Privacy Policy

A. Responsibility

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature, is:

Ilknur Özen
Verlag & Galerie Vollherzig
Menzelstrasse 7
D-55127 Mainz

Phone: +49 6131 6331277
E-mail: denkstahl@vollherzig.de

Tax number: 26/220/11827
USt-IdNr.: DE 243409895

B. General information on data processing

The operator of this website takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

We only collect and use personal data of our users insofar as this is necessary for the provision of a functional website and our content and services.

The collection and use of our users’ personal data only takes place with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

The rights of the data subjects can be found under point D.

C. Legal basis for processing personal data

The legal basis for the processing of personal data is Article 6 of the EU General Data Protection Regulation (hereinafter referred to as GDPR).

In detail:

When processing personal data with the prior consent of the data subject, Art. 6 lit. a. GDPR is the legal basis for the processing operations.

Insofar as personal data is processed that is required for the performance of a contract or pre-contractual measures to which the data subject is a party, Art. 6 I lit. b. GDPR is the legal basis.

Art. 6 I lit. c. GDPR serves as the legal basis insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject. Art. 6 I lit. d. GDPR serves as the legal basis if the vital interests of the data subject or another natural person require the processing of personal data.

Insofar as processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Article 6 Paragraph 1 lit. f. GDPR as the legal basis for processing.

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data in order to conclude or fulfill a contract.

1. Server log files

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

The following data is collected:
– browser type and version
– the operating system used
– referal URL
– Host name of the accessing computer
– time of the server request

The data is stored in the log files of our system.

This does not affect the user’s IP addresses or other data that enable the data to be assigned to a user. These data cannot be assigned to specific persons. This data will not be merged with other data sources. This data is not stored together with other personal data of the user.

a. Legal basis – The legal basis for the temporary storage of the data is provided by Art. 6 Para. 1 lit. f GDPR.

b. Purpose of storage – The storage in log files takes place to ensure the functionality of the website. In addition, the company uses the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing in accordance with Art. 6 Paragraph 1 lit. f GDPR.

c. Deletion – The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest.

d. Possibility of objection – For the operation of the website, the collection of the data for the provision of the website and the storage of the data in log files is mandatory. For this reason, there is no option for the user to object in this case.

2. Cookies

This site uses cookies. Cookies are small text files that are stored on the user’s computer and that are stored in the user’s browser. Cookies do not damage the user’s computer and do not contain any viruses. When a user calls up the website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be clearly identified when the website is accessed again. These cookies make it possible to recognize the user’s browser on the next visit.

When you visit our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context there is also a reference to this data protection declaration.

a. Legal basis – The legal basis for processing personal data using cookies is Art. 6 I lit. f. GDPR (essential cookies), in all other cases your consent according to Art. 6 I lit. a) DESVO. The legal basis for the processing of personal data using cookies for analysis purposes is Article 6 (1) lit. a GDPR.

b. Purpose – The purpose of using cookies is to simplify websites for the user. Our legitimate interest in processing personal data in accordance with Art. 6 Para. 1 lit. f GDPR.

c. Deletion and deactivation – Most of the cookies we use are so-called »session-cookies«. They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If you deactivate cookies, the functionality of this website may be restricted.

3. Use of WooCommerce

We use the Woocommerce service for our online shop. The service is offered by Automattic Inc., 60, 29th Street # 343, San Francisco, CA 94110-4929, USA.

As soon as you click on one of our product images, you will be redirected to our individual sales page. You have then left the website. We have no knowledge of further processing or the duration of storage of your data.

You can find the data protection information here: https://woocommerce.com/terms-conditions

The legal basis for processing personal data when forwarding from our website to the sales page via Woocommerce results from Art. 6 Para. 1 S. 1 lit. a).

4. Web analytics services

This website uses the web analysis service Google Analytics.

The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. The information generated by Google Analytics about your use of the website such as

1. Browser type / version
2. Operating system used
3. Referal URL (the previously visited page)
4. Host name of the accessing computer (IP address)
5. Time of the server request

are usually transferred to a Google server in the USA and stored there. Google Analytics is a third party provider. The use of the web analysis service requires the transfer of user data to the third party provider Google Analytics. Please note the different data protection regulations of Google Inc. at https://www.google.com/intl/de/policies/privacy.

a. Legal basis – The legal basis for using the web analysis service is Article 6 I lit. a. GDPR.

b. Purpose – The purpose of using Google Analytics is to increase the efficiency of our website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage. This website uses the »demographic characteristics« of Google Analytics. This allows reports to be created that contain information on the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics, as described in the point »Objection to data collection«.

The data is passed on in pseudonymised form.

c. Prevention – Google Analytics generates cookies. You can prevent this as follows:

a) By not giving your consent when you visit our website

b) You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install:http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again. [Note: You can find information on integrating the opt-out cookie at: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable].

We continue to use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not want this, you can deactivate this via the ad preferences manager (http://www.google.com/settings/ads/onweb/?hl=de).

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

5. Contact field, e-mail contact and the option to apply for a portrait

There is a contact field on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved. These data are: Salutation / Name / Company / E-mail / Address / Subject

In the case of submitting an application for the preparation of your portrait, the documents you submit, such as images that you photograph, are transmitted and stored.

At the time the message is sent, the user’s IP address and the date and time of registration are also saved.

For the processing of the data, the consent of the user is obtained during the sending process and reference is made to this data protection declaration. The user can also contact the company via the email address given in the legal notice. In this case, the user’s personal data transmitted with the email will be saved.

In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

a. Legal basis – The legal basis for the processing of the data is Art. 6 Para. 1 lit. a GDPR. The legal basis for the processing of the data that is transmitted in the course of sending an email is Art. 6 Para. 1 lit. f GDPR. If the aim of the email contact is to conclude a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.

b. Purpose – The processing of the personal data from the contact form serves the company only to process the contact. If you contact us by e-mail, there is also the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

c. Deletion – The data from the contact field, the e-mail contact and the documents relating to the application will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

d. Revocation – The user has the option to revoke his consent to the processing of personal data at any time.

If the user contacts the company by email, they can object to the storage of their personal data at any time. In such a case, the conversation and any further contract initiation cannot be continued.

The user can also revoke his consent in other ways. The consent can also be given orally, e.g. by phone or in writing. In this case, all personal data that was stored in the course of making contact will be deleted.

6. Use of social plugins

This concerns the use of Facebook, Vimeo, Instagram, Google+, Pinterest, Flickr and LinkedIn plugins.

Our website uses so-called social plugins (»plugins«) from the social networks Facebook, LinkedIn, Flickr, and Google+, as well as the microblogging services Twitter and Instagram and the video platform Youtube and the streaming service Vimeo.

Before using the website, you will be asked whether you consent to their use. The legal basis for the use is your express consent, Art. 6 I a GDPR.

These services are provided by the companies Facebook LLC., Google Inc., Vimeo LLC. and Instagram LLC. offered (»provider«).

Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA (»Vimeo«).
You can find the data protection information from Vimeo here: https://vimeo.com/privacy

Pinterest is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. You can find the data protection information from Pinterest here: https://policy.pinterest.com/de/privacy-policy.

Facebook is operated by Facebook Ireland Ltd.,4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (»Facebook«).You can find an overview of the Facebook plugins and their appearances here: https://developers.facebook.com/docs/plugins
You can find the data protection information here: https://de-de.facebook.com/policy.php

Google+ is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (»Google«). You can find an overview of the Google plugins and their appearances here: https://developers.google.com/+/web
Data protection information from Google: http://www.google.com/intl/de/+/policy/+1button.html

Instagram is operated by Facebook Ireland Ltd.,4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (»Instagram«). You can find an overview of the Instagram buttons and their appearances here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
Data protection information from Instagram:https://de-de.facebook.com/help/instagram/155833707900388

LinkedIn is operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland. The privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

Flickr Inc. is owned by SmugMug Inc, California, USA. You can find the data protection information here: https://www.flickr.com/help/privacy

If you open a page on our website that contains such a plugin, your browser establishes a direct connection to the servers of the respective provider.

The content of the plug-in is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers will receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in.

This information (including your IP address) will be transmitted directly from your browser to a server of the respective provider, i.e. also to the USA and will be stored there. If you are logged in to one of the services, the providers can immediately assign your visit to our website within your profile on the social media platforms.

If you interact with the plugins, for example by clicking the »Like«, »+1« or »Instagram« buttons, the corresponding information will also be transmitted directly to a server of the provider and will be stored there. The information will also be stored in the social network on your e.g. published on Instagram and shown to your contacts there.

The purpose and scope of the data collection and the further processing and use of the data by the provider as well as your rights and setting options for the protection of your privacy can be found in the data protection information of the provider.

If you do not want the providers mentioned to assign the data collected via our website directly to your profile in the respective service, you must log out of the relevant service before visiting our website. You can completely prevent the loading of the plugins with add-ons for your browser, e.g. B. with the script blocker »NoScript« (http://noscript.net).

7. YouTube video embedding

We include videos from YouTube on our website (so-called embedding). These videos are stored on http://www.YouTube.com and can be played directly from our website. YouTube is a service from Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA. The videos are all integrated within the »extended data protection mode«, i.e. no data about the user will be transmitted to YouTube or Google if the user does not play the videos. Only when a user plays the videos will the following data be transmitted:

– IP address
– Information that the user has accessed this page, regardless of whether a user account exists
– If the user has a YouTube user account and is logged in, the pages accessed are assigned to his/her profile

The provider has no influence on this data transfer. YouTube saves this data as part of its data protection guidelines and may also use it for advertising.

a. Legal basis – The legal basis for the use is Art. 6 I lit. f GDPR.

b. Purpose – The purpose is to make the website simple for users and to be able to play videos directly on the website.

c. Prevention – If the user does not click on the video, no data will be transmitted to YouTube.

If the user has a YouTube user account and does not want the video to be assigned to his YouTube user account, he must log out of YouTube before activating the button.

Further information on the purpose and scope of the data collection and its processing by the third party provider can be found in the data protection declaration from YouTube or Google that is communicated below. There you will also find also further information on the relevant rights, in particular the right of withdrawal against the creation of user profiles and the contact person, as well as setting options for the protection of privacy: https://www.google.com/policies/privacy/partners/?hl=de

8. Newsletter and use of Mailchimp

On our website, users are given the opportunity to subscribe to our company’s newsletter. The input mask used for this purpose determines which personal data is transmitted to the person responsible for processing when ordering the newsletter.

We inform the subscribers of the newsletter at regular intervals by means of a newsletter about company news and current, interesting articles from various fields as well as about new art blog articles or news & events. Our company’s newsletter can only be received by the person concerned if (1) the person concerned has a valid e-mail address and (2) the person concerned registers for the newsletter dispatch. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by a person concerned for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address, as the person concerned, has authorized receipt of the newsletter.

When registering for the newsletter, we also save the IP address assigned by the Internet service provider (ISP) of the computer system used by the person concerned at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later point in time and therefore serves the legal protection of the person responsible for the processing.

The personal data collected when registering for the newsletter will only be used to send our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a relevant registration, as this could be the case in the case of changes to the newsletter offer or changes in the technical conditions.

The personal data collected as part of the newsletter service will not be passed on to third parties. The data subject can cancel the subscription to our newsletter at any time. The consent to the storage of personal data that the person concerned has given us for sending the newsletter can be revoked at any time. There is a corresponding link in every newsletter for the purpose of revoking consent. There is also the option of unsubscribing from the newsletter dispatch directly on the website of the person responsible for processing or to inform the person responsible for processing of this in another way.

Our company’s newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in e-mails that are sent in HTML format to enable log filerecording and log file analysis. This enables a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Using the embedded tracking pixel, it can be seen whether and when an e-mail was opened by a data subject and which links in the e-mail were called up by the data subject.

Such personal data collected via the tracking pixels contained within the newsletters are stored and evaluated by the person responsible for processing in order to optimize the sending of the newsletter and to better adapt the content of future newsletters to the interests of the person concerned. This personal data will not be passed on to third parties.

Affected persons are entitled at any time to revoke the relevant separate declaration of consent given via the double opt-in procedure. After revocation, this personal data will be deleted by the person responsible for processing.

We automatically interpret unsubscribing from receiving the newsletter as a revocation.

The newsletter is sent via »Mailchimp«. Mailchimp is operated by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients, as well as their other data described in these notes, are stored on Mailchimp’s servers in the USA. Mailchimp uses this information to send and evaluate the newsletter on our behalf. According to Mailchimp, however, it does not use the data of our newsletter recipients to write them down or to pass them on to third parties. The legal basis for the use is your express consent, Art. 6 I lit. a GDPR.

Mailchimp’s privacy policy can be found here: https://mailchimp.com/legal/privacy

9. Payment options

We offer PayPal, SOFORT Überweisung, Visa, Mastercard, American Express as payment options as well as on account and in advance.

In order to process the payment, we collect the payment data you provide, such as

• Preferred method of payment
• Billing addresses
• IBAN and BIC or account number and bank code
• Currency, if applicable

We need this data in order to be able to properly execute the contract with you, Art. 6 I lit. b GDPR.

– Additional information PayPal

When paying via PayPal, your payment data will be sent to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter »PayPal«). Wire themselves have no access to this, the user is redirected to the corresponding PayPal website. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered »purchase on account« via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values ​​(so-called score values). Insofar as score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is included in the calculation of the score values.You can access PayPal’s privacy policy at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

– Additional information SOFORT Überweisung

When paying via »SOFORT« payment is processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. Sofort GmbH belongs to the Klarna Group, Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden. We will forward the information you provided during the ordering process to Sofort GmbH, along with information about your order. The legal basis for this is Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with the payment service provider Sofort GmbH and only insofar as it is necessary for this. You can find the data protection declaration from Sofort GmbH at: https://www.sofort.de/datenschutz.html

– Additional information visas

When paying via Visa, Mastercard or American Express, the card number, card sequence number, check number, card type (e.g. VISA, Mastercard, American Express) and card expiry date are also requested. When paying via Visa, Mastercard or American Express, you will be redirected to the corresponding website of the payment service provider. The legal basis is Art. 6 I lit. b) GDPR.

You can find the data protection declarations of the payment service providers here:

Visa Europe Services LLC, registered in Delaware USA, acting through the branch in London, 1 Sheldon Square, London W2 6TT, Great Britain, for the payment with »Visa«,https://www.visaeurope.com/about-us/policy-and-regulation/veor

MasterCard Europe SPRL, Chaussée de Tervuren 198A, 1410 Waterloo, Belgium, for the payment with »MasterCard«, https://www.mastercard.de/dede/datenschutz.html

American Express Payment Services Limited, Frankfurt am Main branch, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main www.americanexpress.de/datenschutz

– Additional information Stripe

We also use the payment method of the payment service provider Stripe. If the user decides to do so, the payment will be processed by this service provider. The provider is Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

As part of the order process, we pass on the data provided by the user about the order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) to this service provider. The legal basis for this is Art. Para. 1 lit. b GDPR. The data is passed on exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this.
You can find Stripe’s privacy policy at the URL https://stripe.com/de/terms

10. Marketing tools

We use the marketing tools Google Adsense (Google Ads) and Facebook ads on our website.

– Google Ads

We use Google Ads on our website. This is a service from Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Irland (hereinafter referred to as »Google«). Google Ads is a marketing tool used to identify advertising measures. The advertising material is delivered by Google via so-called »AdServer«, whereby so-called AdServer cookies are used for this. Data such as clicks or where the users come from are recorded. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies cannot be tracked via the websites of Ads customers.

We receive the data from Google for statistical analysis. We use Google Ads for marketing and optimization purposes. The legal basis is Art. 6 Para. 1 S. 1 lit. a) GDPR when accessing the website.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to their full extent. Please also note our information under point C. 2. of this declaration.

It is also possible to prevent the storage of cookies by setting your web browser so that cookies from the domain »www.googleadservices.com« are blocked (https://www.google.de/settings/ads). You can find the Google Ads data protection declaration at: https://policies.google.com/privacy?hl=de&gl=de

– Pixel / Facebook Ads

We use the Facebook pixel from the provider Facebook on our homepage. Facebook is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland.

This enables the user of our website to be shown interest-based advertisements when they visit the Facebook network or other websites that use this method. The browser uses this pixel to establish a direct connection with the server on Facebook. According to Facebook,Facebook receives a message that the user has clicked on our advertisement or has accessed a corresponding page from us. If the user has a Facebook account, Facebook can associate this with this account. Users who do not have a Facebook account could also be assigned via the IP address and / or other identifying data from Facebook.

We use Facebook pixels to show the user the advertising that best suits their interests. For statistical purposes, we can also identify which advertising interests the user most. The legal basis is Art. 6 I lit. a) GDPR.

If you do not want to use the pixel, please select »only use functional cookies« when you visit our website. With the above-mentioned opt-out options (under »Cookies«), the user can also object to use at any time if he has already consented.
You can find Facebook’s data protection declaration here: https://de-de.facebook.com/policy.php

D. Rights of the data subject

The operator of this website takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

If your personal data is processed, you are the person concerned within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

1. Right to information

You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us. If such processing has taken place, you can request the following information from the person responsible:

(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the storage duration;
(5) the existence of a right to correction or deletion of your personal data, a right to restrict processing by the person responsible or a right to object to this processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) all available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether the personal data relating to you is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR to be informed in connection with the transfer.

2. Right to rectification

You have a right to correction and / or completion vis-à-vis the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

3. Right to restriction of processing

You can request the restriction of the processing of your personal data under the following conditions:

(1) if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to check the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the person responsible no longer needs the personal data for the purposes of processing,but you need them to assert, exercise or defend legal claims, or
(4) if you have lodged an objection to the processing in accordance with. Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of your personal data has been restricted, this data – apart from its storage – may only be used with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest processed by the Union or a Member State.

Has the processing been restricted according to the o.g. Restricted requirements, you will be informed by the person responsible before the restriction is lifted.

4. Right to cancellation

a) Obligation to delete

You can request the person responsible to delete the personal data relating to you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based in accordance with. Art. 6 para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR, and there is no other legal basis for the processing.
(3) According to Art. 21 Para. 1 GDPR you object to the processing and there are no overriding legitimate reasons for the processing, or you object in accordance with. Art. 21 Para. 2 GDPR objection to the processing.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.
(6) The personal data relating to you were collected in relation to the information society services offered in accordance with Art. 8 Paragraph 1 GDPR.

If the person responsible has made the personal data concerning you public and acc. Art. 17 (1) GDPR is obliged to delete them, taking into account the available technology and the implementation costs, he shall take appropriate measures, including technical measures, to inform those responsible for processing the personal data that the data subject requested will be deleted including all links to this personal data or copies or replications of this personal data.

The right to deletion does not exist if processing is necessary

(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation that requires processing under the law of the Union or of the member states to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible;
(3) for reasons of public interest in the area of ​​public health in accordance with Art. 9 Para. 2 lit. h and i as well as Art. 9 Para. 2 lit. h and i as well as Art. 9 Para. 3 GDPR;
(4) or archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes acc. Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it, or
(5) for the establishment, exercise or defense of legal claims.

5. Right to be informed

If you have asserted the right to correction, deletion or restriction of processing against the person responsible, the person responsible is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this turns out to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the person responsible.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, common and machine-readable format. You also have the right to transfer this data to another person in charge without hindrance from the person in charge to whom the personal data was provided, provided that

(1) the processing is based on consent in accordance with. Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract according to. Art. 6 Para. 1 lit. b GDPR is based and
(2) the processing is carried out using automated procedures. In exercising this right, you also have the right to have your personal data transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible. This must not impair the freedoms and rights of other people. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible.

7. Right to object

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR takes place to object; this also applies to profiling based on these provisions.

The person responsible will no longer process the personal data concerning you unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in connection with the use of information society services, to exercise your right of objection by means of automated processes that use technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – which has legal effects on you or which significantly affects you in a similar manner. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) is permissible on the basis of legal provisions of the Union or of the member states to which the person responsible is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms and your legitimate interests or
(3) takes place with your express consent.

However, these decisions may not be based on special categories of personal data according to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to express their own point of view and heard on contesting the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint was submitted informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.

Pin It on Pinterest