Privacy Policy
Data processing by us
When using the website https://vindelici-creative.com/, its functionalities, contacting us and making an enquiry, you provide us with personal data, which we process for the purpose of processing your inquiries. We only process this data strictly for a specific purpose within the framework of data protection laws.
I. RESPONSIBLE PERSON WITHIN THE MEANING OF DATA PROTECTION LAWS
Vindelici Creative GmbH
Unter den Linden 26-30
10117 Berlin
Telephone number: +49 (0) 821/20 70 80 — 0
Represented by its managing directors:
Dr. Michael Hofmann, Leonis Petschmann
II. DATA PROTECTION OFFICER
We have appointed a company data protection officer for our company:
Fly-tech IT GmbH & Co. KG
Winterbruckenweg 58
86316 Friedberg
III. GENERAL INFORMATION ABOUT DATA PROCESSING
Scope of processing of personal data in general
In principle, we only process personal data to the extent necessary to provide a functional website and our content and services.
Legal basis for processing personal data
The respective legal basis for processing personal data results from the General Data Protection Regulation, Article 6 para. 1 lit. a) — f) GDPR.
If the data subject gives consent, the legal basis is Art. 6 para. 1 lit. a) GDPR.
Art. 6 para. 1 lit. b) GDPR is the legal basis for the processing of personal data necessary to fulfill a contract to which the data subject is a party, or for processing operations involving pre-contractual measures taken at the request of the data subject.
If processing is necessary to fulfill a legal obligation on the part of the person responsible, the legal basis is Art. 6 para. 1 lit. c) GDPR.
If the vital interests of the data subject or another natural person make processing necessary, the legal basis is Art. 6 para. 1 lit. d) GDPR.
Is the processing for carrying out a task required those in the public interest If or is in the exercise of official authority delegated to the controller, the legal basis is Art. 6 para. 1 lit. e) GDPR.
If processing is necessary to protect a legitimate interest of our company and if the interests, fundamental freedoms or fundamental rights of the data subject do not prevail, the legal basis is Art. 6 para. 1 lit. f) GDPR.
Provision of personal data required for the conclusion of a contract or due to legal storage obligations
When you contact us, we collect personal data. We store this data partly on the basis of legal regulations, and partly it is necessary to conclude a contract. If you want to conclude a contract with us, you must provide us with your data so that we can provide our services to you. In addition, we have legal storage obligations due to tax and commercial law aspects, which we must comply with. Otherwise, we may not be able to provide our services to you.
Before providing your personal data, you are welcome to contact your respective contact person in our company to find out whether we need your data to conclude a contract and/or our legal storage obligations and what the consequences are if you do not provide us with the data.
Data deletion and storage period
We store your personal data as long as this is necessary to fulfill the purpose or as long as storage is required by law, Art. 6 para. 1 lit. c) GDPR.
If the purpose for storing personal data no longer exists, this data will be deleted or restricted in processing after 6 months, unless there is a need to continue storing the data to conclude or fulfill a contract.
Any further storage will only take place if this has been provided for by European or national legislators.
SSL or TLS encryption
On the entire website, we use SSL or TLS encryption on the one hand for security reasons and on the other hand to protect your confidential data.
This encryption means that confidential data, such as inquiries or orders that you submit to us, cannot be viewed by third parties.
You can recognize an encrypted connection when the browser's address line changes from “http://” to “https://” and a green lock icon is displayed in the address bar.
IV. AUTOMATIC DATA PROCESSING WHEN ACCESSING THE WEBSITE WWW.VINDELICI-CREATIVE.COM
IP address
- Description and scope of data processing
When this page is accessed, requests are sent to the server, which it must answer. For this purpose, your IP address must be collected and processed in order to be able to answer the corresponding server inquiries. - Legal basis for data processing
The legal basis for processing this data is Art. 6 para. 1 lit. f) GDPR. - Purpose of data processing
The purpose of processing your IP address is to make the website work and to provide technical access. - Legitimate interest
The legitimate interest in temporarily storing the IP address is that the functionality and provision of the technical availability of the website is not possible without this. - Storage period
The data will be deleted as soon as further storage is no longer necessary due to the achievement of the purpose. When data is collected to provide the website, this is the case when the retrieval process is completed. - Recipients of personal data
The IP address is processed by the following hosting provider on behalf of an order processing agreement in accordance with Art. 28 para. 2, para. 4 GDPR:
RAIDBOXES GmbH
Hafenstraße 32
48153 Munster
Hosting/domain
- Description and scope of data processing
We use the services of our hosting service provider for the technical implementation of the website and its availability as well as its technical maintenance. This includes the provision of storage and database services as well as their maintenance and care. - Legal basis for data processing
The legal basis for processing this data is Art. 6 para. 1 lit. f) GDPR. - Purpose of data processing
The purpose of processing is to implement the online offer and to identify incorrect functionalities and attempts to break in. - Legitimate interest
The legitimate interest in hiring the hosting service provider is external technical expertise and the provision of a functional and uncompromised technical website environment. - Recipients of personal data and data categories
The following hosting provider works for us on the basis of an order processing agreement in accordance with Art. 28 para. 2, para. 4 GDPR:
RAIDBOXES GmbH
Hafenstraße 32
48153 Munster
Affected data categories are:
user data
communication data
contact details
Contract data
server log files
- Description and scope of data processing
The IP addresses collected when you access this page are also stored in so-called server log files in order to detect and correct technical faults and/or attempts to manipulate and break into the server structure. In addition, the hosting provider of this website automatically collects, stores and processes information in so-called server log files, which are automatically transmitted by your browser. This information is:
IP address
Browser type and browser version used
operating system used
Timestamp
Page viewed
However, this information is not combined with other data sources. - Legal basis for data processing
The legal basis for processing this data is Art. 6 para. 1 lit. f) GDPR. - Purpose of data processing
The purpose of processing your IP address and the above information is to identify incorrect functionalities and attempts to break in. - Legitimate interest
The legitimate interest in processing the IP address and the above information is to provide a functional and uncompromised technical website environment. - Storage period
The data will be deleted within 7 days. - Recipients of personal data
The IP address and the above information are processed by the following hosting provider on behalf of an order processing agreement in accordance with Art. 28 para. 2, para. 4 GDPR:
RAIDBOXES GmbH
Hafenstraße 32
48153 Munster
External hosting
We host our website with Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow). When you visit our website, Webflow collects various log files, including your IP addresses.
Webflow is a tool for building and hosting websites. Webflow stores cookies or other recognition technologies that are necessary to display the page, to provide certain website functions and to ensure security (necessary cookies).
For details, see Webflow's privacy policy: EU & Swiss Privacy Policy | Webflow.
Webflow is used on the basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.
Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: EU & Swiss Privacy Policy | Webflow.
Order processing
We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
V. USE OF COOKIES
- Description and scope of data processing
The website www.vindelici-creative.com uses so-called “cookies”. Cookies are text files that are stored in memory and/or on a data carrier on your device used to visit the page and are processed by your Internet browser in accordance with the settings stored there. - Disable cookies
You can also determine whether cookies can be set and retrieved through the settings in your Internet browser. For example, you can completely deactivate the storage of cookies in your browser, restrict them to specific websites or configure your browser so that it automatically notifies you as soon as a cookie is about to be set and asks you for feedback. You can block or delete individual cookies. For technical reasons, however, this may result in some functions of our website being impaired and no longer fully functioning.
VI. PROCESSING OF PERSONAL DATA VIA E-MAIL
- Description and scope of data processing
For inquiries by email, personal data is processed depending on the content of your email: In any case, this is your email address, date and time, and the content of the message. In addition, depending on the content of your email, the following personal data, for example, may be processed: First name, last name Telephone number The data is used exclusively to process the conversation and/or to carry out and/or initiate a contractual relationship. - Legal basis for data processing
Based on the user's express request via email, the legal basis for processing the data is Art. 6 para. 1 lit. f) GDPR. If contacting us by e-mail is also aimed at concluding and/or executing a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR. - Purpose of data processing
The processing of personal data via your email request is for the sole purpose of contacting and enabling the company to contact the customer for informational purposes on the customer's initiative. Depending on the intent and content of your request, the purpose may also be to initiate and/or implement a contractual relationship. - Legitimate interest
The legitimate interest in data processing lies in being able to process your request and to be able to answer you in accordance with your request. The data collected will be processed on the basis of an inquiry from you. This processing is also in your interest in order to be able to respond to your request in accordance with your expectations. - Storage period
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any further legal storage requirements (e.g. 10 years according to AO, 6 years in accordance with HGB). For your email, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has finally been clarified.
VII. PROCESSING OF PERSONAL DATA VIA TELEPHONE
- Description and scope of data processing
In the case of telephone inquiries, personal data is processed, depending on the content of the call: Depending on the information you provided during the telephone call, this may also include the following personal data:
First name, last name
phone number
customer number
Payment details
Contract data
The data is used exclusively to process the conversation and/or to carry out and/or initiate a contractual relationship. - Legal basis for data processing
Based on the user's express request via telephone, the legal basis for processing the data is Art. 6 para. 1 lit. f) GDPR. If contacting us by telephone is also aimed at concluding and/or executing a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR. - Purpose of data processing
The processing of personal data via the telephone call serves the sole purpose of contacting and enabling the company to contact the customer for informational purposes on the customer's initiative. Depending on the intent and content of your request, the purpose may also be to initiate and/or execute a contractual relationship, as well as to maintain the customer relationship. - Legitimate interest
The legitimate interest in data processing lies in being able to process your request and to be able to answer you in accordance with your request. The data collected will be processed on the basis of an inquiry from you. This processing is also in your interest in order to be able to respond to your request in accordance with your expectations. - Storage period
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any further legal storage requirements (e.g. 10 years according to AO, 6 years in accordance with HGB). For your email, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has finally been clarified.
VIII. PROCESSING OF PERSONAL DATA BY HANDING OVER BUSINESS CARDS
- Description and scope of data processing As part of the initial contact when you handed over the business card, you provided us with your personal data. These are: Name, first nameCompany address of company contact dataWe process this data in our CRM system.
- Legal basis for data processing
The legal basis is Art. 6 para. 1 lit. f) insofar as the processing is based on your consent. - Purpose/legitimate interest of data processing
We process this data to enable business communication and to identify common business interests as well as to maintain a customer relationship. We only process your personal data for this purpose and only to the extent that you have provided it to us. - Storage period
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any further legal storage requirements (e.g. 10 years according to AO, 6 years in accordance with HGB).
IX. PROCESSING OF PERSONAL DATA AS PART OF THE APPLICATION PROCESS
- Description and scope of data processing
In job advertisements or on our website, we regularly provide information about current vacancies. You have the option to apply for these jobs. You can send us this application data either by post or by e-mail. If you send us your application by post, the following data may be processed:
- Name, address and contact details
- Curriculum vitae including all other information
- Personal cover letter
- qualifications
- interests
- First name, last name
- phone number
If you send us your data by email, we will also process your email address, date and time, and the content of the message. In addition, depending on the content of your email, the following personal data may be processed: first name, last name, telephone number.
The data is used exclusively as part of the application process to decide on the vacancy.
- Legal basis for data processing
The legal basis for processing data as part of the application process is Art. 6 para. 1 lit. b) GDPR, § 26 para. 1 BDSG. If, as part of the application process, you provide us with special categories of personal data, such as an existing disability status or health data, which are necessary to assess your suitability for a specific position, the data provided on your initiative will be processed in accordance with Art. 9 para. 2 lit. b), lit. h) GDPR, § 26 para. 3 BDSG. - Purpose of data processing
The processing of personal data as part of the application process serves the sole purpose of personnel planning and establishing employment relationships. - Legitimate interest
The legitimate interest in data processing lies in the need to fill vacant positions with qualified applicants as part of sustainable personnel planning and corporate management. - Storage period
If an application is rejected, the data will be deleted within 6 months of rejection. Data from successful applications is subject to storage obligations arising from employment and social law regulations, the AO and the HGB.
- Description and scope of data processing
In job advertisements or on our website, we regularly provide information about current vacancies. You have the option to apply for these jobs. You can send us this application data either by post or by e-mail. If you send us your application by post, the following data may be processed:
- Name, address and contact details
- Curriculum vitae including all other information
- Personal cover letter
- qualifications
- interests
- First name, last name
- phone number
If you send us your data by email, we will also process your email address, date and time, and the content of the message. In addition, depending on the content of your email, the following personal data, for example, may be processed:
The data is used exclusively as part of the application process to decide on the vacancy.
- Legal basis for data processing
The legal basis for processing data as part of the application process is Art. 6 para. 1 lit. b) GDPR, § 26 para. 1 BDSG. If, as part of the application process, you provide us with special categories of personal data, such as an existing disability status or health data, which are necessary to assess your suitability for a specific position, the data provided on your initiative will be processed in accordance with Art. 9 para. 2 lit. b), lit. h) GDPR, § 26 para. 3 BDSG. - Purpose of data processing
The processing of personal data as part of the application process serves the sole purpose of personnel planning and establishing employment relationships. - Legitimate interest
The legitimate interest in data processing lies in the need to fill vacant positions with qualified applicants as part of sustainable personnel planning and corporate management. - Storage period
If an application is rejected, the data will be deleted within 6 months of rejection. Data from successful applications is subject to storage obligations arising from employment and social law regulations, the AO and the HGB.
X. ADDITIONAL INFORMATION FOR ONLINE PRESENCE ON SOCIAL MEDIA
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to be able to inform them about our services there.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights.
Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created from user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably match the interests of users. For these purposes, cookies are usually stored on users' computers, in which the user behavior and interests of the users are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).
Additional information about our online presence on LinkedIn:
- Jointly responsible for processing
For data processing on our online presence on LinkedIn, we, Vindelici Creative GmbH (see contact details above at I.), together with LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland, hereinafter “LinkedIn”), jointly responsible for processing within the meaning of data protection laws.
We have therefore concluded an agreement with LinkedIn in accordance with Article 26 (1) GDPR, in which we have regulated who fulfills which data protection obligations. This agreement is made available to you by LinkedIn at the following link: https://legal.linkedin.com/pages-joint-controller-addendum
In LinkedIn's privacy policy (https://www.linkedin.com/legal/privacy-policy), you will find information about the processing of your data both by LinkedIn and by us when you access and interact with our online presence on LinkedIn. There you will also find information about your rights and settings with regard to the processing of your data.
The information contained in this section of our privacy policy is therefore only applicable in addition to the information provided by LinkedIn. - Contact details of the data protection officer
The contact details of our data protection officer can be found at II. - Collection, processing and use of your personal data by us
Our online presence on LinkedIn gives you the opportunity to react to our posts, write comments or send us private messages.
- Categories of affected persons
Affected persons are registered and unregistered visitors to our online presence on LinkedIn on the LinkedIn social network. - Data that we process from registered visitors to our online presence on LinkedIn
- User ID (username) with which you registered
- Approved profile data (e.g. job, professional experience, qualifications, contact details, activities and interests, etc.)
- Approved profile data (e.g. job, professional experience, qualifications, contact details, activities and interests, etc.)
- Data generated when sharing content, exchanging messages, and communicating
- Data required as part of contract processing at the request of registered visitors
In addition, we process pseudonymized data from registered visitors, such as: statistics and insights on how to interact with our online presence, the contributions, pages, videos and other content provided via it (page activity, page views, “likes” information, reach, general demographic, location and interest-based information about age, gender, country, city, language). This pseudonymized data is provided to us by LinkedIn in the form of statistics and cannot generally be combined by ourselves with the corresponding personal data (attribution characteristics such as name details). - Data that we process from unregistered visitors to our online presence on LinkedIn
Pseudonymized data such as statistics and insights on how to interact with our fan page, the contributions, pages, videos and other content provided via it (page activity, page views, “likes” information, reach, general demographic, location and interest-based information about age, gender, country, city, language). We ourselves cannot combine this pseudonymized data with the corresponding personal data (attribution characteristics such as name information). This makes it impossible for us to identify individual visitors. They remain anonymous to us. - Source of data
We collect the data directly from the person concerned or receive it from the platform operator. - Purposes of data processing
We process the data primarily for external presentation purposes. In addition, we process the data for communication and data exchange as well as to organize events. Finally, the data can also be processed to initiate or process a contract. - legal bases
Further information on this is available at General information about data processing.
Data processing for the purpose of public presentation is carried out on the legal basis of Art. 6 para. 1 lit. f) GDPR (legitimate interests) and in our interest in providing a platform with up-to-date information, improving our offering, our website and presenting our company. Data processing for communication with you via our online presence on LinkedIn is based on the legal basis of Art. 6 (1) (b) GDPR (contract initiation and execution), insofar as the content relates to an existing contractual relationship or you are interested in concluding a contract. Otherwise, data processing is carried out on the legal basis of Art. 6 para. 1 lit. f) GDPR (legitimate interests) and in our interest in effective communication with users in case of questions and other concerns. - Storage period
Based on the agreement concluded with the platform operator in accordance with Article 26 (1) GDPR, the platform operator is obliged to store and delete the data. - Recipient categories
Only our employees and service providers can access the data we process. If the persons concerned publicly post their data on our online presence on LinkedIn, these can be viewed by other registered and possibly unregistered visitors at any time.
- Categories of affected persons
XI. ADDITIONAL INFORMATION ABOUT YOUTUBE VIDEOS
- Description and scope of data processing
We use videos and plug-ins from YouTube on our website. In accordance with the YouTube Terms of Use (as of 22.01.2019), the YouTube service is provided in the area of the European Economic Area and Switzerland by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). In other countries, the YouTube service is provided by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA; “YouTube”). Google Ireland Limited and YouTube LLC are subsidiaries of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
We use YouTube's so-called “extended data protection mode”. This means that when you visit our websites, only the technically necessary data is transmitted to the service provider responsible for your area (YouTube LLC or Google Ireland Limited), which your browser must send to retrieve the video from YouTube (retrieved video, date and time, IP address, browser type and settings, operating system).
Only when you click on the video will further data be transmitted to the service provider responsible for your area. At the same time, YouTube also regularly stores data on your device using cookies and similar technologies. If you have a YouTube or Google account, additional data about the video call can be assigned directly to your account, depending on your account settings.
For more information on the purpose and scope of data collection and processing by YouTube and Google, please see Google's privacy policy: https://www.google.com/intl/de_de/policies/privacy/. There you will also find further information about your rights in this regard and settings options to protect your privacy. - Legal basis for data processing
Your data is processed on the legal basis of Article 6 (1) (f) GDPR (legitimate interests). - Purpose of data processing
The purpose of data processing is to be able to provide you with videos from the YouTube platform on our websites. - Legitimate interest
Our legitimate interest in data processing is to be able to provide you with the videos on our website and at the same time relieve our servers.
XII. MATOMO
- Description, scope and purpose of data processing
This website uses Matomo (formerly Piwik), an open-source software for the statistical evaluation of visitor access.
Matomo uses so-called cookies, i.e. text files that are stored on your computer and allow an analysis of your use of the website.
The information generated by the cookie about your use of the website is stored with your consent in accordance with the description under V. You can withdraw your consent to the statistical analysis of your website usage using Matomo at any time with effect for the future by adjusting your selection in the Matomo cookie settings.
The IP address is anonymized immediately after processing and before storage. You can prevent the installation of cookies by changing the settings in your browser software. We would like to point out that if you set the appropriate settings, not all functions of this website may be available anymore.
You can decide whether a unique web analysis cookie may be stored in your browser to enable the website operator to collect and analyze various statistical data.
For more information about Matomo software privacy settings, please visit the following link: https://matomo.org/docs/privacy/. - Legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR in conjunction with your consent to the statistical analysis of your website usage using Matomo. - Storage period
Your data collected as part of website analysis using Matomo will be deleted after 13 months.
XIII. RIGHTS OF DATA SUBJECTS
If you process personal data, you are the data subject within the meaning of the General Data Protection Regulation. You therefore have the following rights vis-à-vis the person responsible.
To exercise your rights as a data subject vis-à-vis us as the person responsible, please contact the following e-mail address: [email protected]
- Right to information — Art. 15 GDPR You have the right to request confirmation from the person responsible as to whether personal data concerning you is being processed.
If there is such processing, you have the right to information about this personal data and to the following information:
the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data have been or will be disclosed;
where possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining the storage period;
the existence of a right to correct or delete personal data concerning you, a right to restrict processing by the person responsible or a right to object to this processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information about the origin of the data if the personal data is not collected from the data subject;
the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You also have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organization. In this context, you can also request to be informed of the appropriate guarantees in accordance with Article 46 of the GDPR in connection with the transfer.
- Right to rectification — Art. 16 GDPR
You have the right vis-à-vis the person responsible to correct and/or complete the data concerning you immediately if the processed personal data is incorrect or incomplete.
- Right to deletion — Art. 17 GDPR
Obligation to delete:
You have the right to request the immediate deletion of your personal data at any time, provided that one of the following reasons applies:- the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
- You have withdrawn your consent on which processing was based in accordance with Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for processing;
- You have objected to processing in accordance with Article 21 (1) and there are no overriding legitimate reasons for the processing, or
- You have filed an objection to processing in accordance with Article 21 (2) of the GDPR;
- the personal data concerning you has been processed unlawfully;
- the deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject;
- The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
Exceptions:
There is no right to deletion insofar as processing is necessary- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task which is in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3);
- for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Article 89 1 GDPR, insofar as the right referred to in section a) is likely to make impossible or seriously impair the achievement of the objectives of this processing, or
- to assert, exercise or defend legal claims.
- Right to restrict processing — Art. 18 GDPR
You have the right to request the restriction of personal data concerning you under the following conditions:- if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
- if the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- if the person responsible no longer needs the personal data for processing purposes, but you need them to assert, exercise or defend legal claims, or
- if you have filed an objection to processing in accordance with Article 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.
- Right to be informed — Art. 19 GDPR
If you have exercised any of your rights to correct, delete or restrict processing, we are obliged to notify all recipients to whom the personal data concerning you has been disclosed of the correction, deletion of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You also have the right to be informed about these recipients.
- Right to data portability — Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that
- a) processing is based on consent in accordance with Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract in accordance with Art. 6 para. 1 lit. b) GDPR and b) the processing is carried out using automated procedures.
- Right to object — Art. 21 GDPR
For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller will no longer process your personal data unless he can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you have the option to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications.
- Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your data protection consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.
- Right to lodge a complaint with a supervisory authority — Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is contrary to the General Data Protection Regulation.
The supervisory authority with which you lodge a complaint must inform you, as the complainant, of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.