At this point we would like to give you an idea of how we understand data protection and to make transparent what happens to all the accumulated data. Furthermore you will be informed about your statutory rights with reference to the processing of these data.
adesso AG (hereinafter also we/us), Adessoplatz 1 , 44269 Dortmund, is responsible for the Internet platforms.
Below, we would like to inform you comprehensively and in detail about how we shall protect your privacy, and how personal data is processed within the framework of our websites and/or our online platforms. Personal data will be deleted as soon as possible and will never be used for advertising purposes, or be passed on, without your consent.
If the information provided below is insufficient or incomprehensible, please do not hesitate to contact our data protection officer under the contact details given in Section II.
Data protection officer
Relevant supervisory authority
Landesbeauftragte für Datenschutz und Informationsfreiheit
The definitions of the terms used are governed by the Regulation (EU) 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "General Data Protection Regulation" or "GDPR"). In particular, the definitions under Articles 4 and 9 GDPR apply.
1. “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
2."Processing" means any operation carried out with or without the aid of automated procedures or any such series of operations relating to personal data, such as the collection, conception, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, erasure or destruction;
3. "Restriction of processing" means the marking of stored personal data with the aim of restricting or blocking their future processing;
4. "Profiling" means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person;
5. "Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
6. "Controller" means the natural or legal person, authority, institution or other body which, alone or in association with others, decides on the purposes and means of processing personal data; where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his appointment may be laid down by Union law or by the law of the Member States;
7. "Processor" means a natural or legal person, authority, institution or other body processing personal data on behalf of the data controller;
8. "Recipient" means any natural or legal person, authority, institution or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by the said authorities is carried out in accordance with the applicable data protection rules and in accordance with the purposes of the processing;
9. "Third party" means any natural or legal person, authority, institution or other body, other than the data subject, the controller, the data processor and the persons authorised to process the personal data under the direct responsibility of the controller or the data processor;
10. "Consent" of the data subject means any voluntary declaration of intent, in an informed and unequivocal manner, in the form of a declaration or other clear affirmative act, in which the data subject indicates his or her consent to the processing of personal data concerning him or her;
1. Scope of the processing of personal data
In principle, we collect and use personal data of our users only insofar as this is necessary for rendering and providing our services and for providing our web and online platforms (including mobile apps).
As a general rule, any collection and/or use of personal data for other purposes take place only
(i) with the user's prior consent,
(ii) if the processing is for the purpose of performing a contract, or
(iii) for the protection of legitimate interests, except where such interests are outweighed by the data subject's interests or basic rights or basic freedoms that necessitate the protection of personal data.
Moreover, an exception applies in cases where, for practical reasons, it is not possible to obtain prior consent, or in cases where processing of the data is permitted by statutory provisions.
2. Legal bases
Insofar as personal data is processed on the basis of the data subject's consent, Article 6 (1), letter a GDPR forms the legal basis for the processing.
In cases where personal data is processed for the performance of a contract to which the data subject is a party, Article 6 (1), letter b GDPR forms the legal basis; this also applies to processing necessary for the implementation of precontractual measures.
If personal data is processed in order to comply with a legal obligation to which we are subject, Article 6 (1), letter c GDPR forms the legal basis. If processing of personal data is necessary in order to protect vital interests of the data subject or any other natural person, Article 6 (1), letter d GDPR forms the legal basis.
If processing takes place in order to protect a legitimate interest of our company or a third party, and this interest is outweighed by the data subject's interests or basic rights or basic freedoms, Article 6 (1), letter f GDPR forms the legal basis of the processing.
3. Obtaining consent / Right to revoke
Generally, consent under Article 6 (1), letter a GDPR is obtained electronically. Consent is given by ticking a box in the corresponding field for the purpose of documenting the granting of consent. The content of the declaration of consent is recorded electronically.
Right to revoke: Please note that consent once given may be wholly or partly revoked at any time with effect for the future. The lawfulness of the processing that, on the basis of the consent given, has taken place until such revocation will remain unaffected hereby. If you wish to revoke your consent, please use the contact details given in Section II (data controller or data protection officer).
4. Possible recipients of personal data
In order to provide our web and/or online platforms, we shall sometimes use third-party service providers, who will, when rendering their services, operate on our behalf and in accordance with our directives (commissioned processor). These service providers may receive personal data or come into contact with personal data when rendering their services and will constitute third parties or recipients within the meaning of the GDPR.
In such cases, we shall ensure that our service providers offer sufficient guarantees that suitable technical and organisational measures exist, and processing is carried out in a manner that is in keeping with the requirements of this Regulation and safeguards the protection of the data subject's rights (cf. Article 28 GDPR).
Insofar as personal data is transmitted to third parties and/or recipients outside of commissioned processing, we shall ensure that this occurs only in compliance with the requirements of the GDPR (e.g. Article 6 (4) GDPR) and only if a corresponding legal basis exists (e.g. Article 6 (4) GDPR; see also subsection IV.2).
5. Processing of data in so-called third countries
In principle, the processing of your personal data will take place within the EU or the European Economic Area ("EEA").
Merely in exceptional cases (e.g. in connection with the calling-in of service providers for rendering web analysis services) may information be transmitted to so-called "third countries". "Third parties" are countries that are outside of the European Union and the Agreement on the European Economic Area. Therefore, it cannot be automatically assumed that the level of data protection in those countries is adequate and corresponds to the standards in the EU.
If the transmitted information also includes personal data, we ensure before such a transfer that an adequate level of data protection is guaranteed in the respective third country or with the respective recipient in the third country, that you have given your consent to this, or that another reason for authorisation (e.g. Art 49 DSGVO) exists.
An appropriate level of data protection can result from a so-called "adequacy decision" of the European Commission or be ensured by using the so-called "EU standard contractual clauses". In the case of recipients in the USA, compliance with the principles of the so-called "EU-US Privacy Shield" can also ensure an appropriate level of data protection. We will be happy to provide you with further information on the appropriate and appropriate guarantees for maintaining an appropriate level of data protection upon request; the contact details can be found at the beginning of this data protection information. Information on the participants of the EU-US Privacy Shield can also be found here www.privacyshield.gov/list.
6. Data deletion and storage period
The data subject's personal data will be deleted or blocked as soon as the purpose for which the data is being processed ceases to exist. After this purpose has ceased to exist, the data will continue to be stored only if such storage is provided for by the European or national legislator in ordinances, laws or other provisions under European Union law to which our company is subject (e.g. for compliance with statutory retention duties and/or if there are legitimate interests in such storage, e.g. in the course of limitation periods for the purpose of a legal defence against any claims). The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion of a contract or for other purposes.
7. Rights of the data subject
A person whose personal data is processed is granted certain rights under the GDPR (so-called rights of the data subject, in particular Articles 12 to 22 GDPR). The data subject's individual rights are explained in greater detail in Section XI. If you wish to make use of one or more of these rights, you may contact us at any time. Please use the contact options specified under Section II.
Every time our website is accessed, our system collects data and information from the accessing computer's computer system in an automated manner. The following data is collected (hereinafter "Log Data"):
With the exception of the IP address, the above-mentioned log data does not allow any personal reference to the user; personal reference can only be established by assigning or linking the log data to an IP address.
1. Purpose and legal basis
The collection and processing of Log Data, in particular the IP address, take place for the purpose of making available to the user the content contained on our website, i.e. for the purpose of communication between the user and our web or online platform. It is necessary to temporarily store the IP address for the duration of the respective communication process. This is needed for addressing the communication between the user and our web and/or online platform and/or for making use of our web and/or online platform. Article 6 (1), letter b GDPR and/or Section 96 TKG [Telecommunications Act] and/or Section 15 (1) TMG [Telemedia Act] will, for the duration of your website visit, form the legal basis for this data processing.
Any processing and storage of the IP address in log files beyond the communication process take place for the purpose of ensuring the functionality of our web and online platforms, optimising these platforms and ensuring the security of our IT systems. Article 6 (1), letter f GDPR (protection of legitimate interests) and/or Section 109 TKG form the legal basis for any storage of the IP address for these purposes beyond the communication process.
2. Data deletion and storage period
The data will be deleted as soon as it is no longer needed for attaining the purpose for which it was collected. If the data was collected for the purpose of providing the website, this will be the case when the respective session (the website visit) has ended. Any further storage of Log Data, including the IP address, for the purpose of system security will take place for a period of no more than seven days after the user's access to the website has ended. Further processing and/or storage of Log Data will be possible and permissible insofar as the users' IP addresses are, following the expiration of the aforementioned seven-day storage period, deleted or masked to such an extent that it is no longer possible to allocate the Log Data to an IP address.
3. Opt-out and removal option
The collection of Log Data for the provision of the website, including the storage of Log Data in log files within the aforementioned limits, is absolutely essential for the operation of the website. Therefore, the user has no possibility of opting out. This does not apply to the processing of Log Data for analysis purposes; this is - depending upon the respective web analysis tool used and the type of data analysis (personal / anonymous / pseudonymous) - governed by Section VIII.
We differentiate between (i) technically essential cookies, (ii) analysis cookies and (iii) third-party providers' cookies:
(i) Technically essential cookies are used by us in order to make our web and/or online platform more user-friendly. The following data is stored in technically essential cookies and transmitted to our systems:
(ii) Analysis cookies (also so-called session cookies) are used by us in order to analyse the surfing behaviour of the users on our web and/or online platforms for the purpose of advertising and/or market research or for tailoring the design our platforms to the needs. The following data is collected via analysis cookies and transmitted to our systems:
The user data collected in this manner is anonymised by technical means. It is then no longer possible to allocate the data to the accessing user.
(iii) Third-party providers' cookies are cookies provided not by our web servers, but by third-party providers. This includes, for example, integration of the "Like" button. When this button is clicked, Facebook places a cookie of its own onto the user's browser. We can never search for or evaluate third-party providers' cookies.
The third-party providers are solely responsible for the use of such cookies; we have no possibility of influencing the use or processing of such cookies; you can prevent the placement of third-party providers' cookies by taking the measure described in subsection VII.3 and Section VIII.
1. Purpose and legal basis
The purpose of using technically essential cookies is to simplify website usage for the users. Without the use of these cookies, it would not be possible to offer some of our website features. These features necessitate that the browser be recognised following a site change. We require technically essential cookies for the following applications:
The user data collected by means of technically essential cookies is not used for creating user profiles. Article 6 (1), letter b GDPR forms the legal basis for the use of technically essential cookies insofar as the user is possibly personally identifiable, and such use is necessary for the purpose of providing our web and/or online platforms in the interest of the performance of a contract, otherwise Article 6 (1), letter f GDPR, as such use also takes place in order to protect legitimate interests for the purpose of providing web and/or online platforms.
The use of analysis cookies takes place for the purpose of improving the quality of our website and its content. As a result of analysis cookies, we learn how the website is used, which thus enables us to continually optimise our platform (see above). Insofar as the user is possibly personally identifiable, Article 6 (1), letter a GDPR forms the legal basis for the processing of personal data using analysis cookies, if the user has given its consent. If analysis cookies are used for the creation of pseudonymous evaluations, Article 6 (1), letter f GDPR (protection of legitimate interests) or Section 15 (3) Telemediengesetz (TMG) forms the legal basis.
2. Data deletion and storage period
Cookies are deposited onto the respective terminal device of the user (smart device / PC) and transmitted to our websites from there. A distinction is made between so-called permanent cookies and session cookies. Session cookies are stored during the duration of a browser session and deleted when the browser is closed. Permanent cookies are not deleted when the respective browser session ends, but are stored on the user's terminal device for a longer period.
3. Opt-out and removal option
In order to optimise our websites and adapt to the changing habits and technical requirements of our users, we use tools for so-called web analysis. In the process thereof, we measure, for example, which elements are visited by the users, whether the information searched for is easy to find, etc. This information is only interpretable and meaningful at all if a relatively large group of users is analysed. To this end, the data collected is aggregated, i.e. combined into relatively large units.
This enables us to adapt the design of websites or optimise content in cases where, for example, we discover that a relevant portion of the visitors uses new technologies or fails to find, or has difficulty finding, an existing piece of information.
On our web and online platforms, we carry out the following analyses and use the following web analysis tools:
1. Analysis of Log Data
Use of Log Data for analysis purposes takes place exclusively on an anonymous basis. In particular, Log Data is not linked to user data that could be used to identify the user; nor is Log Data linked to an IP address or a cookie. Therefore, such analysis of Log Data is not subject to the provisions of the GDPR under data protection law.
2. Google Analytics
Google Analytics uses ‘cookies’ which allow it to analyse our customers’ usage of the website in a pseudonymised and/or anonymised form.
The information generated by the cookie about your use of our website is transferred to a Google server in the US and stored there. However, if IP anonymisation has been activated on this website, your IP address will be truncated by Google before transfer within Member States of the European Union or in other signatory states of the Agreement of the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there. On our behalf, Google will use this information to evaluate use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be combined with other Google data.
You can prevent the storage of cookies by configuring your browser software accordingly; however, we would point out that you may not be able to make full use of all functions of this website in this case.
If you do not want Google Analytics to evaluate your data, you have the following options:
You can prevent Google Analytics from collecting your data by clicking the following link. This sets an opt-out cookie that will prevent Google Analytics from collecting your data when you visit this website in the future:
Please note: If you delete your cookies, this will result in the opt-out cookie also being deleted, which means that you may have to reactivate it.
You can also prevent data that has been generated by the Google Analytics cookie which is related to your use of websites (including your IP address) from being transferred to and processed by Google by downloading the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en) and installing it.
We use Google Analytics to evaluate data from AdWords and the DoubleClick cookie for statistical purposes. If you do not want this to happen, you can deactivate these settings in the personalised ads manager (http://www.google.com/settings/ads/onweb/?hl=en).
3. Google Tag Manager
Google Tag Manager is a solution that can be used to manage tags for services such as Google Analytics via an interface. The Tag Manager does not process any personal data of users. You can find further information on how it processes users’ personal data in its Use Policy: www.google.de/analytics/tag-manager/use-policy/
4. Use of Hotjar
This website uses Hotjar, an analysis software of Hotjar Ltd. (‘Hotjar’) (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). With Hotjar it is possible to measure and evaluate the usage behaviour on our website in the form of clicks, mouse movements, scroll activity etc. The information generated by the tracking code and the cookie is transmitted to and stored by the Hotjar servers in Ireland.
The following information is collected:
In addition, the following data is logged on our server when using Hotjar:
Hotjar will use this information to evaluate your use of our website, to generate reports and for other services related to use of the website and Internet evaluation of the website. Areas of the website in which your personal data or that of third parties is displayed are automatically hidden by Hotjar and therefore cannot be seen at any time.
Hotjar also uses third-party services such as Google Analytics and Optimizely to provide services. These third parties may store information that your browser sends during your visit to the website, such as cookies or IP requests. For more information on how Google Analytics and Optimizely store and use data, please refer to their respective privacy policies.
By using this website, you consent to the above processing of data by Hotjar and its third-party providers in accordance with their privacy policies.
On our web and online platforms, we additionally offer the option of registering for our newsletter. Furthermore, advertising tools and social media plugins are used. In detail:
1. Newsletter registration
If you would like to receive the newsletter that we offer, we will need you to provide us with a valid e-mail address. As part of a ‘double opt-in’ process, we will send an automated e-mail to the e-mail address you have stated after the first step of registration to verify that you are the owner of the e-mail address and/or to verify that the owner has subscribed to the newsletter. We will only add this e-mail address to our distribution list after you have verified the e-mail address via a link in the confirmation e-mail. We will not collect any other data apart from your e-mail address and the information regarding confirmation of your registration. Registrations are recorded in order to be able to verify the process pursuant to legal requirements. This includes the e-mail distribution service saving the times at which the subscription was registered and confirmed, as well as the IP address.
Your data will be processed exclusively for the purposes of sending the newsletter to which you have subscribed. The legal basis for this processing is Article 6(1) point (b) of the GDPR. You have the right to cancel your subscription to our newsletter at any time, or in other words, you have the right to withdraw your consent. You can find a link to cancel your subscription to the newsletter at the end of every newsletter. The statements on the right to withdraw your consent under IV.3 shall also apply.
2. Use of personal data for advertising and marketing purposes / Customer surveys
Your personal data will be used for advertising and/or marketing purposes and for carrying out customer satisfaction surveys only if you have consented thereto, or if there is some other legal basis that allows advertising and/or marketing even without your consent.
3. Google AdWords
We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, (‘Google’) on the basis of our legitimate interests (i.e., our interest in the analysis, optimisation and economic operation of our Internet presence pursuant to Article 6(1) point (f) of the GDPR).
We use the online advertising program ‘Google AdWords’ and conversion tracking as part of Google AdWords on our website. ‘Google Conversion Tracking’ is an analysis service provided by Google Inc. When you click on an ad placed by Google, a conversion tracking cookie is placed on your computer. These cookies are valid for a limited time, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google will be able to determine that you clicked the ad and were redirected to this page. Each Google AdWords customer receives a different cookie. This means that it is not possible to track cookies through the websites of AdWords customers.
The information which is collected with the aid of the conversion cookie is used to create conversion statistics. We use these to determine the total number of users who have clicked our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information that could be used to identify you. Processing takes place on the basis of our legitimate interest in targeted advertising and the analysis of the impact and effectiveness of this advertising pursuant to Article 6(1) point (f) of the GDPR.
You have the right to object to the processing of your personal data pursuant to Article 6(1) point (f) of the GDPR at any time. You can also prevent cookies from being stored by selecting the corresponding technical settings in your browser software. However, we would point out that you may not be able to make full use of all functions of this website in this case. This also means that you will not be recorded in our conversion tracking statistics.
Furthermore, you can also deactivate personalised ads in your Google Ads settings. You can find instructions on how to do so here: support.google.com/ads/answer/2662922?hl=en
4. Social networks / Social media plugins
We have integrated buttons ("plugins") from various social networks into our websites. Various features, the subject-matter and scope of which are determined by the operators of the social networks, are provided by means of these plugins. For greater protection of your personal data, we use a 2-click procedure. The plugin is activated by clicking on the button right next to the respective plugin; activation is indicated by the change in the colour of the plugin button from grey to colour. You will then be able to use the respective plugin by clicking on the plugin button. Bear in mind that the IP address of your browser session can be linked to your own profile on the respective social network, if you are logged in there at this point in time. Likewise, your visit to our website may be linked to your profile on the social network, if this social network recognises you via a cookie that was placed onto your computer by the social network at an earlier date and is still on your computer.
Please note that we are not the provider of the social networks and have no influence over the processing of data by the respective providers. Further information on the handling of data can be found at the following links or addresses:
Plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated into our websites. You can recognise the Facebook plugins by the Facebook logo or the "Like" button on our website. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/.
If you activate the plugin, a direct connection between your browser and the Facebook server is established via the plugin. Facebook is thus informed that you, under your IP address, have visited our website.
We point out that we, as the provider of the websites, have no knowledge of the content of the data transmitted, or of how this data is used by Facebook, and that we are not responsible for the processing of data by Facebook. Further information on this can be found in Facebook's data privacy statement at http://de-de.facebook.com/policy.php
On our websites the Instagram plug-in is used which is run by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plug-ins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plug-ins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
If you do not want Instagram to associate the information collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. You can also prevent the Instagram plug-ins from loading with add-ons for your browser, e.g. with the "NoScript" script blocker (http://noscript.net/), see also Section VI.3.
On our websites we use the provider YouTube for the integration of videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. On some pages we also use a YouTube plug-in. When you access a page with such a plug-in, a connection to the YouTube servers is automatically established and the plug-in is displayed. The YouTube server receives information about which of our Internet pages you have visited. If you are a YouTube member and logged in to YouTube at the same time as you visit our site, YouTube may associate this information with your personal user account. When using the plug-in, such as clicking the start button of a video, this information is also assigned to your user account.
If you do not wish to have such an assignment, you can prevent this by logging out of your YouTube account and other YouTube LLC and/or Google Inc. user accounts before using our pages; alternatively, you can delete the corresponding cookies of these companies (see section VI.3 in detail). Further information on data processing and privacy protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.
Features of the social network "LinkedIn" are integrated into our websites. These features are offered by LinkedIn Ireland Limited, 77 Sir John Rogerson’s Quay, Dublin 2, Ireland. In the process, data is also transmitted to LinkedIn. We point out that we, as the provider of the websites, have no knowledge of the content of the data transmitted, or of how this data is used by LinkedIn. Further information on this can be found in LinkedIn's data privacy statement at http://www.linkedin.com/static?key=privacy_policy.
Features of the service "Xing", operated by XING AG, Gänsemarkt 43, 20354 Hamburg, are integrated into our websites. If you activate and use the plugin, your browser will establish a direct connection to Xing's servers. The content of the plugin is transmitted by Xing directly to your browser and integrated into the website by your browser. As a result of the integration of these plugins, Xing is informed that you have accessed the corresponding website on our Internet platform. If you are logged onto Xing, Xing will be able to allocate your visit to your Xing account. For information on the purpose and scope of the collection of data by Xing and on the further processing and use of data by Xing, as well as on your rights in this connection and the setting options for the protection of your privacy, please refer to Xing's data privacy notices.
Our website contains a contact form that the user can use to electronically contact us. If the user makes use of this option, the data entered in the input mask is transmitted to us and stored. These details are:
*Mandatory details needed for the purpose of registration are marked as a mandatory field by means of an asterisk (also in the input mask).
When a message is sent, the following data is additionally processed and stored:
Alternatively, it is possible to contact us via the email address given on our website. In this case, the user's personal data transmitted by email will be stored. In no event will the data be passed on to third parties, unless we need to fall back on third parties for handling the enquiry.
1. Purpose and legal basis
The data will be processed exclusively for the purpose of handling the respective enquiry or the respective user request. The other data collected during the transmission process will serve to prevent misuse of the contact form and safeguard the security of our IT systems.
Insofar as data processing takes place for the purpose of fulfilling a customer order or a customer enquiry, Article 6 (1), letter b GDPR forms the legal basis for the processing of the data, regardless of whether we are contacted via the contact form or by email. If the user has given its consent, Article 6 (1), letter a GDPR forms the legal basis for the processing. Article 6 (1) f GDPR forms the legal basis for the collection of additional data during the transmission process; the legitimate interest lies here in the prevention of misuse and the safeguarding of system security (cf. subsection VI.1).
2. Data deletion and storage period
In principle, the data will be deleted as soon as it is no longer needed for attaining the purpose for which it was collected. In respect of the personal data from the input mask on the contact form, and the personal data sent by email, this will be the case when the respective communication with the user has ended, and/or the user's enquiry has been definitively answered. The communication will be deemed ended, or the enquiry definitively answered, if it is evident from the circumstances that the matter concerned has been definitively cleared up. Instead of being deleted, the data will be stored and blocked insofar as continued storage of the data is necessary for the reasons specified in subsection III.4.
The personal data additionally collected during the transmission process will likewise be deleted as soon as it is no longer needed for attaining the purpose for which it was collected.
3. Opt-out and removal option
The user has the option of at any time discontinuing the communication with us and/or withdrawing its enquiry and opting out of corresponding use of its data. In such case, continued communication will not be possible. All personal data stored in the course of contact with the user will, in this case, be deleted, except where storage of the data continues for the reasons specified in subsection IV.6.
4. Use of Google reCAPTCHA
Under the GDPR, the user is, in particular, entitled to the following rights as the data subject:
1. Right to information (Article 15 GDPR)
You have the right to request information on whether or not we process personal data concerning you. If our company processes personal data concerning you, you are entitled to information on
Furthermore, you are entitled to information on whether your personal data is the subject-matter of an automated decision as defined by Article 22 GDPR, and, if so, what decision-making criteria are taken as a basis for such automated decision (logic), and what effects and implications this automated decision could have for you.
If personal data is transmitted to a third country outside of the scope of application of the GDPR, you are entitled to information on whether and, if so, under what guarantees an adequate level of protection, within the meaning of Articles 45 and 46 GDPR, has been safeguarded at the data recipient in the third country.
You have the right to demand a copy of your personal data. In principle, data copies will be made available by us in electronic form, unless you have specified otherwise. The first copy will be free of charge; an appropriate fee may be requested for further copies. The data requested will be provided only insofar as no rights or freedoms of other persons could be impaired as a result of the sending of a copy of this data.
2. Right to correction (Article 16 GDPR)
You have the right to request that we correct your data insofar as your data is incorrect, inapplicable and/or incomplete; this right to correction includes the right to make your data complete by means of supplementary statements or notifications. Correction and/or supplementation will take place promptly, i.e. without culpable delay.
3. Right to deletion (Article 17 GDPR)
You have the right to demand that we delete your personal data insofar as
No right to delete personal data exists insofar as
Deletion will take place promptly, i.e. without culpable delay. If we have made personal data public (e.g. on the Internet), we shall, insofar as this is technically possible and can be reasonably expected, ensure that third-party data processors are also informed of the deletion request, including the deletion of links, copies and/or replications.
4. Right to restriction of processing (Article 18 GDPR)
You have the right to have the processing of your personal data restricted in the following cases:
Personal data whose processing has been restricted at your request will, except for storage, be processed only (i) with your consent, (ii) for asserting, exercising or defending legal claims, (iii) for protecting the rights of other natural persons or legal entities or (iv) for reasons of important public interest. If a processing restriction is lifted, you will be informed thereof.
5. Right to data portability (Article 20 GDPR)
Subject to the following provisions, you have the right to request that the data concerning you be surrendered in a commonly used electronic, machine-readable data format. The right to data transfer includes the right to transmit the data to another data controller. On request, we shall therefore - insofar as technically possible - transmit data directly to a data controller designated, or yet to be designated, by you. The right to data transfer applies only to data provided by you and requires that the processing take place on the basis of consent or for the implementation of a contract and be carried out with the aid of automated procedures. The right to data transfer under Article 20 GDPR does not affect the right to data deletion under Article 17 GDPR. The data will be transferred only insofar as no rights or freedoms of other persons could be impaired as a result of the data transfer.
6. Right to opt out (Article 21 GDPR)
If personal data is processed for the performance of tasks that are in the public interest (Article 6 (1), letter e GDPR) or for the protection of legitimate interests (Article 6 (1), letter f GDPR), you may at any time, with effect for the future, opt out of the processing of personal data concerning you. If you exercise your right to opt out, we shall refrain from all further processing of your data for the aforementioned purposes, unless
You may at any time, with effect for the future, opt out of having your data used for the purpose of direct advertising; this also applies to profiling, insofar as it relates to direct advertising. If you exercise your right to opt out, we shall refrain from all further processing of your data for the purpose of direct advertising.
7. Legal protection options / Right to complain to the supervisory authority
If you have any complaints, you may at any time turn to the relevant supervisory authority of the European Union or its Member States. For our company, the supervisory authority specified in Section II is the relevant supervisory authority.