Privacy Policy

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:

Kittelberger media solutions GmbH
Bayernstraße 8
72768 Reutlingen
Germany
Phone: +49.7121.6289-0
Email: info@kittelberger.de
Website: www.kittelberger.de

II. Data Protection Officer

The data protection officer of the controller can be contacted at:

Kittelberger media solutions GmbH
Haiko Hödl
Bayernstraße 8
72768 Reutlingen
Germany

Email: datenschutz@kittelberger.de
Website: www.kittelberger.de

Table of Contents

III. General Information on Data Processing

IV. Provision of the Website and Creation of Log Files

V. Use of Cookies

VI. Contact Form and Email Contact

VII. Newsletter

VIII. Online Presence on Facebook

IX. Rights of the Data Subject

III. General Information on Data Processing

1. Scope of Processing of Personal Data

We generally process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only with the user's consent. An exception applies in such cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal Basis for the Processing of Personal Data

If we obtain the consent of the data subject for processing personal data, Art. 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data necessary for the performance of a contract to which the data subject is party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party and these interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

3. Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage ceases to apply. Data may also be stored if this has been provided for by European or national legislation in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.

IV. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The user's internet service provider
  • The user's IP address
  • Date and time of access
  • Websites from which the user's system accessed our website
  • Websites that are accessed by the user's system via our website

The log files contain IP addresses or other data that allow attribution to a user. This might be the case, for example, if the referring website or the target website contains personal data.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal Basis for Data Processing

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) lit. f GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. Additionally, the data serves to optimize the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR.

4. Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session ends.

In the case of storage of data in log files, this is the case after no more than thirty days. Storage beyond this period does not take place.

5. Objection and Removal Option

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, there is no possibility of objection on the part of the user.

V. Use of Cookies

1. Description and Scope of Data Processing

Our website uses cookies. A cookie is a piece of information stored on your device (computer, smartphone, etc.). When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a unique character string that allows the browser to be identified when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identifiable even after navigating to a different page.

The following data is stored and transmitted in the cookies:

  • Name of the cookie
  • Domain name
  • Path to the page
  • Session ID
  • Date and time of last access
  • Expiration time

We also use cookies on our website that enable an analysis of users' browsing behavior (see Google Analytics and Matomo).

The data collected in this way is pseudonymized by technical measures. Therefore, it is no longer possible to assign the data to the accessing user. This data is not stored together with other personal data of the users.

When our website is accessed, users are informed by an information banner about the use of cookies for analysis purposes and are referred to this privacy policy. In this context, a note is also provided on how to prevent the storage of cookies through browser settings.

2. Legal Basis for Data Processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

3. Purpose of Data Processing

These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 para. 1 lit. f GDPR.

4. Storage Duration, Objection and Removal Option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, you as the user have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, it may no longer be possible to use all functions of the website in full.

You can find out how to manage (including disabling) cookies in the most common browsers via the following links:

5. Use of Google Analytics, Google Remarketing Function and Google Ads Conversion Tracking

5.1 Use of Google Analytics

We use the web analytics service Google Analytics from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website. Data processing is carried out for the purpose of analyzing this website and its visitors. On behalf of the operator of this website, Google will use the information collected to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.

Google Analytics uses cookies that enable analysis of your use of the website. The information generated by the cookies about your use of this website is usually transmitted to and stored on a server operated by Google in the USA. IP anonymization is activated on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Your data may be transmitted to the USA. An adequacy decision by the European Commission exists for data transfers to the USA. The processing is carried out on the basis of Art. 6 (1) lit. f GDPR from the legitimate interest of designing the website in a needs-based and targeted manner. You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on Art. 6 (1) lit. f GDPR.

You can prevent the storage of cookies by selecting the appropriate technical settings in your browser software; however, please note that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. To prevent the collection of your data across devices via Google Analytics, you can set an opt-out cookie. Opt-out cookies prevent the future collection of your data when visiting this website. You must perform the opt-out on all systems and devices used for it to be fully effective. Click here to set the opt-out cookie: Deactivate Google Analytics

Further information on terms of use and data protection can be found at:

5.2 Use of Google Remarketing or "Similar Audiences" Function

We use the remarketing or "similar audiences" function of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website. If your habitual residence is in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for your data. Google Ireland Limited is thus the affiliated company of Google responsible for processing your data and complying with applicable data protection laws. The application serves the purpose of analyzing visitor behavior and interests. Google uses cookies to carry out the analysis of website usage, which forms the basis for creating interest-based advertisements. The cookies record visits to the website as well as anonymized data on website use. No personal data of website visitors is stored. If you subsequently visit another website in the Google Display Network, you will be shown ads that are likely to include previously viewed product and information areas.

Your data may be transferred to the USA. Google is certified under the US-EU Privacy Shield agreement and thereby committed to complying with European data protection regulations. The data processing, especially the setting of cookies, is carried out with your consent based on Art. 6 (1) lit. a GDPR. You may revoke your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Further information on Google Remarketing and the related privacy policy can be found at: https://www.google.com/privacy/ads/

5.3 Use of Google Ads Conversion Tracking

We use the online advertising program “Google Ads” on our website, including conversion tracking (visitor action evaluation). Google Conversion Tracking is an analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If your usual place of residence is in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the data controller responsible for your data. Google Ireland Limited is the affiliated company of Google that is responsible for processing your data and ensuring compliance with applicable data protection laws.

If you click on an ad placed by Google, a cookie for conversion tracking is stored on your device. These cookies are valid for a limited time, do not contain any personal data, and therefore do not serve to personally identify users. If you visit specific pages on our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page.

Each Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked across the websites of different Ads customers. The information collected using the conversion cookie is used to create conversion statistics. This allows us to know the total number of users who clicked on one of our ads and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that can personally identify users.

Your data may be transferred to the USA. Google is certified under the US-EU Privacy Shield agreement and is therefore committed to complying with European data protection standards. The data processing, in particular the setting of cookies, is carried out based on your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Further information and Google's privacy policy can be found at: https://www.google.de/policies/privacy/

6. Use of Matomo

This website uses the web analytics software Matomo (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand ("Matomo"), based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes pursuant to Art. 6 (1) lit. f GDPR. Data is collected and stored for this purpose. From this data, pseudonymized user profiles may be created and evaluated. Cookies may be used for this purpose. Cookies are small text files stored locally in the cache of the visitor's internet browser. The cookies allow for the recognition of the internet browser on subsequent visits. The data collected with Matomo technology (including your pseudonymized IP address) is processed on our servers.

The information generated by the cookie in the pseudonymized user profile is not used to personally identify the visitor of this website and is not merged with personal data about the bearer of the pseudonym.

If you do not agree with the storage and analysis of this data from your visit, you can object to the storage and use at any time with a click of the mouse. In this case, an opt-out cookie will be placed in your browser, which means Matomo will not collect any session data. Please note that the complete deletion of your cookies also results in the deletion of the opt-out cookie, which may need to be reactivated by you.

7. Use of Facebook Marketing Services

Based on your consent, we use the so-called “Facebook Pixel” of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

With the help of the Facebook Pixel, Facebook is able to determine the visitors of our website as a target group for the display of advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook Pixel to show the Facebook Ads we place only to Facebook users who have shown an interest in our online offer or who have certain characteristics (e.g., interests in certain solutions or topics based on visited websites), which we transmit to Facebook (so-called "Custom Audiences"). Using the Facebook Pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of users and are not perceived as annoying. Furthermore, with the help of the Facebook Pixel, we can track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "Conversion").

The data processing by Facebook is carried out within the framework of Facebook’s data usage policy.

Information on how Facebook Ads are displayed can be found in Facebook’s data usage policy:
https://www.facebook.com/policy.php

Special information and details about the Facebook Pixel and how it works can be found in Facebook’s help section:
https://www.facebook.com/business/help/651294705016616

To control the types of ads you see on Facebook, you can visit the page set up by Facebook and follow the instructions for usage-based advertising settings:
https://www.facebook.com/settings?tab=ads
These settings are platform-independent, meaning they apply to all devices, such as desktop computers or mobile devices.

8. LinkedIn Insight Tag

We use the conversion tracking technology and retargeting feature of LinkedIn Corporation on our website.

This technology allows visitors to this website to receive personalized ads on LinkedIn. It also enables the generation of anonymous reports on ad performance and information about website interaction. For this purpose, the LinkedIn Insight Tag is integrated into this website, establishing a connection to the LinkedIn server when you visit the website.

For more information on data collection and data usage, as well as your options and rights to protect your privacy, please refer to LinkedIn’s privacy policy at:
https://www.linkedin.com/legal/privacy-policy

If you are logged in to LinkedIn, you can disable data collection at any time at the following link:
https://www.linkedin.com/psettings/enhanced-advertising

9. Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). reCAPTCHA is used to determine whether data entered on our website (e.g., in a newsletter signup form) is done by a human or an automated program. reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the visitor enters the website. To perform the analysis, reCAPTCHA evaluates various data (e.g., IP address, how long the visitor stays on the website, or mouse movements made by the user). The data collected during the analysis is transmitted to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not informed that such analysis is taking place.

The data processing is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its web services from abusive automated spying and from spam.

Further information about Google reCAPTCHA and Google’s privacy policy can be found at the following link: https://policies.google.com/privacy?hl=de&gl=de.

10. Microsoft Clarity

This website uses the “Microsoft Clarity” service by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter "Microsoft") to collect and store various user information for statistical analysis of user behavior and for optimization and marketing purposes. This information, which does not allow any personal identification, includes time zone settings, operating system and platform, geographic origin of the page visit, referring page (if any), duration of visits to specific pages, and information about website interaction (e.g., scrolling, clicks, and mouse-overs). Pseudonymized usage profiles can be created and evaluated from this data for the same purposes. Cookies are used for data collection and analysis, which enable the recognition of the browser.

The data collected using Microsoft technologies will not be used to personally identify visitors to this website without their separate consent, and will not be combined with personal data about the bearer of the pseudonym.

Information collected may be transmitted to and stored on Microsoft servers in the USA. We have entered into a data processing agreement with Microsoft obligating Microsoft to protect our customers' data and not to disclose it to third parties.

All processing described above, particularly the use of cookies for accessing information on the user’s device, only occurs if you have given us your express consent pursuant to Art. 6 (1) lit. a GDPR. Without this consent, Microsoft Clarity will not be used during your visit to the website. You can revoke your consent at any time with future effect. To do so, please disable this service in the “cookie consent tool” provided on the website.

For more information on Microsoft Clarity’s privacy policies, please visit: https://clarity.microsoft.com/terms.

11. Analysis by WiredMinds

Our website uses tracking pixel technology from WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In this process, a visitor's IP address is processed. The processing is carried out solely for the purpose of identifying company-related information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). IP addresses are never stored in LeadLab. When processing the data, our primary interest is to uphold the data protection rights of natural persons. Our legitimate interest is based on Art. 6 (1) lit. f GDPR. The data we collect never enables any inference to be drawn about an identifiable individual.

WiredMinds GmbH uses this information to create anonymous usage profiles relating to user behavior on our website. The collected data is not used to personally identify visitors to our website.

Opt-out link:
You can object to the collection, processing, and storage of data at any time with effect for the future via the following link:
Exclude from tracking
(A technically necessary cookie will be set to permanently exclude you from tracking by WiredMinds LeadLab on this website.)

12. CookieFirst

To ensure our website functions properly, we use cookies. In order to obtain your valid consent for the use and storage of cookies in the browser you use to access our website, and to properly document this, we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, Netherlands. Website: https://cookiefirst.com, referred to as CookieFirst.

When you access our website, a connection to the CookieFirst server is established to enable us to obtain valid consent from you for the use of certain cookies. CookieFirst then stores a cookie in your browser to activate only the cookies you have consented to and to document this properly. The processed data will be stored until the defined retention period expires or you request the deletion of the data. Different legal retention periods may apply in certain cases.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis is Article 6 (1) lit. c of the General Data Protection Regulation (GDPR).

12.1 Data Processing Agreement

We have entered into a data processing agreement with CookieFirst. This is a data protection agreement required by law that ensures the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

12.2 Server Log Files

Our website and CookieFirst automatically collect and store information in so-called server log files that your browser automatically transmits to us. The following data is collected:

  • Your consent status or the withdrawal of consent
  • Your anonymized IP address
  • Information about your browser
  • Information about your device
  • The date and time of your visit to our website
  • The URL of the webpage where you saved or updated your consent settings
  • The approximate location of the user who saved their consent preferences
  • A universally unique identifier (UUID) of the website visitor who clicked the cookie banner

VI. Contact Form and Email Contact

1. Description and Scope of Data Processing

Our website includes a contact form that can be used for electronic communication. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. This data includes:

  • Name
  • Email address
  • Company (if applicable)
  • Message content

At the time the message is sent, the data is forwarded and stored as an email.

Alternatively, contact via the provided email addresses is possible. In this case, the personal data transmitted via email will also be stored.

No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.

2. Legal Basis for Data Processing

The legal basis for processing the data is Art. 6 (1) lit. a GDPR if the user has given consent.

The legal basis for processing data transmitted by email is Art. 6 (1) lit. f GDPR. If the contact via email aims at concluding a contract, the additional legal basis is Art. 6 (1) lit. b GDPR.

3. Purpose of Data Processing

The processing of personal data from the input mask is solely used to process the contact request. In case of contact via email, this also constitutes the necessary legitimate interest in processing the data.

Other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of Storage

The data will be deleted once it is no longer necessary to achieve the purpose for which it was collected. For personal data from the contact form and those sent via email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

Additional personal data collected during the submission process will be deleted at the latest after thirty days.

5. Objection and Removal Option

The user may revoke their consent to the processing of personal data at any time. If the user contacts us via email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

To revoke your consent, please send an email to the data protection officer.

All personal data stored in the course of the contact request will be deleted in this case.

VII. Newsletter

1. Purpose and Content of the Newsletter

Kittelberger sends electronic newsletters (hereinafter "Newsletter") with promotional information to users who have expressly consented to receive them by registering and confirming their email address.

Our newsletters contain general information, expert articles, and event announcements as well as information about Kittelberger's email marketing products and services.

2. Logging of Registration

The newsletter registration is only completed after successful confirmation of the recipient's email address. For this purpose, the recipient receives a so-called double opt-in email with a confirmation link immediately after submitting the registration form. The newsletter registration only becomes effective upon clicking this confirmation link.

To prove valid consent to receive the newsletter, the date and time the confirmation link is clicked, the IP address of the accessing user, and the recipient’s email address are stored together in a log file. A copy of the double opt-in email is also stored and securely archived.

3. User Registration Data

To subscribe to the newsletter, only the user's email address is required. Voluntary details such as salutation, first name, and last name are used exclusively to personalize the newsletter.

4. Analysis of User Behavior

Kittelberger uses so-called newsletter tracking in its newsletters. Recipient actions (opening an email, clicking on text and image links, downloading images via an email client) are recorded and anonymously stored for statistical purposes. The stored data does not allow conclusions about individual users.

If the user has explicitly consented in advance, the aforementioned recipient actions are recorded and stored on a personal basis. This allows Kittelberger to better tailor newsletter content to the user's personal interests.

5. Termination / Withdrawal

The user can unsubscribe from the newsletter at any time and thereby revoke their consent to receive the newsletter. Any consent to record personal user behavior with the newsletter will also be revoked at the same time.

The user may unsubscribe from the newsletter at any time via the unsubscribe link provided in each newsletter.

The user may also withdraw consent for the collection and evaluation of personal usage behavior separately from the consent to receive the newsletter via the revocation link in each newsletter.

VIII. Online Presence on Facebook

We operate an online presence on Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Please note that you use this Facebook page and its functions at your own responsibility. This applies in particular to the use of interactive features (e.g., commenting, sharing, rating).

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information stored on your PC in the form of cookies. This information is used to provide us, as operators of the Facebook page, with statistical insights about the use of the Facebook page.

More information is provided by Facebook at the following link:
http://de-de.facebook.com/help/pages/insights.

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook describes what information it receives and how it is used in general terms in its data usage policies. There, you will also find information on how to contact Facebook and adjust settings for advertisements. The data usage policies are available at:
http://de-de.facebook.com/about/privacy

The full Facebook data policy can be found here:
https://de-de.facebook.com/full_data_use_policy

How Facebook uses data from visits to Facebook pages for its own purposes, the extent to which activities on the Facebook page are assigned to individual users, how long Facebook stores this data, and whether data from a visit to the Facebook page is passed on to third parties is not clearly stated by Facebook and is not known to us.

When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for "German" IP addresses) and deleted after 90 days. In addition, Facebook stores information about the devices of its users (e.g., as part of the “login notification” function); Facebook may thus be able to associate IP addresses with specific users.

If you are currently logged into Facebook as a user, a cookie with your Facebook ID is stored on your device. This allows Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook can collect your visits to these websites and assign them to your Facebook profile via embedded Facebook buttons. Based on this data, content or advertising can be tailored to you.

If you want to avoid this, you should log out of Facebook, deactivate the “stay logged in” function, delete the cookies on your device, and restart your browser. This deletes Facebook information that can directly identify you. You can then use our Facebook page without revealing your Facebook ID. If you use interactive features of the page (Like, Comment, Share, Messages, etc.), a Facebook login screen will appear. After logging in, Facebook will again recognize you as a specific user.

Information on how to manage or delete data held about you can be found on the following Facebook support pages:
https://de-de.facebook.com/about/privacy#

We, as the provider of the information service, do not collect or process any data from your use of the service.

IX. Rights of the Data Subject

If your personal data is being processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:

1. Right of Access

You may request confirmation from the controller as to whether personal data concerning you is being processed.

If such processing exists, you can request the following information from the controller:

  • The purposes for which the personal data is being processed;
  • The categories of personal data being processed;
  • The recipients or categories of recipients to whom your personal data has been or will be disclosed;
  • The planned duration of the storage of your personal data or, if specific information is not available, the criteria used to determine that duration;
  • The existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller, or a right to object to such processing;
  • The existence of a right to lodge a complaint with a supervisory authority;

You also have the right to request information about whether your personal data is being transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to Rectification

You have the right to obtain rectification and/or completion from the controller if the personal data processed concerning you is incorrect or incomplete. The controller must carry out the rectification without undue delay.

3. Right to Restriction of Processing

You may request the restriction of processing of your personal data under the following conditions:

  • If you contest the accuracy of the personal data concerning you for a period that enables the controller to verify the accuracy of the personal data;
  • The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead;
  • The controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims; or
  • If you have objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

If processing of your personal data has been restricted, such data—apart from storage—shall only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If the restriction of processing was imposed under the above conditions, you shall be informed by the controller before the restriction is lifted.

4. Right to Erasure

4.1 Obligation to Erase

You may request the controller to erase personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay where one of the following grounds applies:

  • Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You withdraw your consent on which the processing was based pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR, and there is no other legal ground for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • Your personal data has been unlawfully processed.
  • The erasure of your personal data is required to fulfill a legal obligation under Union or Member State law to which the controller is subject.
  • Your personal data was collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
4.2 Notification to Third Parties

If the controller has made the personal data concerning you public and is obliged to erase it in accordance with Art. 17 (1) GDPR, the controller shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform data controllers processing the personal data that you as the data subject have requested the erasure of any links to, or copies or replications of, those personal data.

4.3 Exceptions

The right to erasure does not apply to the extent that processing is necessary:

  • For exercising the right of freedom of expression and information;
  • For compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • For reasons of public interest in the area of public health in accordance with Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR, in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • For the establishment, exercise or defense of legal claims.

5. Right to Notification

If you have asserted the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about those recipients by the controller.

6. Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data were provided, where:

  • The processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR; and
  • The processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected.

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

You may exercise your right to object in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

8. Right to Withdraw Consent under Data Protection Law

You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated Decision-Making in Individual Cases Including Profiling

You have the right not to be subject to a decision based solely on automated processing—including profiling—which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  • Is necessary for entering into, or performance of, a contract between you and the controller,
  • Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
  • Is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR unless Art. 9 (2) lit. a or g applies and appropriate measures have been taken to safeguard the rights and freedoms and your legitimate interests.

In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.