Data protection declaration
Thank you for visiting our website and for your interest in our company. The protection of your personal data and your privacy is very important to us. Here you will find information about which data we, reseen GmbH, collect during your visit to our website and how this data is used.
Our data protection practice is in accordance with the regulations of the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). We will of course treat your data confidentially and only for the original reason of sending. The data transmitted by you will not be made available to third parties either by us or by persons commissioned by us. Unless this is required or permitted by law, you have given us your consent or an official order has been issued.
Responsible body within the meaning of § 13 para. 1 TMG
Responsible body in the sense of data protection law is:
Tel.: +49 – 711 – 47 09 76 31
E-Mail: [email protected]
Personal data are all information relating to an identified or identifiable natural person (hereinafter “data subject”). Identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data are processed by the data controller.
Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, collection, organisation, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not assigned to an identified or identifiable natural person.
Data controller or controller
The data controller or controller is the natural or legal person, public authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his appointment may be laid down in accordance with Union law or the law of the Member States.
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.
Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.
A third party is a natural or legal person, authority, institution or other body other than the data subject, the data processor, the data processor and the persons authorised to process the personal data under the direct responsibility of the data processor or the data processor.
Consent shall mean any informed and unequivocal expression of will voluntarily given by the data subject in the particular case in the form of a declaration or other clear affirmative act by which the data subject indicates his or her consent to the processing of personal data concerning him or her.
General information on data processing
Data protection, data security and secrecy protection have high priority for us. The permanent protection of your personal data, your company data and your company secrets is particularly important to us.
You can visit our website without giving any personal information. However, if you make use of our company’s services via our website, you must provide your personal data. As a rule, we use the data provided by you and collected by the website and the data stored during use exclusively for our own purposes, namely for the implementation and provision of our website and the initiation, implementation and processing of the services/offers offered via the website (contract performance) and do not pass these on to external third parties, provided no officially ordered obligation exists in this respect. In all other cases we obtain your separate consent.
Your personal data will be processed in accordance with the requirements of the Basic Data Protection Ordinance and in accordance with the country-specific data protection regulations applicable to us. With this data protection declaration we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, we will inform you of your rights by means of this data protection declaration.
We have implemented technical and organisational measures to ensure adequate protection of personal data processed via this website. For security reasons and to protect the transmission of confidential content, such as requests via a contact form that you send to us as the site operator, this website uses SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties. Nevertheless, Internet-based data transmissions can have security gaps, so that no absolute protection can be guaranteed.
General information on the legal bases
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Ordinance (DSGVO) serves as the legal basis for the processing of personal data.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) DSGVO serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for processing.
General information on data erasure and storage time
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Collection of general data and information
Our website collects a series of general data and information each time a person or an automated system accesses the website. This general data and information is stored in the log files of the server. We may record (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the subwebsites which are accessed via an accessing system on our website, (5) the date and time of access to the Website, (6) an Internet Protocol (IP) address, (7) the Internet service providers of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.
When using this general data and information, we do not draw any conclusions about the person concerned. Rather, this information is required to (1) correctly deliver the contents of our website, (2) optimize the contents of our website and the advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by us statistically and also with the aim of increasing data protection and data security in our company in order ultimately to ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.
Account registration to use our software:
To use our Power eCard software for free, you need to register first. For account registration we collect your email address on the basis of Art. 6 (1) (b) GDPR. We will store your data until you object to its storage by email to [email protected] in which you wish to delete your account. If there are no legal retention periods, your data will be deleted within 10 days after you have entered your objection.
You can use a free account if we may send you regular emails (such as news & product information) in return. The shuffer GmbH will use your data exclusively for the aforementioned purpose and will not pass it on to third parties. You can unsubscribe from the newsletter in any email or object to the storage of your data by email to [email protected] and request that we delete your data at any time, provided that the erasure does not conflict with any legal storage obligations.
If you want to use our Power eCard software as a paid version, you have to register first. We store and use your personal data, which you transmit in the course of the registration or an order process, on the basis of Art. 6 (1) (b) GDPR exclusively for the processing of your orders. We will use your email address to inform you about the status of your order or to send you the respective receipts. We also offer you to send you account reports and news & product information by email.
If after the conclusion of a chargeable contract there is an obligation to provide us with your payment data (e.g. account number for direct debit authorization), this data is required for payment processing. Payment transactions via the common means of payment are made exclusively via an encrypted SSL or TLS connection. In the case of encrypted communication, your payment data you transmit to us cannot be read by third parties.
Art. 6 para. 1 lit. f DSGVO
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this the IP address of the user must remain stored for the duration of the session.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
Removal & objection possibility
No, as absolutely necessary for the operation of the website
Cookies – Description and scope of data processing
Cookies are used for our online offer – as on many websites. Cookies are small text files which are stored on your computer and which store certain settings and data for exchange with the online offer from us via your browser. A cookie usually contains the name of the domain from which the cookie file was sent, information about the age of the cookie and an alphanumeric identifier.
Cookies enable us to recognize your computer and to make any settings available immediately. Cookies help us to improve our online offer and to offer you a better and even more customized service.
The cookies we use are so-called session cookies, which are automatically deleted after the end of the browser session.
The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
You accept our cookies if you have activated or not deactivated the cookie setting and continue to use this website.
Art. 6 para. 1 lit. f DSGVO (legitimate interests) for technically mandatory cookies
By the way: Art. 6 para. 1 lit. a DSGVO
The analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.
For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f DSGVO.
Removal & objection possibility
You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings.
In addition, the following third party cookies are used when you visit our website
We have integrated the component Google Analytics (with anonymisation function) on this website. Google Analytics is a web analytics service. Web analysis is the collection, collection and evaluation of data on the behavior of visitors to websites. A web analysis service collects, among other things, data on which website a person concerned came to a website from (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and for cost-benefit analysis of Internet advertising.
The Google Analytics component is operated by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The data controller uses the suffix “_gat._anonymizeIp” for the web analysis via Google Analytics. By means of this addition, Google shortens and anonymizes the IP address of the Internet connection of the person concerned when accessing our website from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information collected to evaluate the use of our website, among other things, to compile online reports for us that show the activities on our website and to provide other services in connection with the use of our website.
Google Analytics places a cookie on the information technology system of the person concerned. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyse the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the person concerned, which serves Google, among other things, to trace the origin of visitors and clicks and subsequently enable commission statements.
Cookies are used to store personal information, such as access time, the location from which access came and the frequency of visits to our website by the person concerned. Every time you visit our website, this personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through the technical process to third parties.
The person concerned can prevent the setting of cookies by our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
You can prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie is set to prevent future collection of your data when you visit this website:
We have integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads in both Google’s search engine results and the Google Advertising Network. Google AdWords allows an advertiser to pre-define certain keywords to display an ad in Google’s search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. On the Google Network, ads are distributed to themed websites using an automatic algorithm and the keywords you specify.
The operator of Google AdWords services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the website of third parties and in the search engine results of the Google search engine and by displaying third-party advertising on our website.
If a person concerned arrives on our website via a Google ad, Google stores a so-called conversion cookie on the information technology system of the person concerned. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the person concerned. If the cookie has not yet expired, the conversion cookie is used to determine whether certain sub-pages, such as the shopping basket of an online shop system, have been called up on our website. The conversion cookie enables both us and Google to track whether a person affected who came to our website via an AdWords ad generated revenue, i.e. whether they completed or cancelled a purchase of goods.
The data and information collected through the use of the conversion cookie is used by Google to generate visit statistics for our website. We use these visit statistics to determine the total number of users who have been referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the person concerned.
Personal information, such as the websites visited by the person concerned, is stored using the conversion cookie. Personal data, including the IP address of the Internet connection used by the person concerned, is therefore transferred to Google in the United States of America each time he or she visits our websites. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through the technical process to third parties.
The person concerned can prevent the setting of cookies by our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.
Furthermore, the person concerned has the possibility to object to interest-based advertising by Google. To do this, the person concerned must access the www.google.de/settings/ads link from each of the Internet browsers they use and make the required settings there.
You can prevent the storage of cookies. You can prevent the collection, processing and storage of data at any time with effect for the future by setting your browser software accordingly or by downloading and installing the browser plug-in available under the Doubleclick deactivation extension link: https://www.google.com/settings/ads/plugin
However, we would like to point out that in this case you may not be able to use all functions of our websites to their full extent.
You can change your Twitter privacy settings in your account settings at: http://twitter.com/account/settings
Our website uses so-called social plug-ins (“plug-ins”) of the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA (“Pinterest”). The plug-ins can be identified by buttons with the “Pint it” symbol on a white or red background, for example. An overview of the Pinterest plug-ins and their appearance can be found here: https://developers.pinterest.com/docs/getting-started/introduction/
If you do not want Pinterest to associate the data collected through our website directly with your profile on Pinterest, you must log out of Pinterest before visiting our website. You can also completely prevent the loading of Pinterest plug-ins with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
Our website uses so-called Social Plug-Ins (“Plug-Ins”) from Instagram, which is operated by Instagram LLC ..1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plug-ins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
When you visit a page of our website that contains such a plug-in, your browser establishes a direct connection to Instagram’s servers. Instagram sends the content of the plug-in directly to your browser and integrates it into the page. This integration informs Instagram that your browser has called up the corresponding page of our website, even if you do not own an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example by pressing the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there.
If you do not want Instagram to associate the information collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the Instagram plug-ins from loading with add-ons for your browser, e.g. with the “NoScript” script blocker (http://noscript.net/).
This website uses social plug-ins (“plug-ins”) from the social network facebook.com, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plug-ins can be identified by one of the Facebook logos (white “f” on a blue tile or a “thumbs up” sign) or are marked with the addition “Facebook Social Plug-In”. The list and appearance of Facebook Social Plug-ins can be viewed here: http://developers.facebook.com/Plug-Ins.
When a participant accesses a web page of this offer that contains such a plug-in, their browser establishes a direct connection to Facebook’s servers. The content of the plug-in is transmitted directly from Facebook to your browser and integrated into the website. The provider therefore has no influence on the extent of the data that Facebook collects with the help of this plug-in and therefore informs the participants according to their level of knowledge (https://www.facebook.com/help/186325668085084):
By integrating the plug-ins, Facebook receives information that a participant has called up the corresponding page of the offer. If the participant is logged in to Facebook, Facebook can assign the visit to his or her Facebook account. When participants interact with the plug-ins, such as pressing the Like button or posting a comment, the information is sent directly from your browser to Facebook and stored there. If a participant is not a member of Facebook, it is still possible for Facebook to find out and save their IP address. According to Facebook, only an anonymized IP address is stored in Germany.
The purpose and scope of data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options for the protection of the privacy of the participants can be found here in Facebook’s data protection declaration: http://www.facebook.com/policy.php.
If a participant is a Facebook member and does not want Facebook to use this offer to collect data about him or her and link it to his or her membership data stored on Facebook, he or she must log out of Facebook before visiting the website.
It is also possible to block Facebook social plug-ins with add-ons for your browser, for example with the “Facebook Blocker”.
We have integrated components from YouTube on this website. YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, music videos, trailers or videos produced by users themselves can be called up via the Internet portal.
YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/de/ As part of this technical process, YouTube and Google are informed which specific subpage of our website is visited by the person concerned.
If the person concerned is simultaneously logged in to YouTube, YouTube recognizes which specific subpage of our website the person concerned is visiting by calling up a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the person concerned.
YouTube and Google receive information via the YouTube component that the person concerned has visited our website whenever the person concerned is logged on to YouTube at the same time as accessing our website; this happens regardless of whether the person concerned clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desired by the person concerned, this can prevent the transmission by logging out of their YouTube account before calling up our website.
The data protection regulations published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
We use the component “Google Maps” from Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”.
Each time you access the Google Maps component, Google sets a cookie to process user settings and data when you view the page that includes the Google Maps component. As a rule, this cookie is not deleted when you close your browser, but expires after a certain time, unless you delete it manually beforehand.
as well as the additional terms and conditions for “Google Maps”.
This website uses external fonts, Google Fonts. Google Fonts is a service of Google Inc. “(“Google”). These web fonts are integrated by a server call, usually a Google server in the USA. This transfers to the server which of our Internet pages you have visited. The IP address of the browser of the visitor’s terminal device is also stored by Google.
Data protection regulations on the use and application of Drift
Our website uses Drift, live chat software from Drift.com, Inc, 3 Copley Place, Suite 7000, Boston, MA 02116, USA (https://www.drift.com). Drift uses, among other things, “cookies”, text files which are stored on your computer and which enable a personal conversation in the form of a real-time chat on the website with you. Your live chat data will be stored on Drift, Inc. servers in the United States.
Drift.com, Inc. has joined the EU-U.S. Privacy Shield and is therefore subject to a data protection level equivalent to that of the EU.
Data protection regulations on the use and application of Hubspot
HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, phone: +353 1 5187500, subject to TRUSTe’s Privacy Seal and the U.S. – EU Safe Harbor Framework and the U.S. – Swiss Safe Harbor Framework.
More Social-Media Plug-Ins
If we use additional social media plug-ins, you will find more detailed information on data protection in the respective data protection declarations of these providers. If you cannot find them, please contact us at the address given in our imprint.
Art. 6 para. 1 lit. f DSGVO
The purpose and legitimate interest in the setting of third-party cookies is to improve our offer to you by analysing your user behaviour. As a rule, only a pseudonymised data transmission to the third parties takes place. In addition, it is up to you to prevent the transmission of third party cookies by making the appropriate settings in your Internet browser. Please compare the above information on the individual third-party providers in detail.
Third-party cookies are stored on the user’s computer and transferred to our site by the user. Therefore, you as a user also have full control over the use of third party cookies.
Removal & objection possibility
You can disable or restrict the transmission of third-party cookies by changing the settings in your Internet browser. Already stored third party cookies can be deleted at any time. This can also be done automatically.
The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings.
If personal data are processed by you, you are affected within the meaning of the DSGVO and you have the following rights vis-à-vis the person responsible:
You can ask the person in charge to confirm whether personal data concerning you will be processed by us.
If such processing has taken place, you can request the following information from the person responsible:
- the purposes for which the personal data are processed;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
- the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- the existence of a right to have your personal data concerning you corrected or deleted, a right to have processing restricted by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information on the origin of the data if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) DSGVO and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transmission.
Right to correction
You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.
Right to limitation of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
- if you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
- if you have filed an objection to the processing pursuant to Art. 21 para. 1 DSGVO and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
Right to cancellation
Duty of deletion
You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO, and there is no other legal basis for the processing.
- You file an objection against the processing pursuant to Art. 21 para. 1 DSGVO and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 DSGVO.
- The personal data concerning you have been processed unlawfully.
- The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 DSGVO.
Information to third parties
If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 DSGVO, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
The right to cancellation does not exist insofar as the processing is necessary
- to exercise freedom of expression and information;
- for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DSGVO;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar
- as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
- to assert, exercise or defend legal claims.
Furthermore, there is no right to deletion if the personal data must be stored by the person responsible due to statutory retention obligations and periods. In such a case, the personal data will be blocked instead of being deleted.
Right to information
If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
The person responsible shall have the right to be informed of such recipients.
Right to data transferability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable and interoperable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that
- processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and
- processing is carried out using automated methods.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f) of the DSBER; this also applies to profiling based on these provisions.
The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time and without giving reasons. In the event of revocation, we will immediately delete your personal data and no longer process them. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the DSGVO.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.
The status of the data protection declaration is indicated by the date indicated (below). We reserve the right to change this data protection declaration at any time with effect for the future. A current version can be called up directly via the online offer. Please visit the website regularly and inform yourself about the applicable data protection declaration.
Status: May 2018