DATA PROTECTION REGULATION





Welcome to our website www.sygnard.com, provided by Art & Deco Design s.r.o., Braunerova STR. 563/7, CZ 180 00 Praha 8.
 
Data protection is of special concern to us. In order for you to understand when we collect and use which personal data, please take note of the following information. Herein you will also find information pertaining to your rights.


1. RESPONSIBLE PERSON


Responsible for data processing in accordance with the data protection regulations is:


Art & Deco Design s.r.o., represented by CEO Bela Balazsi, Braunerova STR. 563/7, CZ 180 00 Praha 8


Phone: +41 784 229 921
E-mail: info@sygnard.com
Website: https://sygnard.com/


2. DEFINITION OF TERMS


Our data protection declaration is based on the regulations of the European General Data Protection Regulation (GDPR). In order to make the data protection regulation comprehensible to everyone, we will define relevant terms according to the GDPR as follows (not exhaustive):


Personal Data refers to all information relating to an identified or identifiable natural person („data subject“), where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; article 4 number 2 GDPR;


Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction; article 4 number 2 GDPR;


Restriction of processing means the marking of saved personal data with the aim of limiting its processing in the future; article 4 number 3 GDPR;


Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements; article 4 number 4 GDPR;


Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person; article 4 number 5 GDPR;


Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her nomination may be provided for by Union or Member State law; article 4 number 7 GDPR;


Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; article 4 number 8 GDPR;


Recipient is a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; article 4 number 9 GDPR;


Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; article 4 number 10 GDPR;


Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subjectsignifies agreement to the processing of personal data relating to him or her with a statement or a clear affirmative action; article 4 number 11 GDPR;


Personal data security breach means a security breach leading to the accidental or unlawful deletion, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed; article 4 number 12 GDPR;


Health data means personal data relating to the physical or mental health of a natural person, including the provision of health care services, which expose information about the person’s health status; article 4 number 15 GDPR.


3. DATA PROCESSING


We always process personal data in accordance with the respective data protection laws (GDPR, Data Processing Law etc.). You may visit our website without providing personal information. Processing of personal data may be necessary if and insofar the data subject claims certain offers on our website.
Personal data will only be processed if there is a legal legitimation for the data processing or if the data subject has consented to the data processing.


As processors of personal data we have established multiple technical and organizational measures to ensure a comprehensive protection of personal data processed through our website. Nonetheless, transfer of personal data via the internet may be subjected to security breaches, and hence we cannot guarantee absolute protection. Data subjects therefore can transmit their personal data via other forms of communication (telephone, mail).


4. GENERAL DATA


With each visit on our website by the data subject or by an automated system, general data and information is collected and saved in the logfile of the server. This may include:
type and version of the browser
operating system
website from which you visit us (referrer URL)
website you are visiting
Datum und Uhrzeit Ihres Zugriffs
your internet protocol (IP) address Ihre Internet Protokoll (IP)-Adresse
any other data or information that serves to protect our IT-system from hackers.


It is impossible to trace an individual person based on this general data and information. The general data and information will be saved separately from personal data you may have provided and hence may not be traceable to a specific person. They will be merely evaluated for statistical purposes, to optimize our website and offers, to appropriately display our web content, to ensure the continuous function of our IT and technical systems, or to forward relevant data to authorities in case of a security breach.


We aim to ensure that we obtain statistical information through the evaluation and also increase data protection and data security in order to ultimately achieve a high level of protection for the personal data processed by us.


5. COOKIES


We are using cookies on our website. These are free of cyber viruses and will not harm your personal computer. Cookies are small files that are saved on your access or terminal device (computer, smartphone, tablet) by your browser. They serve to increase the user-friendliness, effectiveness, and security of our website. In addition, cookies can be used to collect statistical data on website usage and to analyze this data to improve our services. So-called “session cookies” are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable your browser to be recognized during your next visit.
The use of personal data processed by cookies follows either the legal basis of consent or the legal basis of legitimate interest. Consent is always the legal basis when we ask you to give it. Otherwise, the legal basis is our legitimate interest in data processing. Our legitimate interest in data processing exists in particular with regard to the improvement and the continuous development and optimization of our online offers.
You as the data subject may reject cookies for specific cases or in general, prevent or limit the saving of cookies on your device, or activate automatic deletion of cookies when you close your browser. This may, however, limit the functionality of our website.


6. MEANS OF CONTACT, CONTACT FORM


For legal reasons, we provide contact information on our website (e-mail, telephone number) that enables you to contact us electronically and communicate with us directly. Whenever the data subject uses these means of contact, the data provided by the data subject will be saved for the purpose of processing the contact. Such data will not be forwarded to third parties. Data obtained in this way will not be compared with other data that may have been collected by other components of our website.


We as data processors enable data subjects to contact us by submitting personal data through our contact form. The personal data collected in this process is that listed in the input screen in our contact form. Whenever the data subject uses these means of contact, the data provided by the data subject will be saved for the purpose of processing the contact form. Such data will not be forwarded to third parties. Data obtained in this way will not be compared with other data that may have been collected by other components of our website.


7. SSL-/ TLS-ENCRYPTION


We as processors use SSL- or TLS-encryption for security reasons and to protect confidential data (such as contact inquiries) during data transmission. Data subjects can identify such an encryption in the address line of the browser if it contains „https://“ and/or the lock sign. If such an encryption is activated, data transmitted by data subjects may not be seen or read by third parties.


8. GOOGLE ANALYTICS WITH ANONYMIZATION


We as data processors use Google Analytics, an online analytic service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“). Google Analytics allows for a web-based analysis of the use of our website by the data subject. This is possible through cookies, small text files saved on the computer of the user (see above). Information generated in the process is transmitted to and saved by a server managed by Google. This website uses the IP-masking method that results in cutting of your IP-address, thereby anonymizing it. Google processes such information to assess the use of the website for its operator, to compile reports on the website activities, and to provide other services pertaining to the use of the website to the operator.
You may prevent saving of such cookies by disabling them in your browser, but you may then not have access to all functions on our website.
By using your browser plug-in you may also prevent Google from collecting and processing the data obtained by the cookie. You may also prevent Google from collecting and processing data from your website use by downloading and installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout/.


9. GOOGLE-ADWORDS (GOOGLE ADS)


We as data processors use Google-AdWords, an online analytic service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“). We use Google-AdWords to advertise on the internet, in that we may place advertisements that are shown in the Google search results and advertisements that directly appear in Google’s advertisement network. As part of Google-AdWords we can define specific keywords before placing the advertisement. If a user enters one of these keywords in Google’s search function, our advertisements linked to these keywords will appear as a search result. Within Google’s advertisement network, the advertisements linked to such keywords are distributed on thematically relevant websites based on an automated algorithm and based on the defined keywords.
We use the Google AdWords service for the purpose of advertising our website, on one hand to display relevant advertising on third-party websites or to display third-party advertising on our website, and on the other hand to appear in Google search results.
The user may not be identified through the conversion cookies. The conversion cookie expires after 30 days. While the conversion cookie is active, it allows to determine which webpages or sub-pages have been visited. The conversion cookie allows us and Google to determine whether a user reached our website through a Google-AdWord advertisement.
Google uses the data obtained by conversion cookies to generate statistics on the visits of our website. We as processors use this statistical data to determine how many users reached our website through a Google-AdWords advertisement. It therefore allows for an evaluation of the success of the Google-AdWord advertisement and optimization of future advertisements. This evaluation does not allow us or Google-AdWords to collect any data on the users by which the user could be identified. Personal data such as the website visited, and the IP-address are saved through the conversion cookie and forwarded to Google. Google then saves this data. It is possible that Google will forward the data to third parties. Users who want to reject cookies may do so through the respective browser settings by permanently disabling the use of cookies. This setting also prevents the placement of a conversion cookie. Cookies that have already been placed may be deleted through the browser settings or other software. Data subjects may also decline interest-based advertisements from Google. The prerequisite is enabling the respective setting on Google in every browser:
www.google.de/settings/ads.
Further information and the general data protection regulation of Google may be obtained from the following link: https://www.google.de/intl/de/policies/privacy/.


10. GOOGLE ADSENSE (GOOGLE ADS)


We, as the data controller, use Google AdSense, an advertising insertion service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of using Google AdSense is to enable the implementation of advertising on our website. Google AdSense uses so-called “cookies”, text files which are stored on the computer of the data subject and which enable an analysis of the use of the website. For definition of cookie see above. The cookie enables Google to analyze the use of our website by the data subject.
If a website equipped with a Google AdSense component is visited, the internet browser automatically transfers data to the data subject for the purpose of advertising and the settlement of commission payments to Google. In doing so, Google gains knowledge of personal data of the data subject, such as the IP address. This data enables Google to trace the origin of the data subject and the clicks made and to invoice the corresponding commissions.
Persons concerned can prevent the setting of cookies at any time by means of appropriate settings (see below). This setting also prevents Google from placing a cookie on the IT system of the data subject. Persons concerned can also delete cookies already set by Google using their internet browser or other software solutions.
Google AdSense also uses so-called counting pixels. This is a thumbnail image embedded in the website that allows the log file to be recorded and analyzed. This, in turn, serves to allow for statistical evaluation of the flow of visitors to our website. The integrated pixel-code enables Google to recognize whether and at what time the data subject has visited one of our websites and which link the data subject has clicked on.


Google AdSense also uses so-called counting pixels. This is a thumbnail graphic embedded in the web page, which allows the log file to be recorded and analyzed. This, in turn, is used to carry out a statistical evaluation of the flow of visitors to our website. The integrated pixel-code enables Google to recognize whether and at what time the data subject has visited one of our websites and which link the data subject has clicked on.
Google AdSense transfers and processes personal data of the data subject, such as the IP address, to Google, which is necessary for the collection and billing of the displayed advertising. It is possible that personal data may be passed on to third parties.


Further information on Google AdSense may be obtained from https://www.google.de/intl/de/adsense/start/ .


Every user can prevent cookies by changing the browser settings accordingly. The disabling of cookies by third-party providers also prevents you from receiving advertisements from these third parties. The placement of cookies in the context of GoogleAds can also be prevented entirely or partially with the plug-in provided by Google. The link to this is: https://support.google.com/ads/answer/7395996.
You can also modify the placement of cookies by altering the cookie settings. Please note that under certain circumstances and depending on the settings, not all of our functions may be fully usable.


11. GOOGLE REMARKETING (GOOGLE ADS)


We, the data controller, use Google Remarketing, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The remarketing service allows us to display ads that match your interests on other websites within the Google advertising network. For this purpose, your activities and interactions on our website will be analyzed, including, for example, the analysis of your interests relevant to our offers. This enables us to display advertising that is tailored to your interests, even after you have finished visiting our website.
Google stores cookies (see above) on the device you use, which record you as a visitor to the website when you visit certain Google services or websites from the Google network. Placing the cookies ensures only a unique identification of the web browser on the respective terminal device. This does not identify you as a person.
You can find more information on Google’s data protection policy at https://policies.google.com/privacy?hl=de and https://services.google.com/sitestats/de.html.


Every user can prevent the placement of cookies by changing the browser settings accordingly. The disabling of cookies by third-party providers also prevents you from receiving advertisements from these third parties. The placement of cookies though Google Ads can also be prevented entirely or partially with the plug-in provided by Google. The link for this is: https://support.google.com/ads/answer/7395996.
You can also modify the placement of cookies by altering the cookie settings. Please note that under certain circumstances and depending on the settings, not all functions on our website may be fully usable.


12. ANALYTIC SERVICES AND WEBSITE OPTIMIZATION


We, as the data controllers, use analytic services (so-called “reach measurement”) to optimize our website. This serves to evaluate the streams of visitors to our website and to obtain information on user behavior, interests, or information about the user, such as gender or age as pseudonymized data. This enables us to recognize when our offers are claimed, and which contents and functions are used particularly frequently. Based on this evaluation, we can then adapt and optimize our offers accordingly. For this purpose, we can create user profiles and store them in cookies. The contents of the user profiles include information on the contents viewed, the websites visited (including the elements used), as well as technical information (e.g. information on the browser, computer system, time of use and duration of use). If data subjects have consented to the collection of location data, such data may also be processed, depending on the provider used. In addition, the IP addresses of the persons concerned are stored. However, the IP address is shortened so that it is only available in pseudonymized form (“IP masking”). No clear data of the persons concerned are processed within the web analysis (e.g. e-mail, name, address, etc.). Neither we, nor the providers used, can therefore identify the identity of the data subject.
The data processing is based on the consent if this has been obtained in advance. Otherwise, the legal basis is our legitimate interest as an interest in an economical, effective, and user-friendly website. For more details on cookies see above. The purpose of data processing is insofar the measurement of range, tracking, profiling, remarketing, and user-related marketing.
We use the following providers for analysis and website optimization:


Adobe Analytics
Adobe Systems Software Ireland Companies
4-6 Riverwalk, Citywest Business Campus
Dublin 24, Irland


Website: https://www.adobe.com/de/analytics/adobe-analytics.html
Data protection declaration: https://www.adobe.com/de/privacy.html
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active
Opt-Out: https://www.adobe.com/privacy/marketing.html#online-advertising


Jetpack (WordPress)
Automattic Inc.
60 29th Street #343
San Francisco, CA 94110, USA

Website: https://automattic.com
Data protection declaration: https://automattic.com/privacy
Cookie guideline: https://jetpack.com/support/cookies.


13. INSTAGRAM

As the data controller, we use the Instagram service component of our website. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. If data subjects are logged into their Instagram account, they can link the content from our website to their Instagram profile by clicking the Instagram button. This allows Instagram to associate the visit to our website with the relevant user’s account. We would like to point out that we have no knowledge of the content of the transmitted data or how Instagram uses it. For more information, please refer to Instagram’s privacy policy available at: https://help.instagram.com/519522125107875.


14. GOOGLE +1


We use the social media features of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland on our website. When webpages with Google plug-ins are visited, a connection is established between the browser of the data subject and the Google servers. In the process, data is transferred to Google. If the data subject has a Google account, this data can be linked to it. If the data subject does not wish this data to be associated with the Google account, it is necessary to log out of Google before visiting the off-the-path-page. Interactions, particularly the use of a comment function or clicking a “+1” or “share” button, are also passed on to Google. Further information on the collection and data use by Google, as well as the rights of the data subject, can be found at http://www.google.de/intl/de/policies/privacy.


15. YOUTUBE


We, the data controller, use the component of the YouTube service on our website. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube enables publishers to post videos on the internet-based video portal free of charge. In addition, YouTube enables other users to view and rate the videos posted free of charge and to comment on them. Since YouTube enables publication of all types of videos, complete films and TV shows, trailers, music videos, or videos created by the respective users themselves can be accessed.
When users visit a single page on our website where a YouTube component has been embedded, the YouTube component automatically triggers the person’s browser to download a presentation of the YouTube component from YouTube. Users can view detailed information on YouTube at https://www.youtube.com/yt/about/de/.
Through this automated technical process, YouTube and Google gain knowledge of which individual subpage of our website is visited by the data subject. If the user is logged in at YouTube when visiting our website, YouTube will know which specific subpage is being visited by calling up our subpage containing the YouTube component. YouTube and Google collect this information and assign it to the user’s YouTube account accordingly.
Both YouTube and Google are informed via the YouTube component that the user has visited our website if the user is logged in at the same time when he or she visits our website. This happens regardless of whether the user actually clicks on a video or not. If users want to prevent such transmissions to YouTube and Google, they must log out of their YouTube account before visiting our website. YouTube’s privacy policy is available at https://www.google.de/intl/de/policies/privacy/. This website provides information on the collection, processing, and use of personal data by YouTube and Google.


16. PINTEREST


We, the data controller, use the component of the Pinterest service on our website, an offer of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Due to the use of the “Pin it” button, Pinterest receives information that data subjects have visited one of our websites. If data subjects are logged into their Pinterest account at this time, Pinterest is also able to link the visit to the respective Pinterest account. By clicking the “Pin it” button, data is transmitted to Pinterest and stored on servers (in the USA). If persons concerned want to prevent the transmission, they would have to log out of their Pinterest account before clicking the “Pin it” button. For information on how data subjects can protect their privacy and for further details on data collection, processing and use by Pinterest, as well as legal and configuration options, please refer to Pinterest’s Privacy Policy at http://pinterest.com/about/privacy/.


17. PAYMENTS/PAYMENT SERVICE PROVIDER


We, the data controllers, offer data subjects within our business relations, due to legal obligations, or due to our legitimate interest, to make payments quickly and securely. For this purpose, we use the services of banks, credit institutions, and other payment service providers.
The personal data processed within the scope of payment transactions pertains particularly to the category of inventory data (e.g. last name, first name, address, bank data (IBAN, BIC, passwords, TAN, contract data, payment amounts as well as data concerning the recipient, etc.). In addition, the following data or data categories are processed in particular: invoice data and payment histories, contract data (such as subject matter of the contract, duration, etc.), metadata, and communication data (such as IP addresses, data on the device used).
Data processing is necessary to execute and process the payment transaction. However, the personal data collected in this context will only be processed and stored by the selected payment service provider. We do not obtain information on the account, nor do we obtain information on any credit card used. We only obtain information on whether the payment has been made or not.
It may happen that the respective payment service providers forward the personal data to credit agencies for the purpose of checking the identity and creditworthiness of the data subject. In this respect, reference is made to the respective general terms and conditions and data protection provisions of the payment service providers used. Information on the rights of the persons concerned (revocation, information, etc.) can also be viewed here.


We use the following payment service providers on our website:


PayPal
PayPal (Europe) S.à r.l. et Cie, S.C.A
22-24 Boulevard Royal
L-2449 Luxembourg


Telephone: 0800 723 4500
E-mail: impressum@paypal.com
Website: https://www.paypal.com/de/webapps/mpp/home
Data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE


18. DELETION AND BLOCKING


Personal data is processed only for the time required to save the data or as long as relevant legal provisions require it.
After cessation of the storage purpose or after a statutory storage period has expired, we delete or block the personal data in accordance with the statutory provisions.


19. RIGHTS OF DATA SUBJECTS


The data subjects are entitled to the following rights in particular:

Confirmation
Data subjects may request confirmation from us, as the data controller, as to whether we are processing personal data. To exercise this right, the data subject may contact one of our employees at any time.


Information
Any data subject may at any time and free of charge request information from us, the data controller, as to whether, and if so, which personal data we have stored about him or her. A copy of this information must be provided to the data subject. In addition, the data subject may obtain information on (a) the purposes of the processing, (b) the categories of personal data processed, (c) the recipients or categories of recipients to whom personal data have been or will be disclosed, (d) the envisaged duration for which the personal data is stored or, if this is not possible, the criteria for determining this duration, (e) the existence of the right of rectification or deletion or of the right to have the processing limited by the controller or to object to such processing, (f) the existence of a right of appeal to a supervisory authority, and (g) the existence of automated decision making, including profiling, and requiring meaningful information about the logic involved and the scope and intended impact of such processing on the data subject. Where personal data is not directly collected from the data subject, the data subject shall be informed of any available information concerning the origin of the data. In addition, the data subject shall have the right to obtain information as to whether personal data has been transferred to a third country or to an international organization. If the answer is affirmative, the data subject shall be informed of the appropriate guarantees in connection with the transfer. To exercise this right, the data subject may contact one of our employees at any time.


Correction
Any data subject may at any time request us, the data controller, to immediately rectify any inaccurate personal data concerning him or her. In addition, the data subject is entitled, under consideration of processing purposes, to request the completion of incomplete personal data. To exercise this right, the data subject may contact one of our employees at any time.


Deletion/Right to be forgotten
Any data subject may request from us, the data controller, that the personal data relating to him or her be deleted immediately if one of the following reasons applies and insofar as the processing is not necessary.
The processing of personal data is no longer necessary for the original purpose for which it was collected or otherwise processed.
Consent to data processing has been revoked by the data subject and there is no legal basis for legitimacy for data processing.
The data subject has lodged an objection to the data processing in accordance with article 21 paragraph 1 GDPR and there are no overriding legitimate reasons for the data processing.
The data subject has lodged an objection to the data processing in accordance with article 21 paragraph 2 GDPR.
The processing of personal data is unlawful.
The deletion is necessary for legal reasons.
The data collection was carried out in connection with offered services of the information society in the sense of article 8 paragraph 1 GDPR.


If one of these reasons exists and the data subject wishes the deletion of the personal data stored with us, he or she can contact one of our employees at any time to arrange for the deletion.


If the personal data is published and we are obliged to delete personal data as the responsible party pursuant to article 17 paragraph 1 GDPR, we will take appropriate (technical) measures, taking into account the available technology and the costs of implementation, to inform other data controllers who process the published personal data of the data subject about his or her deletion request. These measures include informing the other data controllers that the data subject has requested all links to the personal data or copies, or reproductions thereof be deleted unless the processing is necessary. Our employees will arrange the necessary measures in each individual case.


Limited processing
Any data subject may request us, as the data controller, to restrict the processing of personal data if and to the extent that one of the following conditions applies:
The data subject disputes the accuracy of the personal data for the period of time during which we, as data controller, are able to verify the accuracy.
The data processing is unlawful, and the data subject requests limited processing of personal data instead of deletion.
We, as the controller, no longer need the personal data of the data subject; the data subject, on the other hand, needs the personal data in order to assert, implement and/or defend his or her legal rights.
The data subject has lodged an objection to the data processing in accordance with article 21 paragraph 1 GDPR and it is still unclear whether there are any overriding legitimate reasons for the data processing by us, the data controller.


If one of the above-mentioned conditions is met and if the data subject wishes to limit the processing of the personal data held by us, he or she may contact one of our employees at any time to arrange for the processing to be limited.


Right of data transferability
Any data subject may request us, the data controller, to transfer personal data relating to him or her in a structured, common, and machine-readable format. The data subject may also request that the personal data relating to him or her be transferred to another controller without us preventing this, provided that the data processing is based on consent within the meaning of article 6 paragraph 1 letter a GDPR, article 9 paragraph 2 letter a GDPR or on a contract pursuant to article 6 paragraph 1 letter b GDPR and is carried out with the aid of an automated procedure, unless the data processing is necessary for the performance of a task carried out in the public interest or is carried out in the exercise of official authority vested in us as the controller.
Within the scope of exercising the right of data transferability, the data subject is entitled to have his or her personal data transferred directly from one responsible party to another, provided that this transfer is technically feasible and does not infringe on the rights and freedoms of other persons. To exercise this right, the data subject may contact one of our employees at any time.


Right of objection
Any data subject may at any time lodge an objection to us, the data controller, against the processing of personal data relating to him or her, provided that the data processing is carried out in accordance with article 6 paragraph 1 letter e or f GDPR. This applies equally to profiling based on this provision.
As the data controller, we no longer process the personal data after an objection has been raised, unless there are compelling reasons for processing the data that are worthy of protection and outweigh the interests, rights, and freedoms of the data subject. This equally applies to cases in which the data processing serves the assertion, exercise, or defense of claims.


If we process personal data for the purpose of direct marketing, the data subject may object to this at any time. This also applies to profiling, if and insofar it is related to direct marketing. After an objection has been made to the processing of data for direct marketing purposes, we will no longer process the personal data for these purposes.


The data subject also has the right to object to the processing of personal data relating to him or her that is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with article 89 paragraph 1 GDPR if there are reasons arising from the specific situation of the data subject, unless the data processing is necessary for the performance of a task carried out in the public interest. To exercise this right, the data subject may contact one of our employees at any time. In addition, when using information society services, irrespective of Directive 2002/58/EC, the data subject may exercise his or her right to object by means of an automated procedure involving technical specifications.


Automated individual case decision/profiling
Any data subject may request us, the data controller, to make decisions which produce legal effects vis-à-vis the data subject or significantly affect him or her in a comparable way, not exclusively on the basis of automated processing, including profiling, provided that the decision is (a) not necessary for the conclusion or performance of a contract between the data subject and us, or (b) authorized by relevant legal provisions and those provisions contain adequate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (c) taken with the explicit consent of the data subject. If the decision is necessary for the conclusion or fulfillment of a contract between the data subject and us, as data controller, or if the data subject has expressly consented, we shall take reasonable measures to safeguard the rights and freedoms and the legitimate interests of the data subject. These measures shall include, at a minimum, the right to obtain the intervention of a data controller, to express one’s point of view and to challenge the decision.
To exercise this right, the data subject may contact one of our employees at any time.


Revocation of consent
Every data subject can revoke his or her consent to the processing of personal data at any time. To exercise this right, the data subject may contact one of our employees at any time.


Right of appeal
Affected parties have the right to complain to the relevant supervisory authority at any time.


20. LEGAL BASIS FOR DATA PROCESSING


Our legal basis for data processing is article 6 paragraph 1 letter a GDPR if we obtain the consent of the data subject for a specific processing purpose. In case of data processing for the fulfillment of a contract to which the data subject is a party, the legal basis for processing is article 6 paragraph 1 letter b GDPR. This equally applies to processing operations that are necessary to carry out pre-contractual measures, such as inquiries about our products or services. If we are subject to a legal obligation that requires us to process personal data (e.g. tax obligations), the legal basis for data processing is article 6 paragraph 1 letter c GDPR. In certain situations, data processing may be necessary to protect vital interests of the data subject or of another natural person, for example if injuries occur when visiting our company. In this case, we have to transmit the name, age, health insurance data, or other vital information to a doctor, hospital, or other third party. The legal basis for data processing in such a case is article 6 paragraph 1 letter d GDPR. Data processing may also be based on article 6 paragraph 1 letter f GDPR if none of the above-mentioned legal bases applies and the data processing is necessary to safeguard the legitimate interests of us or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail. In the case of data processing according to article 6 paragraph 1 letter f of the GDPR, our legitimate interest is the execution, exercise, and continuous optimization of our business activities for the benefit of the well-being of all our employees.


21. DURATION OF STORAGE


The duration of storage of personal data depends on the legally specified retention periods. After expiry of the respective period, the corresponding personal data is routinely deleted if it is no longer necessary for the initiation or fulfilment of the contract.


22. PROVISION OF PERSONAL DATA


We hereby inform you that there are certain legal regulations that require the provision of personal data (e.g. tax law) in certain cases or that an obligation to provide personal data may arise from contractual provisions. It may be necessary for the data subject to provide us with personal data to conclude the contract, which we have to process in the course of the contract, as is required, for example for conclusion of the contract. If in such a case personal data is not provided, we would be unable to conclude the contract with the data subject. Before the provision of the personal data by the data subject, the data subject must contact us, and we will inform the him or her in each individual case whether the provision of the personal data is required by law or contract or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and the consequences if the personal data is not provided.


23. OBJECTION TO PROMOTIONAL E-MAILS


We hereby expressly object to the use of the contact data provided in the imprint and on the website for the purpose of sending unsolicited advertising and information material. We reserve the right to take legal action in the event of any infringement of unsolicited advertising and similar material, for example through spam e-mails.


Status: October 2020