Privacy

Data protection declaration pursuant to Art. 13 GDPR

Data protection declaration and consent to use of data

Data protection is a matter of trust, and your trust is important to us. We respect your privacy. The protection and legally compliant collection, processing and use of your personal data is therefore an important concern for us. To ensure that you feel safe visiting our website, we strictly observe the legal provisions when processing your personal data, and would like to take this opportunity to tell you about how we collect and use data.

We are committed to complying with the General Data Protection Regulation (GDPR) as well as applicable national data protection laws. For us, data protection is a company-wide issue with a high priority. We work only with partners who can similarly demonstrate an adequate level of data protection when it comes to processing your data. We process your data only where you have given us your express consent to do so, where processing is for the purpose of a contract or pre-contractual measures relating to a service, or where the relevant laws permit or require data processing. The following data protection information covers both the currently applicable national legal framework and the requirements of GDPR applicable throughout Europe since 25 May 2018. References to a legal basis in GDPR are relevant from 25 May 2018 onwards. Under no circumstances do we sell your data or pass it on to unauthorised third parties. We are pleased to provide you with the following detailed information on how we handle your data in our company.

You can print or save this document using the standard features in your browser. The following data protection declaration explains what kinds of data are collected on our website, and what data we process and use, and in what ways.

I. NAME AND ADDRESS OF THE CONTROLLER

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of EU member states as well as other data protection regulations is:

RWTÜV GmbH
Kronprinzenstr. 30
45128 Essen
Deutschland

Phone: 0201-1252-120
Website: www.rwtuev.de

Person responsible for web content:
Nina Haisch-Rautenberg
Phone: 0201-1252-121
Email: @email

II. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

The controller’s data protection officer is:

TÜV Informationstechnik GmbH
IT Security - Business Security & Privacy
Fachstelle für Datenschutz
Am TÜV 1
45307 Essen

Phone 0201 - 8999-643
Fax 0201 - 8999-666
Mail: @email

For the sake of clarity, only the names of the individual sections are shown below. You can click on the individual section name to display its text contents.

III. GENERAL INFORMATION ON DATA PROCESSING

1. Scope of processing personal data

In principle, we collect and use our users’ personal data only to the extent required to ensure a functioning website and to provide our content and services. As a rule, we collect and use our users’ personal data only with the user’s consent. An exception applies in those cases where it is not possible to obtain prior consent for practical reasons and the legal regulations permit processing of the data.

2. Legal basis for processing personal data

Where we obtain the consent of the data subject to process their personal data, Art. 6 (1) (a) GDPR serves as the legal basis for processing personal data.

Where it is necessary to process personal data for the performance of a contract to which the data subject is party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing that is necessary to take steps prior to entering into a contract.

Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6 (1) (d) GDPR serves as the legal basis.

If processing is necessary for the purposes of legal interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

3. Deletion of data and duration of storage

The data subject’s personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by European or national legislators in EU regulations, laws, or other regulations to which the controller is subject. Data will also be blocked or deleted when a storage period specified by the above-mentioned provisions expires, unless there is a need for continued storage in order to enter into or perform a contract.

IV. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the accessing computer’s computer system.

The following data is collected:

Information about the browser type and version used
The user’s operating system
The user’s internet service provider
The user’s IP address (anonymised)
Date and time of access
Websites via which the user’s system arrived at our website
Websites accessed by the user’s system via our website

The data is also stored in our system’s log files. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Data is stored in log files to assure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our IT systems. Data is not evaluated for marketing purposes in this context.

These purposes for processing data are also in our legitimate interests pursuant to Art. 6 (1) (f) GDPR.

4. Duration of storage

Data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected in order to deliver the website, this is the case when the respective session ends.

In the case of data stored in log files, this is the case after not more than seven days. Storage for a longer period of time is possible. In this case, users’ IP addresses are deleted or disassociated so that it is no longer possible to identify the accessing client computer.

5. Possibility to object and have data deleted

The collection of data for the provision of the website and the storage of data in log files are absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

V. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified the next time the website is accessed.

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identified after changing pages.

The following data is stored and transmitted in the cookies:

Language settings
Log-in information

We also use cookies on our website that enable an analysis of the user’s browsing behaviour.

In this way, the following data can be transmitted:

Search terms entered
Frequency of page views
Use of website functions

Technical precautions are in place to pseudonymise user data collected in this way. As a result, it is no longer possible to associate the data with the user accessing the website. The data is not stored together with other personal data of users.

When accessing our website, a banner is displayed to inform users about the use of cookies for analytical purposes and refer them to this data protection declaration. In this context, users are also advised that the storage of cookies can be prevented via their browser settings.

On accessing our website, users are informed about the use of cookies for analytical purposes, and their consent is obtained for the processing of personal data used in this context. In this context, they are also informed about this data protection declaration.

2. Targeting

Data is collected on our website using cookie technology to optimise our advertising and the entire online offering. This data is not used to identify you personally. It is used solely for a pseudonymous evaluation of the use of our website. At no time is your data merged with personal data that we store. This technology allows us to show you advertisements and/or special offers and services, whose content is based on information obtained in connection with clickstream analysis (for example advertisements based on the fact that only sports shoes have been viewed in recent days). Our goal here is to make our online offering as attractive as possible for you, and to show you adverts that match your areas of interests.

1. Third-party cookies

We use a number of advertising partners who help to make our internet offering and website more interesting for you. Therefore, when you visit our website, cookies from partner companies are also stored on your hard drive. These are temporary/permanent cookies that are automatically deleted after the specified time. These temporary or permanent cookies (lifetime 14 days to 10 years) are stored on your hard drive and delete themselves after the specified time. Our partner companies’ cookies also contain only pseudonymised or in most cases anonymised data. For example, this may be data about the products you have viewed, whether you made a purchase, what products you searched for, etc. Some of our advertising partners also collect information that goes beyond the website, for example which sites you previously visited or what products you were interested in, in order to show you advertisements that best match your interests. At no time is this pseudonymous data merged with your personal data. The sole purpose of this data is to enable our advertising partners to target you with advertising that might actually interest you.

2. Retargeting

Our websites also use retargeting technologies. We use these technologies to make your online experience more relevant to you. This technology makes it possible to target internet users who have already shown an interest in our store and our products with advertising on our partners’ websites. We believe that showing personalised advertising based on the user’s interests is generally of more interest to the internet user than advertising that has no such personal relevance. Showing these adverts on our partners’ sites is based on cookie technology and an analysis of prior user behaviour. This form of advertising is completely pseudonymous. No usage profiles are merged with your personal data. By using our site, you consent to the use of cookies and therefore to the collection, storage and use of your usage data. Furthermore, your data is stored in cookies after your browser session has ended, and can be accessed again when you next visit the website, for example. You can withdraw this consent at any time with effect for the future by blocking cookies in your browser settings.

3. How to prevent cookies being stored on your computer

Depending on which browser you use, you can set your browser to only accept cookies if you agree (“prompt for cookies”). If you only want to accept the cookies we use, but not those of our service providers and partners, you can set your browser to “block third-party cookies”. Usually the Help feature in your browser’s menu bar will show you how to reject new cookies and delete ones already on your computer. You can find detailed information on how to make the settings in the browser you use at the following link. If you are using a shared computer that is set to accept cookies and Flash cookies, we recommend that you always log out completely when finished.

4. Legal basis for data processing

The legal basis for processing personal data using technically necessary cookies is Art. 6 (1) (f) GDPR.

The legal basis for processing personal data using cookies for analytical purposes, where the user has given consent in this regard, is Art. 6 (1) (a) GDPR.

5. Purpose of data processing

The purpose of using technically necessary cookies is to make it easier for users to use websites. Some features of our website cannot be offered without the use of cookies. These features require that the browser is recognised again even after a page change.

We require cookies for the following applications:

Applying language settings
Remembering search terms

User data collected via technically necessary cookies is not used to create user profiles.

Analytical cookies are used for the purpose of enhancing the quality of our website and its content. Analytical cookies tell us how the website is used, and allow us to continuously optimise our offering.

These purposes for processing personal data are also in our legitimate interests pursuant to Art. 6 (1) (f) GDPR.

6. Duration of storage, possibility to object and have data deleted

Cookies are stored on the user’s computer and transmitted from that computer to our site. Therefore, as a user you have full control over the use of cookies. By changing the settings in your internet browser, you can block or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are blocked for our website, it may no longer be possible to use all of the website’s features in full.

VI. CONTACT FORM AND EMAIL CONTACT

1. Description and scope of data processing

A contact form is available on our website, which can be used to contact us electronically. If a user makes use of this possibility, the data entered in the input form will be transmitted to us and stored. This data is:

Name, email address, subject, message.

At the time the message is sent, the following data is also stored:

The user’s IP address
Date and time of recording

We obtain your consent to the data processing during the sending process, and refer you to this data protection declaration.

Alternatively, it is possible to contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

In this context, data is not passed on to third parties. This data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for processing the data, where the user has given their consent, is Art. 6 (1) (a) GDPR.

The legal basis for processing data transmitted in the course of sending an email is Art. (6) (1) (f) GDPR. If the aim of the email contact is to enter into a contract, the additional legal basis for the data processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

We process personal data from the input form solely to respond to the contact request. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and ensure the security of our IT systems.

4. Duration of storage

Data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data entered on our contact form and/or sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be concluded from the circumstances that the matter in question has been finally settled.

The additional personal data collected during the sending process will be deleted after a period of not more than seven days.

5. Possibility to object and have data deleted

The user can withdraw his or her consent to the processing of their personal data at any time. If the user contacts us via email, he or she can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

VII. Participation on our innovation platform

1. Description and scope of data processing

For our innovation platform, we use an external service provider: isn – innovation service network GmbH, Grabenstr. 231, 8045 Graz, Austria. Please note that when you use this platform you will be redirected to an externally provided website. To be an active user of the innovation platform that we provide, and to take part in ideas competitions, you must create a personal user account.

1. Access to our innovation platform

You can access our innovation platform via the link we provide, without having to disclose any information about your identity. The browser used on your terminal device automatically sends information to our website servers (e.g. browser type and version, date and time of access) only in order to enable the establishment of a connection to the website. This includes the IP address of your requesting terminal device. This is stored temporarily in a so-called log file and deleted after not more than 7 days.

The IP address data is processed for technical and administrative purposes of connection establishment and stability, to ensure the security and functionality of our website, and to be able to track any unlawful attacks on our website if necessary. We cannot draw any direct conclusions about your identity from processing the IP address and other information in the log file.

In addition, we use cookies as part of the provision of our innovation platform. For a more detailed explanation, see section V. of our data protection declaration.

To use our innovation platform, and to take part in ideas competitions, you must create a personal user account and become a registered user.

2. When creating a user account

The following information is required when setting up a user account:

Username
A valid email address

After the initial registration, you must enter a password of your choice to set up the user account. This data is processed in order to identify you as a user, and to create your user account. We also use your email address for notification features, if these are activated. In addition, we will send you a one-time personalised link to your email address after registration. Clicking on the link ensures that you are the owner of the email address provided. Together with your email address or username, this enables access to your user account. In your user account, you can view and change the data stored about you at any time, except for your username.

In addition, you can voluntarily provide the following information to complete your profile:

Profile picture
Gender
Title
First and last name
Phone number
Position
Company
Department
Company address

Providing this information is voluntary. It is not required in order to set up a user account. This information helps us to place the content generated on the platform (e.g. submitted ideas or comments) in a sociocultural context.

The following information is also visible to other users of the platform:

Name
Profile picture (if available)
Information provided voluntarily

To delete your user account, please contact us at the contact address provided in section 1 of this data protection declaration.

Following the deletion of your user account, your data will be deleted for further use unless we are required to store it for a longer period of time pursuant to Art. 6 (1) (c) GDPR owing to retention and documentation obligations under tax and commercial law (in particular section 257 of the German Commercial Code (Handelsgesetzbuch, HGB) and section 147 of the German General Fiscal Code (Abgabenordnung, AO)), or you have consented to storage beyond this time in accordance with Art. 6 (1) (a) GDPR.

3. Participation in ideas competitions

You can take part in ideas competitions by submitting ideas or commenting on ideas (“your content”) on the platform. Your username or, if provided, your first and last name, will also appear in connection with your content. Your content will be used in accordance with the terms and conditions of participation in the respective ideas competition to select and, if applicable, award prizes for the best ideas, and to solve tasks set in the respective ideas competition.

Within RWTÜV GmbH, the three project team employees as well as our processor (as defined in GDPR) have access to your content including your profile details. In addition, those entities named as project partners in the terms and conditions of participation in the respective ideas competition as well as other users or commissioning parties of individual competitions shall have access for the above-mentioned purposes.

If you delete your user account, your content data will remain on the platform, but there will no longer be a reference to your name. Instead, a note will appear stating that the associated user account no longer exists. Therefore you should not leave any information that directly identifies you (name, email, phone number) in the text of your submitted ideas and comments. We reserve the right to redact personally identifiable information in your content following deletion of your user account.

2. Legal basis for data processing

The legal basis for processing the IP address data is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the above-mentioned security interest and the need for trouble-free provision of our website.

With the creation of a personalised user account, data is processed with your consent and processing is necessary for the aforementioned purposes for the creation of your user account and its use as well as to take steps prior to entering into a contract pursuant to Art. (6) (1) (b) GDPR.

If you participate in ideas competitions, the legal basis for processing your data is the performance of the contract (relationship with the user) including the terms and conditions of participation in accordance with Art. 6 (1) (b) GDPR.

3. Purpose of data processing

Personal data from the input form is processed in order to create a personal user account, and solely to deal with the request. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and ensure the security of our IT systems.

4. Duration of storage

Your user account data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data collected from the input form for your user account, this is the case when you terminate its use, i.e. delete your user account. The additional personal data collected during the sending process will be deleted after a period of not more than seven days.

5. Possibility to object and have data deleted

The user can withdraw his or her consent to the processing of their personal data on our innovation platform at any time.

VIII. Participation in our sustainability survey

1. description and scope of data processing

A constant and open exchange with you is very important to us. We want to incorporate the various fields of action of sustainability into the RWTÜV corporate strategy in the best possible way.

As part of our sustainability survey, we ask you about the different areas of action of our sustainability processes and about your membership of the stakeholder groups mentioned.

Please note that we do not collect any personal data, only mandatory metadata. In terms of data protection, it should be noted that the sending IP address is recorded at least temporarily. This is for technical reasons, because all mechanisms are based on this, for example to defend against form spam. Your IP address is therefore part of the metadata of the recorded message, but is not processed further outside the web server and is not transmitted to third parties at any time.

2 Legal basis for data processing

The legal basis for the processing of the IP address is Art. 6 para. 1 sentence 1 lit. f). If you take part in our sustainability survey, the legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. b) GDPR.

3 Purpose of the data processing

The processing of the data requested from you serves exclusively to obtain an overview of the degree of our sustainability processes.

4. duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The IP addresses collected during the sending process are deleted after a period of seven days at the latest.

5. possibility of objection and removal

The user has the option at any time to withdraw their consent to the processing of the data they have provided as part of our sustainability survey.

IX.SHARING YOUR DATA WITH THIRD PARTIES

To make our website as pleasant and convenient as possible for you as a user, we occasionally use the services of external service providers. Below you have the opportunity to inform yourself about data protection provisions concerning the deployment and operation of services and features we use, so that you can exercise your rights with the service providers if necessary.

1. Google Maps

Our websites use Google Maps to display maps and generate directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. By using this website, you consent to the collection, processing and use of automatically collected data and data provided by you, by Google, one of its agents, or third parties. The terms of service for Google Maps can be found at Terms of Service for Google Maps. For full details, please visit the Google Privacy Center: transparency and choices and privacy policy.

2. ETracker

On our website, data is collected and stored for marketing and optimisation purposes using technologies from etracker GmbH (www.etracker.com). This data can be used to create user profiles under a pseudonym. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the site visitor’s internet browser. The cookies make it possible to recognise the internet browser. Without the separately granted consent of the data subject, data collected using etracker technologies will not be used to personally identify the visitor to this website and will not be merged with personal data about the bearer of the pseudonym. The collection and storage of data can be objected to at any time with effect for the future.

3. isn

For our innovation platform, we use an external service provider: isn – innovation service network GmbH, Grabenstr. 231, 8045 Graz, Austria. Our service provider takes care of the storage and operation of this website on servers (hosting). isn may use other subservice providers within the EU for this purpose, which we will inform you about on request. Pursuant to Art. 6 (1) (f) GDPR, the use of isn to operate our innovation platform is based on our legitimate interests in linking our innovation platform with our website. Please note that when you use this platform you will be redirected to an externally provided website.

In connection with the website hosting, isn processes personal data when you visit the innovation platform we provide, or use services provided on our website. Apart from that, we only share your personal data if

you have consented to this in accordance with Art. 6 (1) (a) GDPR;
this is necessary for the performance of a contract with you in accordance with Art. 6 (1) (b) GDPR;
sharing personal data is necessary for compliance with a legal obligation in accordance with Art. 6 (1) (c) GDPR.

The shared data may be used by the recipients exclusively for the purposes stated.

Data is not shared with recipients outside the EU.

We have entered into a commissioned data processing contract (Auftragsverarbeitungsvertrag) with isn. Via this contract, isn gives an assurance that they will process data in accordance with GDPR and ensure protection of data subjects’ rights. isn provides further information on data protection at https://innovation.at/datenschutz/.

X. RIGHTS OF THE DATA SUBJECT

Pursuant to Art. 15 GDPR in conjunction with section 34 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), you have an unrestricted right of access, free of charge, to information about data we store about you; and pursuant to section 35 BDSG you have the right to erasure or to restriction of processing of impermissible data, and the right to rectification of inaccurate data.

On request, we will be happy to inform you in writing as to whether and, if so, what personal data we have stored about you. To the extent possible, we will take appropriate steps to update or correct your data that we have stored. Please address all enquiries, requests for access to information or objections to data processing to our data protection officer by email, stating your full postal address.

If your personal data is processed, you are a data subject within the meaning of GDPR and you may exercise the following rights vis-à-vis the data controller:

1. Right of access

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you is being processed by us.

Where that is the case, you have the right to obtain access to the personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data has been or will be disclosed;
the envisaged period for which the personal data concerning you will be stored, or, if definite information about this is not possible, the criteria used to determine that period;
the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
where the personal data is not collected from the data subject, any available information as to its source;
the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to be informed of whether personal data concerning you is transferred to a third country or to an international organisation. Where this is the case, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to obtain from the controller the rectification of inaccurate personal data concerning you, and/or the completion of incomplete personal data. The controller must rectify the personal data without undue delay.

3. Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

if you contest the accuracy of personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
the controller no longer needs the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims; or
you have objected to the processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing in accordance with the above conditions, you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Obligation to delete

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay where one of the following reasons applies:

the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
you withdraw consent on which the processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and where there is no other legal ground for the processing;
you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR;
the personal data concerning you has been unlawfully processed;
the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data has been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure shall not apply to the extent that processing is necessary:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.

5. Right to be informed

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right vis-à-vis the controller to be informed about those recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR; and

(2) the processing is carried out by automated means.

In exercising this right, you furthermore have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw declaration of consent pertaining to data protection

You have the right to withdraw your declaration of consent pertaining to data protection at any time. Withdrawing consent does not affect the lawfulness of processing carried out on the basis of the consent up to the time of withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

if necessary for entering into, or performance of, a contract between the data subject and a data controller;
is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
is based on your explicit consent.

However, these decisions may not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in bullet points (1) and (3) above, the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you infringes GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

XI. OTHER REMARKS

1. Foreign language pages

Where parts of the website are offered in languages other than German, this is exclusively a service for our customers, interested parties and employees who are not proficient in the German language.

2. Data security

All data transmitted by you personally is encrypted using the common and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used in online banking, for example. You can recognise a secure TLS connection from the https:// in your browser’s address bar or by the padlock symbol displayed in your browser.

We also implement suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are based on the recognised state of the art and are continuously improved in line with technological developments.

---

Data protection declaration last revised: February 2024