions of this website can be used in full.

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https : // tools.google.com/dlpage/gaoptout?hl=de ).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics help ( https://support.google.com/analytics?source=404#topic=3544906 ), in the setting for the display of advertisements by Google https://adssettings.google.com/authenticated and in Google’s privacy policy https://policies.google.com/technologies/ads .

In any case, the personal data will be deleted or made anonymous after 14 months.

We also use the Google Tag Manager:

Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offer (please refer to further information in this data protection declaration). With the Tag Manager itself (which implements the tags), e.g. For example, no user profiles have been created or cookies have been saved. Google only learns the IP address of the user, which is necessary to run Google Tag Manager;

• Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA;
• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR);
• Website: https://marketingplatform.google.com;
• Privacy Policy: https://policies.google.com/privacy ; Order processing contract: https://business.safety.google/adsprocessorterms ;
• Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms ;
• More information: https://privacy.google.com/businesses/adsservices (types of processing and the data processed).

 

VIII) Facebook

On the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR, social media plugins from Facebook are used on our website to make their use more personal. For this we use the “LIKE” or “SHARE” button. This is an offer from Facebook.

Facebook has taken technical and organizational measures to ensure the rights of data subjects and the protection of personal data.

If you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which integrates it into the website.

By integrating the plugin, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged into Facebook, Facebook can directly assign your visit to our website to your Facebook account. If you interact with the plugins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook can use this information for advertising, market research and needs-based design of the Facebook pages. For this purpose, usage, interest and relationship profiles are created by Facebook, e.g. B. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for protecting your privacy can be found in Facebook’s data protection information ( https://www.facebook.com/about/privacy/ ).

If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his member data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info /choices/ or the EU site http://www.youronlinechoices.com/ . The settings are platform-independent, ie they are adopted for all devices, such as desktop computers or mobile devices.

 

IX) Social Media & Plugins

On the basis of our legitimate interest in accordance with Article 6 Paragraph 1 lit. f GDPR, social media plugins from various manufacturers are used on our website in order to make their use more personal. For this we use, for example, the “LIKE” or “SHARE” button.

All social media platforms have taken technical and organizational measures to ensure the rights of data subjects and the protection of personal data.

If you access a page on our website that contains such a plugin, your browser establishes a direct connection to the platform servers. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the website by it.

If you are logged into the social media platform, the provider can directly assign your visit to our website to your user account. If you interact with the plugins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to the provider’s server and stored there. The information is also published on the respective platform and displayed to your social media contacts.

By integrating the plugins, the platform operator receives the information that your browser has accessed the corresponding page of our website, even if you do not have a user account with the provider or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to one of the provider’s servers (e.g. in the USA) and stored there.

The platform operator can use this information for advertising, market research and needs-based design of the platform. For this purpose, usage, interest and relationship profiles are created, e.g. B. to evaluate your use of our website with regard to the advertisements displayed to you on the platform, to inform other platform users about your activities on our website and to provide other services related to the use of the platform.

If you do not want the platform operator to assign the data collected via our website to your user account, you must log out of the platform before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by the provider as well as your rights in this regard and setting options for protecting your privacy can be found in the data protection information of the respective provider:

• Facebook: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com ; Privacy Policy: https://www.facebook.com/about/privacy ;Possibility of objection (opt-out): settings for advertisements: https://www.facebook.com/settings?tab=ads ; Additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum , data protection information for Facebook pages: https://www.facebook.com/legal/ terms/information_about_page_insights_data .If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his member data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies.Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info /choices/ or the EU site http://www.youronlinechoices.com/ . The settings are platform-independent, ie they are adopted for all devices, such as desktop computers or mobile devices.
• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com ; Privacy Policy: https://www.linkedin.com/legal/privacy-policy ;
• Xing: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany; Website: https://www.xing.de ; Data protection declaration: https://privacy.xing.com/de/datenschutzerklaerung .

SalesViewer® technology: On this website, data for marketing, market research and optimization purposes is collected and stored using the SalesViewer® technology from SalesViewer® GmbH on the basis of the legitimate interests of the website operator (Art. 6 Para.1 lit.f GDPR).

A javascript-based code is used for this purpose, which is used to collect company-related data and use it accordingly. The data collected with this technology is encrypted using a non-recalculated one-way function (so-called hashing). The data is immediately pseudonymised and not used to personally identify the visitor to this website.

The data stored in Salesviewer will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements.

You can object to data collection and storage at any time with effect for the future by  clicking on this link  to prevent future collection by SalesViewer® on this website. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you must click this link again.

 

X) Marketing automation with Constant Contact

We use Constant Contact on this website, an open source tool for marketing automation. It is an analysis and tracking software for the assignment and storage of usage data (including browser used, last page visited, length of stay). The software uses this information to customize our marketing efforts and better align them with the interests of each individual user. The software also helps us to better evaluate the success of individual marketing measures. For this we have concluded an AV contract with our hoster for the marketing tool Constant Contact.

A transfer of data to third parties does not take place. We collect and process data with Constant Contact only to the extent necessary to achieve business goals with you.

Constant Contact’s way of working is expressed through:

a) E-mail marketing and campaigns – With so-called e-mail marketing, you will be sent personalized e-mails. These are partly based on how you use the website, when you read our e-mails and when you interact with the links contained in them. We also send emails as part of campaigns. The assignment to the campaigns is made by segmentation and tagging.

b) Personalized web links – In order to recognize whether, for example, a user calls up a link from an e-mail, Constant Contact adds a unique identifier to these links, which was previously assigned to an individual user profile.

c) IP address – The IP address currently used by website visitors is transmitted to us each time our website is accessed. Constant Contact uses this to recognize users of the website.

d) Reports evaluate the performance data about the recorded data and display them in aggregated form.

The data collected are:

• the activity on our website
• Number of page views and length of stay of the website visitor
• the click path of the respective visitor
• Downloads of files provided via the website
• Landing page visits
• Opening of emails from newsletters and campaigns

As part of a registration on the website, the provider collects through the use of Constant Contact:

• Contact information (such as name, postal or e-mail address, telephone number)
• Business contact information (such as your job title, business name, business email address, phone or fax number).
• The IP address of the end device from which the website is used (a series of digits that identifies your current computer connection to the Internet).

The released data is clearly recognizable for the user by filling out a form. It is marked which data is necessary to send the form.

Constant Contact is only used if you have expressly given your consent to the use of so-called “first-party cookies” when you use our website for the first time. You can revoke this consent at any time by contacting the contact person named above. In this case, all tracking data collected using Constant Contact will be deleted immediately.

 

XI) Rights of the data subject

If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

1. Right to information

You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.

If such processing is present, you can request information from the person responsible for the following information:

1. the purposes for which the personal data are processed;
2. the categories of personal data being processed;
3. the recipients or categories of recipients to whom your personal data has been or will be disclosed;
4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;
6. the existence of a right of appeal to a supervisory authority;
7. all available information about the origin of the data if the personal data are not collected from the data subject;
8. the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 DS-GVO and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the person concerned.

You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

 

2. Right to Rectification

You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

 

3. Right to restriction of processing

Under the following conditions, you can request the restriction of the processing of your personal data:

1. if you contest the accuracy of the personal data concerning you for a period that enables the person responsible to check the accuracy of the personal data;
2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
3. the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
4. if you have lodged an objection to the processing pursuant to Art. 21 Para. 1 DS-GVO and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of the personal data concerning you has been restricted, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed.

If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

 

4. Right to erasure

a) Obligation to delete

You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You revoke your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR and there is no other legal basis for the processing.
3. You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.
4. The personal data concerning you have been processed unlawfully.
5. The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
6. The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 DS-GVO.

b) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, To inform those responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to erasure does not exist if processing is necessary

1. to exercise the right to freedom of expression and information;
2. to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller;
3. for reasons of public interest in the field of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the law referred to under Section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or
5. to assert, exercise or defend legal claims.

 

5. Right to Information

If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the person responsible.

 

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that

1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR based and
2. the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.

The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.

7. Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

 

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

 

9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

1. is necessary for the conclusion or performance of a contract between you and the person responsible,
2. is permitted on the basis of legal provisions of the Union or the Member States to which the person responsible is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests or
3. takes place with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9 (1) GDPR unless Article 9 (2) lit. a or g GDPR applies and appropriate measures are taken to protect the rights and freedoms and your legitimate interests have been met.

With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to challenge the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR.

The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.