Data protection declaration

 

I.        Name and address of the data controller

The data controller as defined by the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as any other data protection provisions is:

 

Paul Reber GmbH + Co. KG
Ludwigstraße 10- 12
83435 Bad Reichenhall
Germany
Telefon: +49 (0) 8651 60 03 0
Fax: +49 (0) 8651 6003 73
E-Mail: info@reber.com
Website: www.reber.com

 

 

II.       Name and address of the data protection officer

The data protection officer of the data controller is:

 

Lukas W. Mempel
LS-IP Loth & Spuhler Intellectual Property Law
Partnerschaft von Rechtsanwälten mbB
Garmischer Straße 35
81373 München
Deutschland
Telefon: +49 89 48 90 250
Fax: +49 89 48 90 2510
E-Mail: info@ls-ip.com
Website: www.ls-ip.com

 

 

III.      General information on data processing

1.       Scope of the processing of personal information

We collect, save and use the personal data of visitors to our website (users) and customers only to the extent that this is required to provide an operational website and content and services. The collection and use of the personal data of our users, customers and business partners takes place regularly and only after they have given their consent. An exception to this would be if prior consent is impossible under the circumstances and processing the data is permitted by law. If you have granted us your express consent, your personal data will be stored beyond the duration of the transaction and used for personalised information about our products or offers as well as for internal evaluations and analyses (internal evaluation of the order processes, sending advertising).

 

2.       Legal basis for the processing of personal information

If we obtain consent to processing personal data from the affected person, then Art. 6, para. 1(a) of the GDPR shall serve as the legal basis for processing personal data.

If personal information which is required to process a contract - a party of which is the person affected - is processed, then Art. 6, para. 1(b) of the GDPR shall form the legal basis. This also applies to processes which are required to implement pre-contractual measures.

If the processing of personal data is required to fulfil a legal obligation to which our company is subject, then Art. 6, para. 1(c) of the GDPR shall serve as the legal basis.

In cases where processing personal data is required due to vitally important interests of the affected person or another natural person, then Art. 6, para. 1(d) of the GDPR shall serve as the legal basis.

If processing is required to protect a legitimate interest of our company or a third party, and if the interests, basic rights and basic freedoms of the person affected do not take precedence over the former interest, then Art. 6, para. 1(f) of the GDPR shall serve as the legal basis for processing.

 

3.       Deletion of data and storage duration

The personal data of the affected person is deleted or locked as soon as there is no longer a purpose for its storage. There might also be a longer storage period if this has been stipulated by the European or national legislator in community orders, laws or other regulations to which the data controller is subject. The data is also locked or deleted if the storage duration stipulated by the cited standards has expired, unless there exists a requirement to continue to store the data for the conclusion or fulfilment of a contract.

 

4.       SSL encryption

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send us as operator of the site. An encrypted connection can be identified through a change from “http://” to “https://” and the lock symbol in the address bar.

If SSL encryption is activated, then data you send to us cannot be read by third parties.

 

IV.     Provision of the website and creation of logfiles

1.       Description and scope of data processing

Every time our website is accessed, our system automatically collects data and information from the system of the computer gaining access.

 

The following information is collected:

•IP address of the user,
• Date and time of access

The data are also stored in the logfiles of our system. This data is not stored together with other personal information of the user.

In the provision of our website and the associated processing of your personal data, we use carefully selected external service providers. This currently concerns:

  • Hosting-Provider: Hetzner Online GmbH
  • Website system administration
  • Web agency

 

These service providers are only permitted to process the personal data upon our instruction for the purpose we have stipulated within the scope of an agreement on order data processing in accordance with Art. 28 GDPR and have agreed to comply with applicable data protection provisions.

The data cannot be used in any other way. The data is processed exclusively in the Federal Republic of Germany, a member state of the European Union or in a member state of the European Economic Area.

 

2.       Legal basis for the processing of data

The legal basis for the temporary storage of data and the logfiles is Art. 6, para. 1(f) GDPR.

 

3.       Purpose of data processing

The system temporarily storing the IP address is required to allow the delivery of the website to the computer of the user. To do this, the IP address of the user has to be stored for the duration of the session.

 

Storage in logfiles occurs to ensure the functionality of the website. In addition, the data serves to optimise the website and maintain the security of our IT systems. In this context, the data is not assessed for marketing purposes.

 

For these purposes, there is a legitimate interest in data processing in accordance with Art. 6, para. 1(f) GDPR.

 

4.       Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Data that is stored in the provision of the website is deleted once the session ends.

 

Data that is stored in logfiles is deleted at the latest after one month. Storage beyond this point is possible. In this case the IP addresses of the users are deleted or anonymised so that the accessing client can no longer be identified.

 

5.       Right of objection and disposal possibility

The recording of the data in the provision of the website and the storage of the data in logfiles is absolutely essential for the operation of the website. Consequently, users do not have a right of objection.

 

V.      Use of cookies

1.       Description and scope of data processing

If you have expressly approved the use of cookies, then cookies are used on our website. Cookies are text files which are stored in the Internet browser or by the Internet browser on the computer system of the user. If a user accesses a website, then a cookie can be stored on the operating system of the user. This cookie contains a characteristic series of characters which allows clear identification of the browser when the website is accessed again.

We use cookies to make our website more user friendly. A number of elements of our website require the accessing browser to be identifiable even after you have navigated to a different site.

The following data are stored and transmitted in the cookies:

• General browser identification,
• IP address

When accessing our website, the user is informed about the use of cookies and their consent is obtained to process the personal data used in this context. Here, reference is also drawn to this data protection declaration.

 

2.       Legal basis for the processing of data

The legal basis for the processing of personal data using cookies required for technical purposes is Art. 6, para. 1(f) GDPR.

 

3.       Purpose of data processing

The purpose of the use of cookies is to simplify the use of websites for users. Some of the functions of our website cannot be provided without the use of cookies. For such functions, the browser has to be recognised again after changing pages.

The user data collected using cookies are not used to create user profiles.

For these purposes, there is a legitimate interest in personal data processing in accordance with Art. 6, para. 1(f) GDPR.

 

4.       Duration of storage, right of objection and disposal possibility

You can avoid the use of cookies by not consenting to their use.

 

Cookies are stored on the computer of the user and sent to our site from it. As a user, you also have complete control of the use of cookies. By changing the settings in your Internet browser you can deactivate or restrict the transmission of cookies. Cookies which have already been saved can be deleted at any time. This can also be automated. If cookies are deactivated for our website, then not all functions of the website can be used to their full capability.

In addition, you can prevent the storage of cookies by making an appropriate setting in your browser. However, we would like to point out that if you do so, you might not be able to use all functions of this website in full. You can also prevent the collection of the data created by the cookie and the data which references the use of the website - including your IP address - by Google as well as the processing of this data by Google by downloading and installing the browser plugin available via the following link:  https://tools.google.com/dlpage/gaoptout?hl=de.

 

 

VI.     Newsletter

1.       Description and scope of data processing

If you register as a customer on our website and enter your email address, this can result in us sending you a newsletter. If we do, the newsletter will contain direct advertising for a number of similar goods or services.

 

In terms of the processing of data, your consent is obtained during the registration process and reference is also drawn to this data protection declaration.

 

In connection with the processing of data to send newsletters, the following people and/or companies have access to the data:

  • Newsletter dispatch company
  • Web agency

 

The data is used exclusively for sending the newsletter.

 

2.       Legal basis for the processing of data

The legal basis for the processing of the data after the customer has registered for the newsletter is the existence of the customer's consent in accordance with Art. 6, para. 1(a) of the GDPR.

 

3.       Purpose of data processing

The email address of the customer is recorded to send the newsletter.

 

4.       Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The email address of the customer is stored for the duration that the customer's subscription to the newsletter remains active.

 

5.       Right of objection and disposal possibility

The customer can cancel their subscription to the newsletter at any time. There is a corresponding link in every newsletter.

 

VII.    Registration

1.       Description and scope of data processing

On our website we allow new customer registrations by entering personal data. Registration involves entering data in an input form, which is then sent to us and stored.

 

a.       Registering as a customer

The following data is stored when registering as a customer:

• Name, first name,

• Company (for business clients),

• Adress,

• Telephone number,

• Fax number,

• Email address,

• VAT number (for business clients),

 

The following data is also saved upon registration:

• IP address,

• Date and time of registration

 

The consent of the customer to process the data is obtained during the registration process.

 

b.      Sending the personal data

As part of the registration process and the associated processing of your personal data, we use carefully selected external service providers. This currently concerns:

  • Hosting-Provider: Hetzner Online GmbH
  • Website system administration
  • Web agency

 

These service providers are only permitted to process the personal data upon our instruction for the purpose we have stipulated within the scope of an agreement on order data processing in accordance with Art. 28 GDPR and have agreed to comply with applicable data protection provisions.

 

The data cannot be used in any other way. The data is processed exclusively in the Federal Republic of Germany, a member state of the European Union or in a member state of the European Economic Area.

 

If we receive an enquiry about points of sale, you - as a business customer - declare that you agree to the following data being passed to those who made the enquiry:

• Name, first name,

• Company,

• Adress,

• Telephone number,

• Fax number,

• E-mail address

 

2.       Legal basis for the processing of data

The legal basis for the processing of the data is the existence of the customer's consent in accordance with Art. 6, para. 1(a) GDPR.

 

3.       Purpose of data processing

Above all, registration allows authentication as a Reber customer. After successful verification, certain content and services are provided to the customer on our website, such as a download portal, advertising material, training, online shop, etc.

 

Registration of the customer serves to fulfil a contract with the customer or to implement pre-contractual measures.

Customers have the opportunity to order products from our website. After we receive the order, we send this to the customer. Recording the surname, first name, company and address is required to process the respective order.

The collection of the telephone number, fax number and email address takes place in order to make contact with the customer, e.g. for follow-up questions or to answer the customer's questions.

For business customers, recording the VAT number is required in accordance with Section 14a, para. 1 German VAT Act.

 

4.       Duration of storage

The data recorded during the registration process is deleted if registration on our internet site is discontinued or altered.

 

5.       Right of objection and disposal possibility

You may deregister at any time. The data about you can be altered at any time in the "My Account" area, where you can also delete the account. Your account is deleted on our website by providing your email address and password as confirmation.

 

If the data is required to fulfil a contract or to implement pre-contractual measures, then early deletion of the data is only possible providing contractual or legal obligations would prevent deletion.

 

VIII.   Order and contract conclusion following successful registration

1.       Description and scope of data processing

You can order and acquire products via our online shop, either as a guest or following registration on our website.

 

For us to receive and process an order following registration, the following additional data is recorded and saved:

• Products,

• Price,

• Order date,

• Order time,

• Invoice date,

• Delivery date,

• Payment type with any bank details (direct debit, fast transfer, credit card, PayPal),

• Device type.

 

For us to receive and process a guest order, the following additional data is recorded and saved:

• Name, first name,

• Company (for business clients),

• Adress,

• Telephone number,

• Fax number,

• Email address,

• VAT number (for business clients),

• Products,

• Price,

• Order date,

• Order time,

• Invoice date,

• Delivery date,

• Payment type with any bank details (direct debit, fast transfer, credit card, PayPal),

• Device type.

 

To receive and process an order and for the associated processing of your personal data, we use carefully selected external service providers. This currently concerns:

  • Hosting-Provider: Hetzner Online GmbH
  • Website system administration
  • Web agency

 

These service providers are only permitted to process the personal data upon our instruction for the purpose we stipulate within the scope of an agreement on order data processing in accordance with Art. 28 GDPR and have agreed to comply with applicable data protection provisions.

 

The data cannot be used in any other way. The data is processed exclusively in the Federal Republic of Germany, a member state of the European Union or in a member state of the European Economic Area.

 

2.       Legal basis for the processing of data

The legal basis for the processing of the data is the existence of the customer's consent in accordance with Art. 6, para. 1(a) of the GDPR.

 

If the processing of the data serves to fulfil a contract, a party of which is the customer, or the implementation of pre-contractual measures, then an additional legal basis for the processing of the data is Art. 6, para. 1(B) GDPR.

 

3.       Purpose of data processing

After we receive the order, we send the products to the customer. Recording the surname, first name, company, address, VAT ID number and payment type with any bank details (direct debit, fast transfer, credit card, PayPal) is required to process the respective order.

The telephone number, fax number and email address are collected in order to make contact with the customer, e.g. for follow-up questions or to answer the customer's questions.

For business customers, recording the VAT number is required in accordance with Section 14a , para. 1 German VAT Act.

 

4.       Duration of storage

The data of a particular order (products, price, order date and order time, invoice data, delivery date) is deleted ten years after the complete processing of the order.

The customer data (name, first name, company, address, telephone number, fax number, e-mail address, VAT ID number and all other data saved at the point in time of the registration) is deleted ten years after the complete processing of the last order.

 

IX.     Use of Google reCAPTCHA

1.       Description and scope of data processing

We also use Google reCAPTCHA on our website. The provider of this programme is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

Google reCAPTCHA checks whether the data on our website was input by a human or an automated program. To achieve this Google analyses the behaviour of the visitor to the website in respect of various characteristics. This analysis begins automatically as soon as the visitor to the website accesses the website. In the analysis Google reCAPTCHAanalyses various pieces of information (e.g. IP address, length of visit to the website or mouse movements carried out by the user). The data recorded in the analysis is sent to Google.

 

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is being carried out.

 

2.       Legal basis for the processing of data

The processing of data takes place on the basis of Art. 6, para. 1(f) GDPR. The website operator has a legitimate interest to protect the material on their website against improper automated snooping and spam.

 

3.       Purpose of data processing

The data is processed to protect the website against improper automated snooping and spam.

 

4.       Additional information

You can find additional information on Google reCAPTCHA as well as the data protection declaration of Google by visiting the followig links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

 

X.      Use of Google Analytics

1.       Description and scope of data processing

If you have given your express consent to the use of Google Analytics, then this website will use the functions of the website analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

Google Analytics uses cookies. These are text files which are saved on your computer and allow an analysis of how you use the website. The information produced by the cookie on your use of this website is routinely sent to a Google server in the USA and saved there.

 

On this website we have activated the IP anonymisation function. This means that within member states of the European Union and in other member states of the European Economic Area Google will shorten your IP address before sending it to the USA. Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there. Google uses this information on behalf of the operator of this website in order to analyse use of the website, compile reports on website activities and to provide to the website operator with additional services associated with use of the website and Internet. The IP address sent by your browser within the scope of Google Analytics is not combined with other data held by Google.

You can find more information on how user data is handled with Google Analytics in the data protection declaration of Google: https://support.google.com/analytics/answer/6004245?hl=en.

We have concluded a contract with Google on the processing of order data and adhere to the strict rules of the German data protection authorities in the use of Google Analytics.

 

2.       Legal basis for the processing of data

The saving of Google Analytics cookies is carried out on the basis of Art. 6, para. 1(a) GDPR.

 

3.       Purpose of data processing

The purpose of processing the data is to optimise our website offering as well as advertising.

 

4.       Right of objection and disposal possibility

You can avoid the use of cookies by not consenting to the use of Google Analytics.

 

In addition, you can prevent the storage of cookies by making an appropriate setting in your browser. However, we would like to point out that if you do so, you might not be able to use all functions of this website in full. You can also prevent the collection of the data created by the cookie and the data which references the use of the website - including your IP address - by Google as well as the processing of this data by Google by downloading and installing the browser plugin available via the following link:  https://tools.google.com/dlpage/gaoptout?hl=de.

 

You can prevent your data being recorded by Google Analytics by clicking on the following link. It sets an opt-out cookie which prevents your data being recorded on future visits to this website: Deactivate Google Analytics.

 

XI.     Use of Google Web Fonts

1.       Description and scope of data processing

To provide consistency in the representation of fonts our website uses web fonts provided by Google. When accessing a page, your browser loads the requisite web fonts to the browser cache to display texts and fonts correctly.

In order to do this, the browser you use must establish a connection to Google servers. In this way Google finds out that our website was accessed via your IP address.

If your browser does not support web fonts, a standard font is used by your computer.

 

2.       Legal basis for the processing of data

Google web fonts are used to achieve a consistent and attractive representation of our online offering. This is a legitimate interest in accordance with Art. 6, para. 1(f) GDPR.

 

3.       Purpose of data processing

The purpose of processing the data is to make our online offering consistent and attractive.

 

4.       Additional information

You can find additional information on Google Web Fonts at  https://developers.google.com/fonts/faq and in the data protection declaration of Google: https://www.google.com/policies/privacy/.

 

 

XII.    Use of social media plugins

1.       Description and scope of data processing

If you have granted your express consent, then the website uses the following plugin:

Facebook, operator of the site is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland;

If you visit our website and expressly consent to the transmission of your personal data, then a connection is established with the servers of the aforementioned websites. When doing so the respective server receives information about which of our pages you have visited.

If you are logged into your Facebook account, then you allow the operator of the respective website to associate your browsing habits directly to your personal profile.

 

2.       Legal basis for the processing of data

The use of Facebook is with your consent on the basis of Art. 6, para. 1(a) GDPR.

 

3.       Purpose of data processing

Facebook is used to achieve an attractive representation of our online offering.

 

4.       Additional information

You can find additional information on the use of user data in the following data protection declaration:

Facebook: https://www.facebook.com/privacy/explanation

 

5.       Purpose of data processing

The purpose of processing the data is to optimise our website offering as well as advertising.

 

6.       Right of objection and disposal possibility

You can prevent the operators of the aforementioned websites from associating your browsing history directly to your personal profile by not consenting to the transmission of this data.

If you are logged into your Facebook account, then you allow the operator of the respective website to associate your browsing habits directly to your personal profile. You can also prevent this by logging out of your Facebook account.

 

XIII.   Establishing contact, ordering and/or other assumption of business via contact form, e-mail, letter or telephone

1.       Description and scope of data processing

Instead of registering on our website, contact or an order can also be made via a contact form on our website or via e-mail, letter or telephone.

There is a contact form on our website which can be used for establishing contact electronically. If you use this option, then the data input into the form is sent to us and stored. This data includes:

• Name, first name,

• Adress,

• Telephone number,

• Email address,

• VAT number (for business clients),

 

The following data is also saved upon sending the message:

• The IP address of the user

• Date and time of contact

 

In terms of the processing of data, your consent is obtained during the sending process and reference is also drawn to this data protection declaration.

 

If you make contact with us by e-mail, letter or telephone, your personal data sent by e-mail, letter or telephone is saved. The same applies if we acquire goods and/or services from you.

 

To accept and process an order as well as a contract, with which we acquire goods and/or services from you, and the associated processing of your personal data, we utilise carefully selected external service providers. This currently concerns:

  • Hosting-Provider: Hetzner Online GmbH
  • Website system administration
  • Web agency

 

These service providers are only permitted to process the personal data upon our instruction for the purpose we stipulate within the scope of an agreement on order data processing in accordance with Art. 28 GDPR and have agreed to comply with applicable data protection provisions.

 

The data cannot be used in any other way. The data is processed exclusively in the Federal Republic of Germany, a member state of the European Union or in a member state of the European Economic Area.

 

2.       Legal basis for the processing of data

The legal basis for the processing of the data is the existence of the data subject's consent in accordance with Art. 6, para. 1(a) of the GDPR.

 

The legal basis for the processing of data which is provided to establish contact via a form, an email, letter or the telephone is Art. 6, para. 1(f) GDPR. If it involves an order or if the e-mail, letter or telephone call seeks to conclude a contract, then an additional legal basis for the processing is Art. 6, para. 1(b) GDPR.

 

3.       Purpose of data processing

The processing of the personal data from the contact form, the email, the letter or the telephone call serves solely to enable us to make contact. There must also be a legitimate interest in the processing of the data.

 

The personal data processed in connection with the contact form upon dispatch serves to prevent misuse of the contact form and to ensure the security of our IT systems.

If an order is placed, recording the surname, first name, company and address is required to process the respective order.

The collection of the telephone number, fax number and email address is required in order to make contact with you, e.g. for follow-up questions or to answer questions.

For business customers, recording the VAT number is required in accordance with Section 14a , para. 1 German VAT Act.

Recording the date of birth takes place to clearly identify the respective person and to ensure they may legally carry out a transaction. The birthday is also recorded in order to send the respective person birthday greetings.

 

4.       Duration of storage

If only contact is established (no order), the data recorded is deleted once the respective conversation has ended. The conversation is deemed to be over if, given the circumstances, it can be assumed that the given topic has concluded.

The data of a particular order (products, price, order date and order time, invoice data, delivery date) is deleted ten years after the complete processing of the order.

The customer data (name, first name, company, address, telephone number, fax number, e-mail address, VAT ID number and all other data saved at the point in time of the registration) is deleted ten years after the complete processing of the last order.

The business partner data (name, first name, company, address, telephone number, fax number, e-mail address, VAT ID number and all other data saved at the point in time of contact) is deleted ten years after the complete processing of the last order.

 

5.       Right of objection and disposal possibility

You can revoke your consent to personal data being processed at any time. If you have established contact with us through a contact form, e-mail , letter or the telephone, then you can inform us you do not wish your personal data to continue to be stored at any time. In such cases the conversation cannot be continued.

The revocation of consent and objection to storage can be implemented by e-mail, letter or telephone by using the contact data cited under I of this data protection declaration.

In such a case, all personal data which is stored whilst establishing contact and/or placing an order is deleted.

 

XIV.   Rights of the data subject

If personal data has been processed by you, then you are the data subject in accordance with the GDPR and you are entitled to the following rights in respect of the data controller:

 

1.       Right of access

You can request confirmation from the data controller concerning whether personal data about you is processed by us.

 

If such processing takes place, then you can request from the data controller the following information:

(1)          the purposes for which personal data is processed;

(2)          the categories or personal data which is processed;

(3)          the recipients or the categories of recipient to whom the personal data about you has been shown or will be shown;

(4)          the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;

(5)          the existence of a right to the correction or deletion of the personal data which affects you, a right to the limitation of processing by the data controller or the right to object to this processing;

(6)          the existence of a right to complain to a supervisory authority;

(7)          all available information about the origin of the data if the personal data has not been collected from the data subject;

(8)          the existence of an automated decision making process including profiling in accordance with Art. 22, para. 1 and 4 GDPR and - at least in these cases - convincing information about the logic involved as well as the reach and desired effects of such processing in respect of the data subject.

 

You have the right to obtain information about whether the personal data about you is passed to a non-EU country or an international organisation. In this context, you can request that you are informed about appropriate guarantees in accordance with Art. 46 GDPR in connection with the passing of this data.

 

2.       Right of correction

In respect of the data controller, you have the right to correction and/or completion provided the processed personal data concerning you is incorrect or incomplete. The data controller must make the correction without delay.

 

3.       Right to the limitation of processing

You can request that processing of personal data about you is limited under the following conditions:

(1)          if you contest the accuracy of the personal data about you for a period of time which allows the data controller to check the accuracy of the personal data;

(2)          processing is unlawful and you reject the deletion of the personal data and instead request the limitation of use of the personal data;

(3)          the data controller no longer requires the personal data for the purposes of processing, however you need it to assert, exercise or defend legal claims; or

(4)          if you have entered an objection in accordance with Art. 21, para. 1 GDPR and it is not yet clear whether the legitimate rights of the data controller take precedence above yours.

 

If the processing of the personal data about you has been limited, then this data - irrespective of its storage - is only allowed to be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal entity or for reasons of substantial public interest of the European Union or a member state.

 

If restrictions to processing have been imposed in accordance with the above requirements, then you will be informed by the data controller before the limitation is lifted.

 

4.       Right of deletion

a.       Deletion obligation

You can make a request to the data controller that the personal data about you is deleted without delay and the data controller must delete this data immediately if one of the following reasons applies:

(1)          The personal data about you is no longer required for the purposes for which it was collected or otherwise processed.

(2)          You revoke your consent on which processing - in accordance with Art. 6, para. 1(a) or Art. 9, para. 2(a) GDPR - rests and there is no other legal basis for processing.

(3)          You raise an objection in accordance with Art. 21, para. 1 GDPR against processing and there are no overriding legitimate interests for processing, or you raise an objection in accordance with Art. 21, para. 2 GDPR.

(4)          The personal data about you has been processed unlawfully.

(5)          The deletion of the personal data about you is required to meet a legal obligation in accordance with EU law or the laws of a member state to which the data controller is subject.

(6)          The personal data about you has been collected in relation to the information society services offered in accordance with Art. 8, para. 1 GDPR.

 

b.      Information to third parties

If the person responsible for the data has published personal data about you and if they have to delete it in accordance with Art. 17, para. 1 GDPR, then they shall carry out the measures required - taking into consideration the technologies available and cost - to inform the data controller responsible for the processing of the data that you - as the data subject - have requested from them the deletion of all links to this personal data as well as copies or duplications of this personal data.

 

c.       Exceptions

There is no right to deletion if processing is required:

(1)          to exercise the right to freedom of expression and information;

(2)          to fulfil a legal obligation which requires data processing in accordance with EU law or the law of the member states to which the data controller is subject, or to carry out a task that is in the public interest or to exercise public authority which has been transferred to the data controller;

(3)          for reasons of public interest in the area of public health in accordance with Art. 9, para. 2(h) and i as well as Art. 9, para. 3 GDPR;

(4)         for archiving purposes which are in the public interest, scientific or historic research purposes or for statistical purposes in accordance with Art. 89, para. 1 GDPR, provided the right cited under a) is likely to make achieving the objectives of this processing impossible or seriously impedes them; or

(5)          to assert, exercise or defend legal claims.

 

5.       Right of information

If you have asserted against the data controller a right to correction, deletion or limitation of processing, then they must inform all recipients to whom the data has been made available about this correction, deletion or limitation, unless this would be impossible or would incur a disproportionate cost.

 

You have the right to be informed by the data controller about these recipients.

 

6.       Right of data portability

You have the right to receive the personal data that you have provided to the data controller in a structured, regular and machine-readable format. You also have the right to pass this data to another responsible party without hindrance from the data controller to whom the data was provided if:

 

(1)          processing is based on consent in accordance with Art. 6, para. 1(a) GDPR or Art. 9, para. 2(a) GDPR or a contract in accordance with Art. 6 para. 1(b) GDPR.

(2)          processing takes place using automated procedures.

 

In exercising this right you have the additional right for the personal data about you to be passed directly from one data controller to another providing that this is technically feasible. This must not infringe upon the freedoms and rights of other persons.

 

The right to data portability does not apply to the processing of personal data passed to the data controller which is required to carry out a task, is in the public interest or is carried out to exercise public authority.

 

7.       Right of objection

For reasons arising from your particular situation, you have the right to file an objection to the processing of the personal data about you which takes place on the basis of Art. 6, para. 1(e) or (f) GDPR. This also applies to profiling based on these provisions.

The data controller will no longer process the personal data about you unless they can provide compelling legitimate grounds for processing which take precedence over your interest, rights and freedoms, or processing serves to assert, exercise or defend legal claims.

If the personal data about you is processed in order to carry out direct advertising, then you have the right at any time to file an objection against the processing of the personal data about you for the purposes of such advertising. This also applies to profiling if it is in connection with such direct advertising.

If you file an objection to processing for the purposes of direct advertising, then the personal data about you will no longer be processed for these purposes.

In connection with the use of information society services - irrespective of directive 2002/58/EC - you can file your objection using an automated procedure for which technical specifications are used.

 

8.       Right to revoke your declaration of consent under data protection laws

You have the right to revoke your declaration of consent at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of the consent until its revocation.

 

9.       Automated decision in an individual case including profiling

You have the right to be subject to a decision that is not solely based on automated processing - including profiling - which has legal effect on you or significantly restricts you in a similar way. This does not apply if the decision:

(1)          is required to conclude or fulfil a contract between you and the data controller;

(2)          is permitted on the basis of legal regulations of the European Union or member states to which the data controller is subject and these legal regulations contain appropriate measures to protect your rights and freedoms as well as your legitimate interests.

(3)          is made with your express consent.

 

However, these decisions must not be based on special categories of personal data in accordance with Art. 9, para. 1 GDPR provided Art. 9, para. 2(a) or (g) GDPR does not apply and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.

 

In respect of the cases cited in (1) and (3) the data controller will take appropriate measures to protect your rights and freedoms as well as your legitimate interests, and this shall include at a minimum: the right to effect the intervention of a person on the part of the data controller, to represent their position and to challenge the decision.

 

10.     Right to complain to a supervisory authority

Irrespective of another judicial remedy or a remedy under administration law, you have the right to complain to a supervisory authority in particular in the member state of your country of residence or work, or the location of the alleged breach provided you believe that the processing of the personal data about you contravenes the GDPR.

 

The supervisory authority that receives the complaint will inform the complainant about the status and results of the complaint including the possibility of judicial remedy in accordance with Art. 78 GDPR.