Privacy Policy Berlin Brandstifter GmbH

Name and address of the person responsible:
The Berliner Brandstifter GmbH

represented by Managing Director Vincent Honrodt
Mauerstraße 80
10117 Berlin

is responsible within the confines of Art. 4 para. 7 of EU Regulation 2016/679, called the General Data Protection Regulation (GDPR), and other national data protection laws of the Member States as well as other provisions of data protection law.

Name and address of the data protection officer
The data protection officer of the responsible person can be reached at:

Berliner Brandstifter GmbH
to the name of Data Protection Officer
Mauerstraße 80
10117 Berlin

datenschutz@berlinerbrandstifter.com

General information on data processing

Scope of processing of personal data

You can visit us (the websites of the Berlin Brandstifter GmbH) without telling us who you are. When you visit our website, your browser automatically transmits various data, see below „IV. Provision of the website and creation of „log files“. This information is evaluated purely for statistical purposes and then deleted. Our services are reserved for adult visitors.

Personal data is only collected on our website if you provide it to us of your own accord (e.g. as part of the order process). We use this data exclusively for the purposes stated in each case, as listed below.

We contractually bind external service providers who process personal data for us, so-called contractors, in accordance with Art. 28 GDPR. The contractors have been carefully selected by us, specifically commissioned and are bound by our instructions. States outside the European Union/European Economic Area are designated as third party countries by the GDPR. The transfer of data to these countries is regulated separately in accordance with Articles 44 to 49 GDPR. In some cases we use contract processors in third countries and name them below. For the USA, the EU Commission has determined the adequacy of the data protection level there in accordance with Art. 44 para. 3 GDPR for the EU-US Privacy Shield (C(2016) 4176 final). Our contract processors in the USA are certified according to this.

We maintain current technical measures to guarantee the protection of personal data. These are adapted to the current state of the art in each case.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

The processing of personal data is also legal pursuant to Art. 6 para. 1 lit. f) if it is necessary to safeguard the legitimate interests of the data controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a minor.

Data erasure and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Provision of the website and creation of log files

Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer: domain, visitor’s IP address, HTTP method (GET/POST), file accessed, HTTP response, response size, visitor’s user agent.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. The deletion takes place after 8 weeks according to the statement of our hosting service provider.

Processing is carried out by our hosting service provider ONE.COM (B-one FZ-LLC), Dubai, UAE, represented in Europe by One.com A/S, Copenhagen, Denmark. The servers for the storage of personal data are located in Denmark, the processing of the data takes place exclusively within the EU. There is an order data processing agreement between us and ONE.COM.

Legal basis for data processing

Insofar as our log files mean the processing of personal data, the legal basis is Art. 6 para. 1 lit. b, lit. f GDPR.

Purpose of data processing

Temporary storage of the IP address by the system is necessary within the meaning of Art. 6 para. 1 lit. b GDPR to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for its duration. The repeated automated reading of the web pages (so-called scraping) is also made more difficult by recording the IP address. The storage of data in the event of an error is required within the meaning of Art. 6 (1) (f) GDPR in order to ensure the website’s operability.

Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

Possibility of objection and elimination

The collection of data for the provision of the website is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

Use of cookies

Description and scope of data processing

The websites use so-called cookies in several places. They serve to make our offer more user-friendly and effective. Cookies are small text files that are stored on your computer and saved by your browser. Some of the cookies we use are so-called „session cookies“, which are automatically deleted when you close your browser. In addition, there are some persistent cookies that we use to recognize you as a visitor. Cookies do not cause any damage to your computer and do not contain any viruses. If you do not wish cookies to be installed, you can deactivate the acceptance of cookies in your browser. However, we would like to point out that you may not be able to use our website in full with deactivated cookies.

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is not possible to assign the data to the calling user as a person. The data will not be stored together with other personal data of the user, unless otherwise described below.

The first time our website is accessed, users are informed about the use of cookies by info banners and are referred to this data protection declaration. This also includes an indication of how the storage of cookies can be prevented in the browser settings.

The following data is stored and transmitted in the technically necessary cookies:

  1. Age limit (over or under 18 years)
  2. Language settings
  3. Items in a shopping cart

We also use cookies on our website which enable an analysis of the usage behaviour, the advertising success (so-called conversion) and a re-targeting of the users on websites of third parties (so-called retargeting). Third parties can store cookies on the user’s device directly when visiting our websites or we transmit IDs without personal reference.

In this way, the following data can be transmitted:

  1. Websites or advertisements visited before our website (referrer)
  2. Use of our website functions
  3. Entered search terms
  4. Frequency of page views
  5. Shopping Cart (and cancellations)

We use the following third party providers to analyse usage behaviour : Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“) within the scope of order processing and at the appropriate data protection level (see above on EU-US Privacy Shield). Google Analytics also uses cookies, which enable an analysis of the use of the website by the users. The information generated by cookies about your use of this website (including your IP address) is generally transferred to a Google server in the USA and stored there. We activate IP anonymisation by adding the code „anonymizeIp“ to the websites, so that Google shortens your IP address within EU/EEA member states beforehand (so-called IP masking). Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website (also Optimize for A/B testing function, i.e. response to various representations of the website), to compile reports on website activities for us and to provide other services relating to website and Internet use. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Information Google receives from interest-based advertising and third parties (e.g. demographics, gender and interests) may be collected in the cookie information. The storage period is 26 months (user and event data).

You can find more information about Google at http://www.google.com/intl/de/analytics/privacyoverview.html (general information about Google Analytics and data protection). Google offers an extension for web browsers (Add-On) to prevent data collection by Google Analytics and processing of this data by Google. The add-on can be downloaded and installed at https://tools.google.com/dlpage/gaoptout at your own risk.

We use the following third parties for user remarketing: „Website Custom Audiences“ by Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour Dublin 2, Ireland („Facebook“) is implemented as pixel to advertise on the Social Network. Facebook operates at the appropriate level of privacy (see above on EU-US Privacy Shield). When you visit our websites, a direct connection between your browser and the Facebook server is established via the pixel. If you are a Facebook user and do not delete cookies before you log in to Facebook, Facebook can associate your visit to our website with your user account. We can only choose which segments of Facebook users (such as age, interests) our advertising should be displayed. No personal data records, in particular no e-mail addresses of our users – neither encrypted nor unencrypted – are transmitted to Facebook. Facebook can be informed about browser and device types, cookie ID, number and amount of orders. For more information, please see Facebook’s privacy policy at https://www.facebook.com/about/privacy. Please click here if you as a Facebook user do not wish to receive data via custom audiences: https://www.facebook.com/settings?tab=ads

We use Facebook Conversion Tracking to analyse advertising success. By calling up this pixel from your browser, Facebook can then see whether a Facebook ad was successful, e.g. whether it led to an online purchase. We only receive statistical data from Facebook for this purpose without reference to a specific person. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. In particular if you are logged on to Facebook, we refer you to their data protection information https://www.facebook.com/about/privacy/. Facebook customers can unsubscribe from the feature here: https://www.facebook.com/ads/preferences?hc_location=ufi

We use conversion tracking technology and the retargeting function of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA on our website to re-approach with your consent. With the help of this technology, visitors to our website can be shown personalized advertisements on LinkedIn. It is also possible to generate anonymous reports on the performance of the advertisements and information on website interaction. For this purpose, the LinkedIn Insight Tag is integrated on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time. We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or how it is used by LinkedIn. The information about your use of our website recorded by the LinkedIn Insight Tag is encrypted. The cookie is stored in the LinkedIn member's browser until the member deletes the cookie or it expires (the expiry date is six months after the member's browser last loaded the Insight Tag).

The data processing takes place on the basis of your consent and thus on the legal basis of Art. 6 Para. 1 lit. a) GDPR. You can object to the collection and use of your data to display LinkedIn Ads or revoke your consent at any time, e.g. by changing your cookie settings on our site accordingly. LinkedIn members have the option of opting out of LinkedIn conversion tracking and blocking and deleting cookies or deactivating demographic characteristics at https://www.linkedin.com/psettings/advertising/. In the LinkedIn settings, there is no separate opt-out option for third-party impressions or click tracking for campaigns running on LinkedIn, as all underlying campaigns respect the settings of LinkedIn members. You can also deactivate the LinkedIn Insight Conversion Tool and interest-based advertising as a non-member by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

In the data protection guideline of LinkedIn at https://www.linkedin.com/legal/privacy-policy you can find further information on data collection and data usage as well as the possibilities and rights for the protection of your privacy.

Legal basis for data processing

If our use of cookies means the processing of personal data, the legal basis is Art. 6 para. 1 lit. b, lit. f GDPR.

Purpose of data processing

The purpose of the use of technically necessary cookies pursuant to Art. 6 para. 1 lit. b GDPR is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

  1. Age limit
  2. Language settings
  3. Shopping Cart (We use WordPress to run our websites and the plugin WooCommerce for the shopping cart.)

The user data collected by technically necessary cookies are not used to create user profiles.

If the other cookies are processed, we have a legitimate interest in processing the personal data in accordance with Art. 6 para. 1 lit. f GDPR:

The analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer. We recognize which advertising measures caused our websites to be visited (so-called conversion tracking). We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting and easier for you and to achieve a fair calculation of advertising costs.

Retargeting takes place in order to address previous users of our websites again to third party websites and to motivate them to interact. Users receive advertising content on third-party websites that is related to their interests instead of merely general advertising content.

Duration of storage

Cookies are stored on the user’s computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full (see „technically necessary cookies“ above).

The cookie storage time is indicated above. Otherwise they are set indefinitely until you delete the memory in the browser.

Possibility of objection and elimination

You can disable or restrict the processing of cookies by the service providers used by us using the above links. You can also use the preference management of the „yourchoices“ voluntary commitment for interest-based advertising: http://www.youronlinechoices.com/de/praferenzmanagement/

The objection remains valid as long as the associated OptOut cookie is not deleted. This cookie is set for the domain, per browser and user of a computer. If you access our website from multiple devices and browsers, you must therefore object to data collection separately and again on each of these devices and in each browser.

Promotional emails (newsletters and messages to buyers)

Description and scope of data processing

On our website you have the possibility to subscribe to a free newsletter. This data is transmitted to us when you register for the newsletter:

  1. E-mail address as specified
  2. Title, first and last name (optional)
  3. IP address of the calling computer
  4. Date and time of registration

During the registration process, your consent is obtained for the processing of the data and reference is made to this data protection declaration. You will first receive an e-mail requesting confirmation of your registration (double-opt-in procedure). If you are a customer, we will create the newsletter for you as individually as possible, taking into account your previous purchases and sales.

If you buy or sell goods on our website and provide us with your e-mail address, we may subsequently use it to send you a newsletter. In such a case, the newsletter will only send direct advertising for similar goods or services of our own. You will be notified of this upon registration or sale.

In connection with the data processing for the dispatch of newsletters, no data is passed on to third parties for own purposes.

We use the service provider Mandrill Inc, 512 Means Street, Sweet, 404, Atlanta, GA 30318, USA, a company of the Rocket Science Group, LLC d/b/a MailChimp LLC. Mandrill manages the e-mails of newsletter recipients and customers and organizes the processing. Mandrill processes for us the content and technology of communication as well as the measurement of e-mail usage. This is done within the framework of order processing and at the appropriate level of data protection (see above on EU-US Privacy Shield). For more information about Mandrill’s data processing, please see our privacy policy at https://mailchimp.com/legal/privacy. The agreement on order data processing and certification according to EU-US Privacy Shield is available.

Legal basis for data processing

The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR.

The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 para. 3 UWG.

The legal basis for e-mails and their usage measurement is Art. 6 Para. 1 lit. a, lit. f GDPR.

Purpose of data processing

The collection of the user’s e-mail address serves to send the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

The messages to customers as reminders of shopping baskets or loyalty campaigns offer targeted communication for users and us. Requests for surveys and evaluations are also in our legitimate interest because they improve our services.

Profiling based on previous purchases, sales and use of the newsletter is in our legitimate interest in order to send relevant news to users.

Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user’s e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process will generally be deleted after a period of seven days.

After a cancellation we store the data purely statistically and anonymously.

Possibility of objection and elimination

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter. Furthermore you have the possibility to unsubscribe from the newsletter in your customer account. For further information see below „Rights of the data subject“.

You can also restrict the usage measurement by deactivating the display of images in your e-mail program by default.

Website popups for ratings

Description and scope of data processing

When you visit our website you may be asked to rate our products. This is done with separate windows (PopUps). Participation in the evaluation is always voluntary. The platforms do not receive any personal data from us unless otherwise stated here.

We use the service survey online of enuvo GmbH, Seefeldstrasse 25, 8008 Zurich, Switzerland. You can view their data protection declaration here: https://www.umfrageonline.com/datenschutz

Legal basis for data processing

The legal basis for requests for evaluations is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The processing of data by us or our contractors is in the legitimate interest of improving our services for users and increasing our reach through (positive) evaluations

Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

Possibility of objection and elimination

If you unsubscribe from the newsletter, you will no longer receive any e-mails from us requesting an evaluation.

Verkauf von Waren

Description and scope of data processing

On our website we offer users the possibility to buy goods from us.

With the sale process, the user’s consent to the processing of the data mentioned below is obtained.

  1. E-mail address
  2. Title, first and last name, billing and/or delivery address
  3. Phone number
  4. Order date/time
  5. Product
  6. Confirmation of the payment service provider
  7. IP address of the device used

The data is either entered by the user in the order form or – especially when the user uses the express function – transmitted to us by the payment service provider.

The payment service provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. He is your data protection officer. The payment service provider is responsible for your payment data. When selecting certain means of payment, payment service providers may carry out a credit risk assessment on the basis of mathematical-statistical procedures (so-called scoring) at a credit agency. We have no influence on the evaluation and do not receive any audit results. Information, in particular about the responsible body of the payment service providers, the contact data of the data protection officers of the payment service providers and the categories of personal data processed by the payment service providers, can be obtained from the service provider Paypal. Information on data protection and also on possible credit checks by other service providers can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_EN

The shipping company is DHL Paket GmbH. They will act for you as the responsible body. We transmit the information to them as far as it is required for delivery or status of the shipment.

Legal basis for data processing

The legal basis is Art. 6 para. 1 lit. a and lit. b and lit. f GDPR.

Purpose of data processing

The user gives his consent. The processing of data for logistics, payment and dispatch is necessary for the fulfilment of the contract in accordance with Art. 6 Para. 1 lit. b GDPR. This concerns our sale of goods by or to the user. With regard to the integration of the Trusted Shop seal of approval, there is a legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR.

Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

This is the case for those during the sales contract or for the execution of pre-contractual measures when the data is no longer necessary for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

Possibility of objection and elimination

If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

You can change the data stored about you at any time. For further information see below „Rights of the data subject“.

Contact form and e-mail contact

Description and scope of data processing

There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. The user’s message and email address are required. Further data is optional:

  1. Title, first, and last name
  2. Order number
  3. Phone number

Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection declaration.

Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted by e-mail will be stored.

We send e-mails in connection with the sale of goods (so-called transaction e-mails) via the „one.com“ service.

Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 exp. 1 lit. b GDPR.

Purpose of data processing

The user gives his consent. The processing of the personal data from the input mask serves us for the treatment of the establishment of contact.

Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when the circumstances are such that it is certain that the matter in question has been finally clarified.

Possibility of objection and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. For further information see below „Rights of the data subject“.

Rights of the person concerned

If personal data are processed by you, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

Right to revoke the data protection declaration of consent (cf. Art. 7 para. 3 GDPR)

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

Right to information (cf. Art. 15 GDPR)

You can ask the person in charge to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you can request the following information from the person responsible:

  1. The purposes for which the personal data are processed;
  2. The categories of personal data processed;
  3. The recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
  4. The planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  5. The existence of a right to have your personal data concerning you corrected or deleted, a right to have processing restricted by the controller or a right to object to such processing;
  6. The existence of a right of appeal to a supervisory authority;
  7. Any available information on the origin of the data if the personal data are not collected from the data subject;
  8. The existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
  9. You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

Right to correction (cf. Article 16 GDPR)

You have a right to correction and / or completion with the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

Right to deletion of data (see Art. 17 GDPR)

Deletion duty

You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing
  3. You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
  4. The personal data concerning you have been processed unlawfully.
  5. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
  6. The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

Information to third parties

If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

Exceptions

The right to cancellation does not exist insofar as the processing is necessary

  1. to exercise freedom of expression and information;
  2. to fulfil a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject, or to perform a task in the public interest or in the exercise of official authority conferred on the controller (such as commercial and fiscal retention obligations.);
  3. aus Gründen des öffentlichen Interesses im Bereich der öffentlichen Gesundheit gemäß Art. 9 Abs. 2 lit. h und i sowie Art. 9 Abs. 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
  5. to assert, exercise or defend legal claims.

Right to limitation of processing (cf. Art. 18 GDPR)

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

  1. if you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  3. the controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
  4. if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the processing restriction has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.

Right to information (see Article 19 GDPR)

If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

The person responsible shall have the right to be informed of such recipients.

Right to data transferability (cf. Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that

  1. processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
  2. processing is carried out using automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

Right of objection (cf. Art. 21 GDPR)

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f) of the DSBER; this also applies to profiling based on these provisions. (We waive profiling.)

The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right pursuant to Art. 21 para. 2, 3 GDPR to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

Automated decision in individual cases including profiling (cf. Art. 22 GDPR)

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and the person responsible,
  2. is admissible by law of the Union or of the Member States to which the person responsible is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
  3. with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision.

(We waive profiling.)

Right of appeal to a supervisory authority (cf. Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Validity of this data protection declaration

We reserve the right to change this privacy policy from time to time. The current version is available on our website. If a change significantly restricts the rights of registered users, we will notify them. Furthermore, the currently available data protection declaration is valid for our website users.

 

Release 25 May 2018