Data protection declaration
SEVERIN Elektrogeräte GmbH, Röhre 27, 59846 Sundern, (hereinafter also referred to as we/us) is responsible for SEVERIN's internet provision.
With the data protection declaration web pages we would like to inform you comprehensively and in detail how we protect your privacy and how personal data is processed in the context of our web pages and/or online provision. Personal data will be deleted as soon as possible and - subject to the following regulations - will never be used or passed on for advertising purposes without your consent.
If the following information is insufficient or incomprehensible, please do not hesitate to contact our data protection officer via the contact details listed in section II.
- Responsible body / data protection officer / supervisory authority
Data protection officer
Responsible supervisory authority
SEVERIN Elektrogeräte GmbH
SEVERIN Elektrogeräte GmbH
- Data protection officer -
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia)
PO Box 20 04 44
- General principles / Information
The definitions are based on Regulation (EU) 679/2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation" or the "GDPR").In particular, the definitions in Art. 4 and Art. 9 GDPR apply. For your information, we have summarised the essentially relevant definitions below in section X. once again.
- Scope of personal data processing
We only collect and use our users' personal data insofar as this is necessary for the production and provision of our services and for the provision of our web or online offers (including mobile apps).
- Legal basis
Insofar as personal data is processed on the basis of the data subject's consent, Art. 6 para. 1 (a) GDPR is the legal basis for processing.
In the processing of personal data for the performance of a contract to which the data subject is a party, the legal basis is Art. 6 para. 1 (b) GDPR. This also applies to the processing required for the performance of pre-contractual measures.
If personal data is processed in order to fulfil a legal obligation to which we are subject, Art. 6 para. 1 (c) GDPR is the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Para. 1 (d) GDPR applies as the legal basis.
If processing is necessary to safeguard our company's legitimate interests or those of a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 (f) GDPR serves as the legal basis for processing.
- Processing for the enforcement of claims / fulfilment of legal obligations
We reserve the right to process personal data for the purpose of asserting claims in the context of justified interests pursuant to Art. 6 para. 1 (f) GDPR; this also includes the transmission of data to authorities and/or courts. Likewise, data may be processed and/or transmitted for the purpose of fulfilling statutory or legal obligations (e.g. information from authorities, etc.); the legal basis for this is Art. 6 para. 1 (c) GDPR.
- Obtaining consent / right of revocation
Consents pursuant to Art. 6 para. 1 (a) GDPR are always voluntary and are generally obtained in writing or electronically. Electronic consent is obtained by ticking the corresponding box for the purpose of documenting the granting of consent. The content of the declaration of consent is recorded electronically.
Right of revocation: Please note that a consent once given can be revoked at any time with effect for the future - in full or in part. The legality of processing based on consent until revocation remains unaffected by this. Please address any revocation to the contact details given in section II (responsible body or data protection officer).
- Recipient of personal data
In order to provide our web and/or online services, we sometimes use third party service providers who act on our behalf and in accordance with our instructions (contract processors).These service providers may receive personal data or come into contact with personal data within the scope of the provision of services and represent third parties or recipients within the framework of the GDPR.
In such a case, we ensure that our service providers offer sufficient guarantees that suitable technical and organisational measures are in place and that processing is carried out in such a way that they comply with the requirements of the GDPR and guarantee the protection of the rights of the person concerned (cf. Art. 28 GDPR).
Insofar as a transfer of personal data to third parties and/or recipients takes place outside the processing of an order, we ensure that this takes place exclusively in accordance with the requirements of the GDPR and only if there is a corresponding legal basis (e.g. Art. 6 para 4 GDPR, for the rest see section III.3).
- Processing of data in so-called third countries
Your personal data is processed within the EU or the European Economic Area ("EEA").
Only in exceptional cases (e.g. in connection with the use of service providers for the provision of web analysis services) can information be transferred to so-called "third countries". "Third countries" are countries outside the European Union and/or the Agreement on the European Economic Area where an adequate level of data protection in accordance with EU standards cannot be readily assumed.
If the transmitted information also includes personal data, before such transmission we ensure that an appropriate level of data protection is guaranteed in the respective third country or with the respective recipient in the third country, or that you have given your consent to this, or that another reason for authorisation (e.g. Art. 49 GDPR) exists. An adequate level of data protection can result from a so-called "adequacy decision" of the European Commission or can be ensured by using the so-called "EU standard contractual clauses". In the case of recipients in the USA, compliance with the principles of the so-called "EU-US Privacy Shield" can also ensure an adequate level of data protection. If transmission should take place to so-called third countries, we will be pleased to provide you with further information on compliance with an appropriate level of data protection upon request. Please contact our data protection officer. Contact details can be found at the beginning of this data protection information. Information about the participants in the EU-US Privacy Shield can also be found here www.privacyshield.gov/list.
- Data deletion and duration of storage
Data subjects' personal data will be deleted insofar as the data is no longer required for the respective processing purposes. Instead of deletion, the data may be stored under restriction of processing, if this is provided for by the European or national legislator of EU regulations, laws or other regulations to which our company is subject, in particular e.g.
- to fulfil legal storage obligations (e.g. pursuant to the Fiscal Code (AO) or the Commercial Code (HGB), currently between 6 to 10 years), and/or
- if there are justified interests in storage (e.g. during the course of limitation periods for the purpose of any legal defence (§§ 195 et seq. of the German Civil Code, currently between 3 and 30 years).
The data will be deleted at the latest when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract or for other purposes.
- Rights of data subjects
The GDPR grants certain rights to the person who is the subject of the processing of personal data (so-called rights of data subjects, in particular Art. 12 to Art. 22 GDPR). The individual rights of the data subjects are explained in more detail in section XI. If you wish to exercise one or more of these rights, you can contact us at any time. Please use the contact options listed under II .
- Data processing for the provision of the website / collection of log files
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected (hereinafter "log data"):
- Information regarding the used browser type and version
- The user’s operating system
- The user's internet service provider;
- The user's IP address
- Date and time of access
- Websites from which the user's system accesses our website
- The websites accessed by the user's system via our website
With the exception of the IP address, the above-mentioned log data does not allow any personal reference to the user; personal reference can only be established by assigning or linking the log data to an IP address.
- Purpose and legal basis
Log data, in particular the IP address, is collected and processed for the purpose of providing the contents of our website to the user, i.e. for the purpose of communication between the user and our website or online offering. The IP address must be temporarily stored for the duration of the respective communication process. This is required to address the communication traffic between the user and our web and/or online offer or is required to use our web and/or online offer. The legal basis for this data processing - i.e. for the duration of your visit to the website - is Art. 6 para. 1 (b) GDPR or § 96 of the Telecommunications law (TKG) or § 15 para. 1 of the Telemedia law (TMG).
Any processing and storage of the IP address in log files beyond the communication process is carried out for the purpose of ensuring the functionality of our web and online offers, for the purpose of optimising these offers and for ensuring the security of our information technology systems. The legal basis for storing the IP address for these purposes beyond the communication process is Art. 6 para. 1 (f) GDPR (protection of legitimate interests) or § 109 TKG.
- Data deletion and duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If data has been collected in order to provide this website, it will be deleted once you leave the site. Any further storage of log data including the IP address for the purpose of system security takes place for a maximum period of seven days from the end of site access by the user. Any further processing and/or storage of log data is possible and permissible, provided that the IP addresses of the users are deleted after expiry of the aforementioned seven-day storage period or are distorted in such a way that it is no longer possible to assign the log data to an IP address, i.e. that the data is anonymous.
- Objection and cancellation options
The collection of log data for the provision of the website including its storage in log files within the aforementioned limits is absolutely necessary for the operation of the website. There is therefore no possibility for the user to object. The opposite applies to the processing of log data for analysis purposes, this depends on section VII, depending on the web analysis tools used and the type of data analysis (personal/anonymous/pseudonymous).
- - currently not occupied -
We distinguish between (i) technically necessary cookies, (ii) analysis cookies and (iii) third-party cookies:
(i) We use technically necessary cookies to make our web and/or online offer more user-friendly. The following data is stored in technically necessary cookies and transmitted to our systems, for example:
- Language settings
- Information on the terminal device / PC used and its settings
- Items in a shopping cart
- Log-in information
(ii) Analysis cookies (also known as session cookies) are used by us to analyse the surfing behaviour of users on our web and/or online offers for the purpose of advertising, market research or for the demand-oriented design of our offers. The following data about analysis cookies is collected and transmitted to our systems:
- Search terms entered
- Frequency of page views
- Use of website functions
The user data collected in this way is pseudonymised by technical means. It is then no longer possible to assign the data to the calling user.
(iii) Third-party cookies are cookies that are not provided by our web servers but by third parties. These include, for example, the integration of the "Like" button. When you click on it, Facebook places a "custom" cookie in the user's browser. Third-party cookies can never be searched for and/or evaluated by us.
Third parties are solely responsible for the use of such cookies - we have no control over their use and processing. You can prevent third-party cookies from being set by the means described in sections VI.3 and VII.
- Purpose and legal basis
- Applying language settings
- Remembering search terms
- Repeated access to internet sites
- Status check of the setting to accept cookies
The user data collected by technically necessary cookies is not used to create user profiles. The legal basis for the use of technically necessary cookies is Art. 6 para. 1 (b) GDPR, insofar as it is possible to establish a personal reference to the user and the use is necessary for the purpose of providing our web and/or online offers in the sense of contract fulfilment, otherwise Art. 6 para. 1 (f) GDPR, since the use is also made to safeguard legitimate interests for the purpose of providing web and/or online offers.
The use of analysis cookies is for the purpose of improving the quality of our website and its contents. Using analysis cookies, we learn how the site is used and can constantly optimise our service (see above).The legal basis for the processing of personal data using analysis cookies is, insofar as it is possible to establish a personal reference to the user, in the case of the user's consent Art. 6 para. 1 (a) GDPR. If analysis cookies are used to create pseudonymous evaluations, the legal basis is Art. 6 Para. 1 (f) GDPR (protection of legitimate interests) or § 15 Para. 3 of the Telemedia law (TMG).
- Data deletion and duration of storage
Cookies are stored on the user's respective end device (smart device / PC) and transmitted from there to our websites. A distinction is made between so-called permanent cookies and session cookies. Session cookies are stored for the duration of a browser session and deleted when the browser is closed. Permanent cookies are not deleted when the respective browser session is closed, but are stored on the user's terminal device for a longer period of time.
- Objection and cancellation options
- VII.Web analytics
In order to optimise our website and to adjust to our users' changing habits and technical conditions, we use so-called web analysis tools. For example, we measure which elements are visited by users, whether the information they are looking for is easy to find, and so on. This information can only be interpreted and made meaningful when a larger group of users is considered. For this purpose, the data collected is aggregated, i.e. combined into larger units.
For example, we can adapt the design of pages or optimise content if we discover that a relevant proportion of visitors use new technologies or find existing information impossible or difficult to find.
Within our web and online offers we carry out the following analyses and use the following web analysis tools:
- Analysis of log data
Log data is only used for analysis purposes on an anonymous basis - in particular, it is not linked to the user's personal or related data and/or to an IP address or a cookie. Such an analysis of log data is therefore not subject to the data protection regulations of the GDPR.
- Google Analytics and Google Tag Manager
As a rule, information generated by cookies regarding your use of this website will be forwarded to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will shorten your IP address within member states of the European Union or in other countries that are contracting parties to the Agreement on the European Economic Area before transmitting it. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google uses the information mentioned to evaluate the use of the website on our behalf, to compile reports on the website activities and to provide the website operator with further services associated with the use of the website and the internet. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
You can prevent the storage of cookies by making the appropriate setting through your browser software; we would point out, however, that this may mean you cannot enjoy full use of all the functions of our website.
If you do not wish to have an evaluation by Google Analytics, you have the following options:
- You can also prevent collection by Google Analytics by clicking on the following link. This sets an opt-out cookie which prevents the future collection of your data by Google Analytics when visiting this website:: http://tools.google.com/dlpage/gaoptout?hl=de
Please note: If you delete your cookies, this will mean that the opt-out cookie is also deleted and may need to be re-activated by you.
- You can also prevent disclosure to Google and processing by Google of the data generated by the Google Analytics cookie about your use of the website (incl. your IP address), by downloading and installing the browser plugin available via the following link: (http://tools.google.com/dlpage/gaoptout?hl=de).
We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. If you do not want to do this, you can disable it through the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=de).
In addition, the Google Tag Manager is used: Google Tag Manager is a solution that allows marketers to manage web page tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data under certain circumstances. The Google Tag Manager does not access this data. If deactivation occurs at domain or cookie level, it remains in use for all tracking tags, which are implemented by Google Tag Manager. (http://www.google.de/tagmanager/use-policy.html).
- Google AdWords Conversion Tracking
We partly use the online advertising program Google AdWords on our websites and in this context conversion tracking (visit action evaluation).Google Conversion Tracking is an analytical service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google“).Once this is the case, a conversion tracking cookie will be placed on your computer when you click on an ad placed by Google. These cookies have a limited validity period, they contain no personal data and are therefore not used for personal identification. If you visit certain pages within our website and the cookie has not yet expired, we and Google can recognise that you have clicked the advert and have been directed to that page. Each Google AdWords customer has a different cookie. There is therefore no way for cookies to be tracked through advertisers' websites.
The information collected using the conversion cookie is used to generate conversion statistics. This tells us the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. We do not obtain any information that can be used to identify users personally. You can prevent cookies from being stored by selecting the appropriate technical settings in your browser software, see section VI.3 above.
On our website we use plugins of the AddThis service, which is operated by AddThis, LLC, 1595 Spring Hill Rd, Suite 300, Vienna, VA 22182, USA ("AddThis"). AddThis provides tools for creating and designing websites (www.addthis.com) that make it easier for website visitors to share the current page with other internet users by e-mail or on social networks. You can recognise these plugins by the "Facebook", "Twitter" "Pinterest", "E-Mail" and "g+" buttons integrated into parts of our website.
We do not process the data concerned or pass it on to third parties. By using the AddThis plugin you agree to data processing by AddThis. You can also object to the collection and storage of data by AddThis at any time with future effect by setting a so-called opt-out cookie. Visit http://www.addthis.com/privacy/opt-out.
- VIII.Newsletter / Advertising / Social Media Plugins
On our web and online offers we also offer the possibility of registering for our newsletters; we also use advertising tools and social media plug-ins. In detail:
- Newsletter / Advertising and Marketing / Customer surveys
Your personal data will only be used for advertising and/or marketing purposes, for conducting customer satisfaction surveys and for registering for the newsletter if you have given your consent or on another legal basis which permits advertising and/or marketing to be conducted without your consent.
If you would like to receive our newsletter, we need a valid e-mail address from you. In order to be able to check whether you are the owner of the given e-mail address or whether the owner agrees to receive the newsletter or advertising, we will send an automated e-mail to the given e-mail address (so-called double opt-in) after the first registration step. Only after you confirm the newsletter registration or the advertising request via a link in the confirmation e-mail will we add the e-mail address provided to our mailing list. We do not collect any other data apart from the e-mail address and the information required to confirm the registration. Your data will only be processed for the purpose of sending the newsletter you have ordered.
The legal basis for advertising and/or marketing measures based on express consent is Art. 6 para. 1 (a) GDPR; for newsletter registration Art. 6 para. 1 (b) GDPR; the statements on consent under section III.5 and on the right of revocation under III.4 apply accordingly. You can unsubscribe at any time. For advertising and/or marketing measures via e-mail for the purpose of direct advertising for similar goods or services, § 7 para. 3 of the Unfair Competition law (UWG) can be the legal basis; this presupposes that (i) we receive your e-mail address in connection with the sale of a product or service, (ii) you have not objected to the use of your e-mail address for the purpose of direct advertising and (iii) we clearly and explicitly point out to you when collecting the e-mail address and for each use that you can object to such use of your e-mail at any time (for the right of objection see section X.6).
- Social Networks / Social Media Plugins
We have included buttons ("plugins") of various social networks on our websites so that on our websites you can also use the interactive possibilities of the social networks you use. These plugins provide various functions, the subject and scope of which are determined by the operators of the social networks. We use a two-click procedure to better protect your personal data. By pressing the button next to the respective plugin, the plugin is activated, which is indicated by the colour change of the plugin button from grey to coloured. Then you can use the respective plugin by clicking on the button for the plugin. Remember that the IP address of your browser session can be linked to your own profile on the social network if you are logged in at that time. Similarly, your visit to our website may be linked to your profile on the social network if it recognises you via a previously set social network cookie that is still present on your computer.
Please note that we are not providers of social networks and have no influence on data processing by the respective providers. You can find more information on the scope of data processing at the following links or addresses:
This website uses plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. You can recognise the Facebook plugin from the Facebook logo or the Like button on our site. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/.
When you activate the plugin, the plugin establishes a direct connection between your browser and the Facebook server. This enables Facebook to receive information that you have visited our site with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can refer to the content of our site in your Facebook profile.
On our site we also use YouTube for the integration of videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. On some pages we also use a YouTube plugin. If you call up a page provided with such a plugin, a connection to the YouTube servers is automatically established and the plugin is displayed. The plugin then transmits information to the YouTube server concerning which of our sites you have visited. If you are a YouTube member and logged in to YouTube at the same time as you visit our site, YouTube may associate this information with your personal user account. When using the plug-in, such as by clicking the start button of a video, this information is also assigned to your user account. You can prevent such an assignment by logging out of your YouTube user account and other user accounts of YouTube LLC and/or Google Inc. before using our sites, alternatively you can delete the corresponding cookies from these companies (see section VI.3). Further information on data processing and privacy by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.
Social plugins ("plugins") from Instagram can also be used on our website. These are operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").The plug-ins are marked with an Instagram logo, for example, in the form of an "Instagram camera". You will find an overview of Instagram plugins and their appearance here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
If you do not want Instagram to directly map the data collected through our website to your Instagram account, you'll need to log out of Instagram before visiting our website. You can also prevent the Instagram plugins from loading with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/), see also section VI.3.
Some of our web sites contain plugins from the social network Google Plus. If so, you can use the Google +1 button to post information worldwide. Using the Google +1 button you and other users can receive personalised content from Google and our partners. Google stores both the fact that you have +1'd a piece of content and also information about the page you were viewing when you clicked +1.Your +1 can be displayed together with your profile name and photo in Google services, for example in search results or in your Google profile, or in other places on websites and advertisements on the Internet.
Google records information about your +1 activities in order to improve Google services for you and others. To use the Google +1 button, you need a globally visible and public Google profile that contains at least the name you have selected as your profile name. This name is used for all Google services. In some cases, this name may also replace a different name that you have used to share content via your Google account. The identity of your Google profile can be shown to users who know your email address or other information that identifies you.
In addition to the above uses, the information you provide is used in accordance with the applicable Google data privacy provisions. Google may publish summary statistics about the +1 activity of users, or share it with users and partners such as publishers, advertisers or affiliate websites.
- Contact form and e-mail contact
If a contact form for electronic contact is provided on our website, the following data is transmitted to us via the input mask and stored:
Mandatory data which is required for the purpose of establishing contact is indicated by an asterisk as a mandatory field (also in the input mask).
The following data is also stored at the time the message is sent:
- The user's IP address
- Date and time of sending
Alternatively, you can contact us via the e-mail address provided on our website. In this case, the user's personal data transmitted along with the e-mail will be stored. Under no circumstances will the data be passed on to third parties, unless we have to resort to third parties to process the enquiry.
- Purpose and legal basis
The data will be processed exclusively for the purpose of processing the respective inquiry or user request. The other data collected during the transmission process serves to prevent misuse of the contact form and to guarantee the security of our information technology systems.
If the data is processed for the purpose of fulfilling a customer order or inquiry, the legal basis for processing the data is Art. 6 para. 1 (b) GDPR, irrespective of whether contact has been made via the contact form or by e-mail. In the event of the user's consent, Art. 6 para. 1 (a) GDPR is the legal basis for the processing. The legal basis for the collection of additional data during the transmission process is Art. 6 para. 1 (f) GDPR. The legitimate interest here lies in abuse prevention and ensuring system security (see section IV.1).
- Data deletion and duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and that sent by e-mail, this is the case when the respective communication with the user has ended and/or the user's request has been finally answered. The communication is terminated or there is a final answer if it can be inferred from the circumstances that the facts in question have been finally clarified. In place of deletion, the data is stored with a block if further storage of the data is required for the reasons mentioned in section III.6.
- Objection and cancellation options
The user has the option at any time to cancel communication with us and/or to withdraw their request and to object to the corresponding use of their data. It will not be possible to continue communicating in this case. All personal data stored during contact will be deleted in this case, subject to further storage of the data for the reasons mentioned in section III.8 .
In particular, the definitions in Art. 4 and Art. 9 GDPR apply. Within the scope of this data protection declaration, the following terms defined in Art. 4 GDPR may be of particular relevance:
- "Personal data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “Processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Restriction of processing” means marking stored personal data to restrict or block its future processing;
- “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
- “Pseudonymisation” is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data is not assigned to an identifiable natural person;
- The “controller “is a natural or legal person, public authority, agency or other body, which either alone or with others, determines purposes and means of processing of personal data; where purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law;
- The “processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- The “recipient” is a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under EU law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing.
- A “third party” is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- 10.The data subject's “agreement” is voluntary each time for the particular case, in an informed and unequivocal manner, in the form of a statement or other clear affirmative act indicating the data subject's consent to the processing of personal data concerning him/her.
- Rights of data subjects
According to the GDPR, data subjects have in particular the following rights, although these may be subject to restrictions in accordance with §§ 34 and 35 of the German Federal Data Protection Act (BDSG):
- Right to information (Art. 15 GDPR):
You have the right to request information as to whether or not we process personal data about you. If our company processes your personal data, you are entitled to information about
- the purposes of processing;
- the categories of personal data (type of data) to be processed;
- the recipients or categories of recipients to whom your data has been or will be disclosed, in particular where data has been or will be disclosed to recipients in third countries outside the scope of the GDPR;
- the planned storage period, if possible; if it is not possible to specify the storage period, the criteria for determining the storage period (e.g. statutory retention periods, etc.) must be provided;
- your right to have your data concerning you corrected and deleted, including the right to limit processing and/or the right to object (see also the following sections);
- the existence of a right of appeal to a supervisory authority;
- the origin of the data, if personal data was not collected directly from you.
You are also entitled to information as to whether your personal data is the subject of automated decisions under Art. 22 GDPR and if this is the case, which decision criteria form the basis of such an automated decision (logic) or which effects and scope the automated decision can have for you.
If personal data is transferred to a third country outside the scope of the GDPR, you are entitled to information as to whether and, if so, on the basis of which guarantees an appropriate level of protection within the meaning of Art. 44-49 GDPR is ensured by the data recipient in the third country.
You have the right to request a copy of your personal data. As a matter of principle, we make data copies available in electronic form, unless you have indicated otherwise. The first copy is free of charge; an appropriate fee may be charged for each additional copy. It is made available subject to the rights and freedoms of other persons who may be affected by the transmission of the copy of the data.
- Right to rectification (Article 16 GDPR)
You have the right to request that we correct your data if it is false, inaccurate and/or incomplete; the right to rectification includes the right to supplement it with additional explanations or notifications. Corrections and/or additions must be made immediately - i.e. without culpable delay.
- Right to deletion (Art. 17 GDPR);
You have the right to request deletion of your personal data from us if
- the personal data is no longer required for the purposes for which it was collected and processed;
- the data processing is based on consent given by you and you have revoked the consent, unless there is another legal basis for the data processing;
- you have filed an objection to data processing pursuant to Art. 21 GDPR and there are no overriding legitimate reasons for further processing;
- you have filed an objection to data processing for the purpose of direct advertising pursuant to Art. 21 para. 2 GDPR;
- the personal data has been processed unlawfully,
- it concerns data of a child collected in relation to information society services pursuant to Art. 8 para. 1 GDPR.
There is no right to delete personal data if
- the right to freedom of expression and information precludes the request for cancellation;
- the processing of personal data is necessary (i) to fulfil a legal obligation (e.g. statutory retention obligations), (ii) to perform public tasks and exercise interests under EU law and/or the law of the member states (this also includes interests in the field of public health) or (iii) for archiving and/or research purposes;
- the personal data is necessary to assert, exercise or defend legal claims.
The deletion must take place immediately - i.e. without culpable delay. If personal data has been made public by us (e.g. on the Internet), we must, to the extent technically possible and reasonable, ensure that third-party data processors are also informed of the request for deletion, including the deletion of links, copies and/or replications.
- Right to limitation of processing (Art. 18 GDPR)
You have the right to have the processing of your personal data limited in the following cases:
- If you have disputed the accuracy of your personal data, you can demand that we do not use your data for other purposes for the duration of the accuracy check and limit it in this respect.
- In the event of unlawful data processing, you may request the restriction of data use in accordance with Art. 18 GDPR instead of data deletion in accordance with Art. 17 para. 1 (d) GDPR;
- If you need your personal data to assert, exercise or defend legal claims, but otherwise your personal data is no longer required, you can request that we restrict processing to the aforementioned legal prosecution purposes;
- If you have filed an objection to data processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether our interests in processing outweigh your interests, you may demand that your data not be used for other purposes for the duration of the check and be restricted in this respect.
Personal data the processing of which has been restricted at your request may - subject to storage - only be processed (i) with your consent, (ii) to assert, exercise or defend legal claims, (iii) to protect the rights of other natural or legal persons, or (iv) for reasons of important public interest. If a processing restriction is lifted, you will be informed of this in advance.
- Right to data portability (Art. 20 GDPR)
Subject to the following provisions, you have the right to demand the surrender of the data concerning you in a common electronic, machine-readable data format. The right to data portability includes the right to transfer the data to another person responsible; on request, we will therefore - as far as technically possible - transfer data directly to a person responsible named or to be named by you. The right to transfer data exists only for data provided by you and presupposes that the processing is based on consent or for the execution of a contract and is carried out using automated procedures. The right to data portability according to Art. 20 GDPR does not affect the right to data deletion according to Art. 17 GDPR. Data portability is subject to the rights and freedoms of other persons whose rights may be affected by the data portability.
- Right of objection (Art. 21 GDPR):
In the case of processing personal data to perform tasks in the public interest (Art. 6 para. 1 (e) GDPR) or to safeguard legitimate interests (Art. 6 para. 1 (f) GDPR), you can object to the processing of your personal data at any time with future effect. If you object to the further processing of your data for these purposes, we will refrain from doing so, unless:
- there are compelling, legitimate reasons for processing which outweigh your interests, rights and freedoms, or
- the processing is necessary to assert, exercise or defend legal claims.
You can object to the use of your data for the purpose of direct advertising at any time with effect for the future; this also applies to profiling, insofar as it is connected with direct advertising. In the event of objection, we must refrain from any further processing of your data for the purpose of direct marketing.
- Prohibition of automated decisions / profiling (Art. 22 GDPR)
Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data, including profiling. This does not apply if the automated decision
- is necessary for the conclusion or performance of a contract with you,
- is permitted by law of the Union or of the Member States, provided that such law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
- is based on your explicit consent.
Decisions based exclusively on automated processing of special categories of personal data are inadmissible in principle, unless Art. 22 para. 4 in conjunction with Art. 9 para. 2 (a) or (g) GDPR applies and appropriate measures have been taken to protect your personal rights and freedoms as well as your personal legitimate interests.
If we should make an automated decision within the meaning of Art. 22 GDPR, this will be expressly referred to in our data protection declarations.
- Legal protection / right to complain to a supervisory authority
If you have any complaints, you can contact the competent supervisory authority of the Union or Member States at any time. Our company is subject to the supervisory authority mentioned in section II.
We reserve the right to update this privacy statement at irregular intervals and will notify you of any material changes that will affect the use of your personal data. You will find the current version on our website under the link "Data protection" or "Privacy".
* * *