Data protection statement

As of May 25, 2018

General extent of data processing 

Data protection is very important to our company.  We comply with the General Data Protection Regulation (GDPR), which uniformly regulates processing of personal data for the whole European Union, and other national data protection laws of the Member States, and further statutory data protection directions. In principle, we collect, process and use personal data only insofar as that is necessary for the provision of a well-functioning website and the presentation of our offers and the performance of our services.

In principle, you, the user, can visit our web pages without giving any personal details relating to your person. Personal data are collected and used only to the extent that they are necessary for the provision of a well-functioning website and our contents and services. In general, we collect and use your personal data only after asking for your consent. Exceptions apply to such cases in which actual causes prevent obtaining your consent or legal regulations permit data collection and processing.

For security reasons, we use a SSL certificate on our website to provide safe connections by encrypting the whole incoming and outgoing data traffic. You recognize the encryption by the lock symbol in your browser line and the display of „https://“.

Name and address of the controller

Responsible in the sense of the GDPR is:

Cosmacon GmbH
Kiebitzweg 2
22869 Schenefeld
Telefon +49 (0) 40 840 555 26
E-Mail: info@cosmacon.de
Internet: www.cosmacon.de

Definitions 

The terms used in this data protection statement correspond to those under article 4 GDPR. In the sense of this regulation, the meaning of the terms is:

  • „personal data“ - any information relating to an identified or identifiable natural person (hereinafter 'data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • „data subject“ – each identified or identifiable natural person whose personal data are processed by the controller.
  • „processing“ – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • „restriction of processing“ – marking any stored personal data with the aim of limiting their processing in the future;
  • „profiling“ – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
  • „controller“ – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • „recipient“ –  a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  • „third party“ – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
  • „consent“ – any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

General legal basis of processing personal data 

Insofar that we ask for consent by the data subject for processing personal data, the legal basis of processing personal data is Art. 6 Par. 1 lit. a EU General Data Protection Regulation (GDPR). The legal basis for processing personal data required for the fulfilment of a contract in which the data subject is the contracting party is Art. 6 Par. 1 lit. b GDPR. That also applies to processing procedures required for carrying out measures of the provisional agreement. Insofar that processing of personal data is required for the fulfilment of a legal obligation, we have to comply with, the legal basis is Art. 6 Par. 1 lit. c GDPR. For the case that vital interests of the data subject or other natural persons require processing personal data, the legal basis is Art. 6 Par. 1 lit. d GDPR. In the case that required processing is important for the protection of our or a third party’s legitimate interests and those interests do not outweigh the interests, basic rights and fundamental freedoms of the data subject, the legal basis of processing is Art. 6 Par. 1 lit. f GDPR.

Data erasure and storage period

Your personal data are erased or blocked as soon as the purpose of the storage is finished. In addition, data storage is possible in case the storage is intended by the European or national legislation in EU law regulations, stipulations or other directives the controller has to fulfil. Data are blocked or erased also when a storage period stipulated by the mentioned norms expires, except that the continued storage of the data is required due to the completion or the fulfilment of a contract.

Collection of technical access data, server log files

When you call up our web pages, our web server automatically collects data and information of the computer system of the retrieving computer you use. The recorded data in detail:

  • Browser name and version used
  • Operating system used
  • IP address
  • Date and time of access
  • Website that linked you to our website (referrer URL)
  • Name and URL of the files retrieved via our website

The data are stored temporarily in the log files of the web server we use. These data are not stored together with other data pertaining to your person. We cannot classify your data as belonging to certain persons. We use these technical log data only for statistical purposes and optimization of our website and its safety. The legal basis of the temporary storage of the data and the log files is Art. 6 Par. 1 lit. f GDPR.

The temporary storage of the IP address by our web server is necessary to enable the delivery of the called-up web pages to your computer. For that purpose, it is necessary that the IP address of the calling-up computer remains stored for the duration of the session. The storage in log files ensures the functionality of the website. Moreover, the data are necessary to optimize the website and ensure the safety of our information technology systems. The data are not analyzed for marketing purposes. The purposes mentioned above comply with our legitimate interest in data processing in accordance with Art. 6 Par. 1 lit. f GDPR.

The stored data are erased as soon as they are no longer required to fulfil the purpose of their collection. The collection of the data for the provision of the website and the storage of the data in log files is imperative for the operation of the website. Consequently, you do not have the possibility to object or claim erasure.

Use of cookies

We use „cookies“ on our website. „Cookies” are text files that are stored in the internet browser or by the internet browser on the retrieving computer system. When you call up a website, a cookie can be stored on the operating system of the computer you use. This cookie includes a characteristic string that allows a definite identification of the browser when you call up the website again.

The purpose of cookies is to simplify the use of the website for you. Some functions of our website cannot be provided without the use of cookies. They make special requirement to recognize the browser after changing from one page to another, e.g. log-in information, content of the shopping cart, adoption of language setting, remembering search terms. User data collected by cookies necessary due to technical reasons are not used to create user profiles. Data processed by cookies are necessary for the mentioned purposes to protect our legitimate interests in the creation of a customer-friendly website in accordance with 6 Par. 1 S. 1 lit. f GDPR.

We inform you about the use of cookies when you visit our website or app the first time. Cookies are stored on your computer and transferred by it to our website. That means that you, the user, have control of the use of cookies. By changing the setting in your internet browser you can deactivate or restrict the transfer of cookies. Already stored cookies can be erased at any time. Dependent on the browser, that possibly can be done in an automated way. Ask the provider of your browser for more information.

In case cookies for our website are deactivated, it is possible that you cannot use all functions of the website to full extent.

Contact form and e-mail contact 

In case there is a contact form on our website, which you can use for electronic contacting, the following applies: If you use that feature, the data entered in the input screen are transferred to us and stored. The data are necessary for processing the contact: your first name and surname, your
e-mail address, your telephone number, reference, message box. Minimum mandatory fields are marked. With the point in time of sending the message, in addition, the IP address of the retrieving computer, the date and time of the registration are stored to prevent the misuse of the contact form and to ensure the security of our information technology systems. The before-mentioned purposes correspond with our legitimate interest in data processing in accordance with Art. 6 Par. 1 lit. f GDPR.

We ask for your consent to data processing before sending and simultaneously refer to this data protection statement. You have the alternative of contacting us per e-mail. In that case, for processing the contact we store only the personal data you transferred per e-mail. Under no circumstances, your data will be passed on to a third party. Your data are used exclusively for the intended communication. The legal basis of data processing, after having received your consent, is

Art. 6 Par. 1 lit. a GDPR. The legal basis of processing personal data you have transferred per e-mail is

Art. 6 Par. 1 lit. f GDPR. In case the e-mail contact aims at the completion of a contract, the additional legal basis for data processing is Art. 6 Par. 1 lit. b GDPR.

The data are erased as soon as they are no longer required for the purpose of collection. With regard to the personal data in the input screen of the contact form and the personal data given per e-mail, that is the point of time when the communication with you is finished. The conversation is completed when the circumstances allow concluding that the relevant facts are finally settled.

You have the opportunity to revoke your consent to processing of personal data at any time. In case you have contacted us per e-mail, you can revoke the storage of your personal data at any time. You can send your revocation e.g. per e-mail or letter to the contact address given in the imprint. All personal data stored within the context of the contact will be erased.

Tools for web analytics 

On our website, we use several web analytic tools to analyze user data; they help us optimize our online service and our web presence to increase needs-based user-friendliness. As a rule, web analytic tools use “cookies” (definition under numeral 7.1) for that purpose. Data processing is made on the basis of the legal regulations of Art. 6 Par.1 lit f GDPR (legitimate interest).

Taking your privacy into consideration, all data possibly allowing reference to your person, e.g. IP address, log-in ID or device identification, are anonymized or pseudonymized as soon as possible. There is no further use or connection with other data and no transmission to third parties. In the following, the tools are described in detail:

Google Analytics

We use Google Analytics, a web analytic service by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Google Analytics uses „cookies“ that are stored on your computer and allow an analysis of your use of the website. The information provided by the cookie about your use of this website (inclusive of the anonymized, i.e. abridged IP address) in general is transferred to a server of Google in the USA where it is stored.

The IP anonymization "_anonymizeIp()" is activated on our website. By this option your IP address is abridged by Google within the Member States of the European Union or in other contracting states of the agreement on the European economic area. By that measure the personalization of your IP address is excluded. Only in exceptional cases, the complete IP address is transferred to a server of Google in the USA to be abridged there. In those exceptional cases, processing is made in accordance with Art. 6 Par. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of the user behaviour for optimization and marketing purposes.

Google will use this information on our instructions to analyze your use of our website, to draw up reports on the website activities and to provide us with services connected with the use of the website and the internet. The IP address transmitted from your browser within the context of Google Analytics will not be connected with other data of Google.

You can prevent the installation of the cookies by a specific setting of your browser software. That, however, could result in the fact you could not use all functions of the website to full extent. You can prevent the collection of the data produced by the cookie and related to your use of the website (inclusive of your IP address) and processing those data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially to browsers on mobile devices, you can prevent data collection by Google Analytics, by clicking the following link:

An opt-out cookie is set that prevents the future collection of your data when you visit our website. The opt-out cookie is valid only in this browser and only for our website and is placed on your device. If you delete the cookies in this browser, you must set the opt-out cookie anew.

You get further information about data protection in connection with Google Analytics under the link in the Google Analytics support: https://support.google.com/analytics/answer/6004245?hl=de

Google Maps

We use Google Maps (API) by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service to depict interactive maps for the visual presentation of geographic information. When you use this service, our site is displayed to you to facilitate approach.

As soon as you call up the subpages integrated into the map of Google Maps, information about your use of our website (e.g. your IP address) is transmitted to the server of Google in USA and stored there. That procedure is independent of the circumstance whether Google provides a user account by which you are logged in or not. If you are logged in at Google, your data are directly classified as belonging to your account. If you do not want the reference to your profile at Google, you must log out prior to activating the button. Google stores your data (even of not logged-in users) as user profiles and analyzes them.

You have the right to opposition against the formation of those user profiles. To assert that right you are addressed to Google. Google LLC, headquarters in the USA, is certified for the US-European data protection agreement „Privacy Shield“ ensuring that the data protection standard applicable in the EU is observed.

In case that you do not agree with the future transmission of your data to Google within the context of the use of Google Maps, you have the possibility to completely deactivate the web service of Google Maps by switching off the application JavaScript in your browser. Google Maps and consequently the map display on this web page cannot be used. You can read the terms of use of Google under http://www.google.de/intl/de/policies/terms/regional.html.  You find the additional terms of use for Google Maps under https://www.google.com/intl/de_US/help/terms_maps.html.
Comprehensive information about data protection in connection with the use of Google Maps is on the web page of Google („Google Privacy Policy“): http://www.google.de/intl/de/policies/privacy/

Google Web Fonts

For the uniform depiction of fonts this website uses Web Fonts, provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). When calling up a page, your browser loads the required Web Fonts in your browser cache to display texts and fonts correctly. For that purpose the browser you use has to contact the servers of Google. By that procedure Google detects that our website has been called up by your IP address.

Google LLC, headquarters in the USA, is certified for the US-European data protection agreement „Privacy Shield“ ensuring that the data protection standard applicable in the EU is observed.

You find further information about Google Web Fonts under https://developers.google.com/fonts/faq and in the data protection statement by Google: https://www.google.com/policies/privacy/

Social Media Plugins

On our website, we use buttons („Plugins“) of social networks to allow you to use them to communicate with and about us. Those plugins allow several functions set by the different social networks.

The legal basis for the use of social media plugins with regard to processing personal data is

Art. 6 Par. 1 f GDPR. Our legitimate interest is the provision of interaction opportunities for the purpose of direct advertising (recital 47 GDPR) and the needs-based design of our web services for interaction with social networks you belong to.

For data protection reasons, we use Shariff Share Button

With Shariff you can use the integrated social media plugins without prejudice to your privacy.

„Shariff“ (ʃɛɹɪf) was developed by the German computer magazine c’t, allowing to integrate the share button in agreement with data protection and fulfilling the requirements of the General Data Protection Regulation (GDPR – directive (EU) 2016/679). Read further information about the Shariff project in Github-Projekt or on Informationsseite des c’t-Magazins.

The usual social media share buttons transmit your user data to the operator whenever you visit the website and give precise information about your behaviour on the visited website to the social networks (user tracking). That procedure takes place even if you are not logged in and do not be a member of the network. Compared with that, a Shariff button establishes the direct contact between a social network and the visitor only when the latter actively clicks the share button. In that way Shariff prevents that you leave a digital trace on each page you visit and improves data protection. Thanks to Shariff the display of the ”likes” is exclusively from our website.

Facebook

We use plugins of the social network „Facebook“, Menlo Park, CA 94025, USA (Facebook). You recognize the Facebook plugins by the Facebook logo or the “like” button on our website. Here you find an overview of all Facebook plugins: http://developers.facebook.com/docs/plugins/.

When you activate the plugin, a direct connection between your browser and the Facebook server is made by the plugin. By that Facebook gets the information that you have visited our website with your IP address. When you click the Facebook “like” button while you are logged in at your Facebook account, you can refer to contents of our pages in your Facebook profile.

We point out that we, as the provider of the pages, are not informed of the contents of the transferred data and their use by Facebook and that we are not responsible of data processing made by Facebook. You find further information in the data protection statement of Facebook  under http://de-de.facebook.com/policy.php

Google Plus

We use plugins of the social network „Google Plus“ of Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA. By means of the Google +1 button you can publish information worldwide. The button can be recognized e.g. by buttons with the sign "+1" on a white or colour background. You find an overview of the Google plugins and their design under the following link https://developers.google.com/+/plugins.

You and other users get personalized contents from Google and partner via the Google +1 button. Google stores information you have given for a +1 content as well as information about the page you visited when clicking +1. Your +1 content can be inserted as references together with your profile name and your photo in Google services, e.g. search results or your Google profile, or in any places on websites and announcements on the web.

Google records information about your +1 activity to optimize Google services for you and others. To be able to use the Google +1 button you need a worldwide visible, public Google profile that, at least, requires the name chosen for the profile. This name is used in all Google services. In some cases, this name can replace another name that you have used for sharing content via your Google account. The identity of your Google profile can be shown to users who know your e-mail address or have any identifying information about you.

In addition to the use explained before, the information provided by you is used in accordance with the Google data protection policies. Possibly, Google publishes summary statistics on the +1 activities of the users and transmits them to users and partners, e.g. publishers, advertisers or connected websites. We emphasize that we do not have any information about the content of the transferred data and their use by Google. For more information read the data protection statement of Google under https://www.google.com/policies/privacy/partners/?hl=de. Google complies with the EU-US privacy shield https://www.privacyshield.gov/EU-US-Framework.

Twitter

We use functions of the social network „Twitter“. They are provided by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the function

“Re-Tweet” the websites you visit are connected with your Twitter account and made known to other users. With that, data are transmitted to Twitter. When the users are members of the platform Twitter, Twitter can classify the retrieval of content and functions mentioned above as belonging to the user profiles. Twitter is certified under the privacy shield agreement and herewith guarantees compliance with the European data protection law.

(https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).

Data protection statement: https://twitter.com/de/privacy. You can prevent the personal reference
(Opt-Out): https://twitter.com/personalization.

LinkedIn

We use functions of the social network „LinkedIn“. They are provided by LinkedIn Ireland Limited, 77 Sir John Rogerson’s Quay, Dublin 2, Irland. By using the „InShare“ button the websites you visit are connected with your LinkedIn account and made known to other users. With that, data are transmitted to LinkedIn. We emphasize that we do not have any information about the content of the transferred data and their use by LinkedIn. For more information read the data protection statement of LinkedIn under http://www.linkedin.com/static?key=privacy_policy.

Xing

We use functions of the service „Xing“, operated by XING AG, Gänsemarkt 43, 20354 Hamburg, Germany. When you activate and use the plugin, your browser builds up a direct connection to the servers of Xing. The content of the plugin is transferred by Xing directly to your browser which integrates it into the website. By the activation of the plugin Xing gets the information that you have called up the relevant page of our web presence. When you are logged in at Xing, Xing can refer the visit to your Xing account. Purpose and extent of the data collection and further data processing and use by Xing and your rights in that context and setting possibilities for the protection of your privacy are explained in Xing’s data protection notes Datenschutzhinweisen von Xing.

Pinterest

We use functions of the social network „Pinterest“. They are provided by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA. When you use the Pinterest plugin, your browser builds up a direct connection to the servers of Pinterest Inc. which causes the download of a relevant Pinterest component by Pinterest. For more information about Pinterest read https://pinterest.com.

Within that procedure Pinterest gets information about your visit of the subpages of our website. When you are logged in at Pinterest simultaneously, Pinterest can classify each page visit as belonging to your Pinterest account and store these data and log data. The log data include your
IP address, the address of the visited websites with integrated Pinterest functions and the activities (e.g.  „remember“ button), search history, type and setting of the browser, date and time of your visit, your manner of use of Pinterest, and cookie and device data. In case you do not want such a classification and storage, you have to log out of your Pinterest account before. You can retrieve the data protection policy on personal data collection, processing and use by Pinterest under

https://policy.pinterest.com/de/privacy-policy .

Rights of the data subject 

In case personal data belonging to you are processed, you are the data subject (in the sense of GDPR)  and you have the following rights against the controller:

Right of access (Art. 15 GDPR) – You have the right to obtain from us, the controller, a confirmation whether we process personal data concerning your person.

In case of processing you have the right to obtain the following information from us: the purposes for which the personal data are processed; the categories of personal data which are processed; the recipients or categories of recipients to whom the personal data relating to your person were or have been disclosed; the planned period of storage of personal data relating to your person or, in case concrete details cannot be given, criteria for the determination of the storage period; the existence of a right to rectification or erasure of personal data relating to your person, a right to restriction of processing by the controller, or a right to opposition against personal data processing; the existence of a right to appeal with a supervisory authority; all available information about the origin of the data in case the personal data were not collected from the data subject; the existence of automated  decision making inclusive of profiling in accordance with Art. 22 Par. 1 and 4 GDPR; and – at least in those cases – convincing information about the logic involved and the consequences and the intended effects of such processing for the data subject. You also have the right to know whether the personal data relating to your person are transferred to a third country or an international organization. In that context: you can demand information about the relevant guarantees in accordance with Art. 46 GDPR referring to the transfer.

Right to rectification (Art. 16 GDPR) – You have the right to prompt rectification and/or completion against the controller in case the processed personal data relating to your person are incorrect or incomplete.

Right to erase (be forgotten) (Art. 17 GDPR) – You have the right to demand that we, the controller, erase personal data relating to your person without delay. In that case we are obliged to erase the data without delay, if one of the following reasons applies: (1) The personal data relating to your person are no longer required for the purposes for which they were collected or processed in any way. (2) You revoke your consent which was the base of processing in accordance with Art. 6 Par. 1 lit. a or Art. 9 Par. 2 lit. a GDPR, and there is no other legal basis of processing.
(3) You make an objection against processing in accordance with Art. 21 Par. 1 GDPR, and there are no priority legitimate reasons of processing, or you make an objection against processing in accordance with Art. 21 Par. 2 GDPR. (4) The personal data relating to your person were processed unlawfully. (5) The erasure of the personal data relating to your person is required to fulfil a statutory obligation in accordance with Union or Member State law the controller is bound to. (6) The personal data relating to your person were collected with regard to services provided by the information company in accordance with Art. 8 Par. 1 GDPR.

In case we have made public the personal data relating to your person and are obliged to their erasure in accordance with Art. 17 Par. 1 GDPR, we take suitable steps – in consideration of the available technologies and the costs of implementation –, technical measures included, to inform the controller processing personal data that you as the data subject have demanded that we make sure that all links to these personal data or copies or replications of these personal data are erased.

The right to erasure is not applicable if processing is required (1) to execute the right to freedom of expression and information; (2) to fulfil a statutory obligation that requires processing in accordance with Union or Member State law the controller is bound to, or to perform a mission in the public interest or to exercise official authority devolved on the controller; (3) for reasons of public interest in the field of public health in accordance with Art. 9 Par. 2 lit. h and i and Art. 9 Par. 3 GDPR; (4) for archives purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Par. 1 GDPR, provided the right mentioned under section a) probably will prevent or seriously hinder the implementation of the goals of processing; or (5) for the assertion, execution or defence of legal entitlements.

Right to restriction of processing (Art. 18 GDPR) – You can require the restriction of processing of the personal data relating to your person under the following conditions: When you reject the accuracy of the personal data relating to your person for a period that allows the controller to verify the accuracy of your personal data; when processing is unlawful and you reject the erasure of your personal data and instead demand the restriction of the use of your personal data; when the controller does not require your personal data for the purpose of processing any longer, whereas you need them for the assertion, exercise and defence of legal rights; or when you have made an objection against processing in accordance with Art. 21 Par. 1 GDPR and it has not yet been clarified whether the legitimate reason of the controller outweigh your reasons.

In case processing of the personal data relating to your person has been restricted, processing these data – except for their storage – is permitted only with your agreement or to assert, exercise or defend legal rights or to protect the rights of another natural or legal person or due to reasons of an important public interest of the European Union or a Member State. In case processing has been restricted under the conditions mentioned before, you will be informed by the controller prior to lifting the restriction.

Right to information (Art. 19 GDPR) – When you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients, to whom the personal data relating to your person were disclosed, about the rectification or erasure of the data or the restriction of processing, provided that is not infeasible or the expenditure is not extremely excessive. You have the right against the controller to be informed about the recipients.

Right to data portability (Art. 29 GDPR) – You have the right to receive the personal data relating to your person that you have made available to the controller in a structured, conventional and machine-readable format. In addition you have the right to transfer these data to another controller without hindrance by the controller you have provided with your personal data, if (1) processing is based on an agreement in accordance with Art. 6 Par. 1 lit. a GDPR or Art. 9 Par. 2 lit. a GDPR or is based on a contract in accordance with Art. 6 Par. 1 lit. b GDPR and processing is made with an automated procedure.

With the exercise of this right, you further have the right to achieve that the personal data relating to your person are directly transferred by a controller to another controller, provided that is technically feasible. It is not permitted to restrict the freedom and rights of other persons by that procedure. The right to data portability does not apply to processing of personal data required for fulfilling missions which are in the public interest or for the exercise of official authority devolved on the controller.

Right to opposition 

You have the right, for reasons resulting from your particular situation, at any time, to make an objection against processing the personal data relating to your person and made on the basis of Art. 6 Par. 1 lit. e or f GDPR; that also applies to a profiling on the basis of these terms.

In case you exercise your right to opposition, we stop processing the personal data relating to your person, unless we can establish proof of compelling reasons worthy of protection for processing that outweigh your interests, rights and freedom, or processing is important for the assertion, exercise or defence of legal rights.

In case your personal data are used for direct advertising, you have the right at any time to make an objection against processing the personal data relating to your person for the purpose of such advertising; that also applies to profiling as far as it is connected with such advertising. In case you object to processing for purposes of direct advertising, the personal data relating to your person will no longer be processed for those purposes.

In the context of the use of services of the information company, you have the possibility to exercise your right to opposition by means of automated procedures applying technical specification – despite the directive 2002/58/EC.

Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of the consent does not affect the legitimacy of processing made on the basis of the consent until the revocation.

Automated decision in the individual case inclusive of profiling

You have the right not to be bound to a decision exclusively based on automated processing – inclusive of profiling - that subjects you to legal effects or restricts you considerably. That does not apply (1) when the decision is required for the completion or the fulfilment of a contract between you and the controller, (2) when it is admissible due to statutory provisions of the European Union or the Member States the controller is subject to and these statutory provisions include appropriate measures to protect your rights and freedoms and your legitimate interests, or (3) when it is based on your explicit consent.

However, it is not permitted that such decisions are based on special categories of personal data in accordance with Art. 9 Par. 1  GDPR, unless Art. 9 Par. 2 lit. a or g does apply and appropriate measures for the protection of the rights and freedoms and your legitimate interests were taken. With regard to the cases mentioned in (1) and (3), the controller takes suitable steps to protect the rights and freedoms and your legitimate interests which at least includes the right to obtain the intervention by a person on behalf of the controller, the explanation of the own point of view and  contesting the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or legal remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, your workplace or the location of the presumed breach if you are of the opinion that your personal data are processed in a manner violating the GDPR. The supervisory authority with which the complaint has been lodged will inform the complainant about the state and the results of the complaint inclusive of the possibility of legal remedies in accordance with Art. 78 GDPR.

Further data protection information 

In case you have further questions concerning data protection, do not hesitate to contact us. You find our contact data under numeral 2 of this data protection statement and in our imprint.