As the operator of the www.hitschler.de website and as the body responsible, we take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data-protection provisions as well as this Data Protection Declaration.
I. Name and address of the controller
The controller in the sense of the General Data Protection Regulation (GDPR) and other national data protection legislation of the member states as well as other data protection-law provisions is:
hitschler International GmbH & Co.KG
An der Hasenkaule 10
Tel.: +49 (0) 22 1 – 460 16 0
Fax: +49 (0) 22 1 – 460 16 55
If you have any queries regarding the subject of data protection, you are welcome to contact our data protection officer, quoting the keywords “data protection website”. Please direct your query to email@example.com.
II. General information regarding data processing
1. Scope of the processing of personal data
As a matter of principle, we only process our users’ personal data insofar as this is necessary to provide a functional website as well as the content and services. Processing personal data is usually done only after consent has been granted by the respective user. An exception applies in cases where prior obtaining of consent is not possible for factual reasons and the processing of the data is permitted by statutory provisions.
2. Legal basis for the processing of personal data
Insofar as we obtain consent from the data subject for the processing of personal data, Article 6 paragraph 1 a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data which is necessary in order to perform a contract to which the data subject is a contract party, Article 6 paragraph 1 b of the GDPR serves as the legal basis. This also apples for processing which is necessary for the implementation of pre-contractual measures.
Insofar as processing personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Article 6 paragraph 1 c of the GDPR serves as the legal basis.
In the event that crucial interests of the data subject or of another natural person make it necessary to process personal data, Article 6 paragraph 1 d of the GDPR serves as the legal basis.
If the processing is necessary to safeguard a justified interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the party affected do not outweigh that justified interest, then Article 6 paragraph 1 f of the GDPR serves as the legal basis for the processing.
3. Data deletion and storage duration
The data subject’s personal data is deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can go beyond this if this is provided for by the European or national legislator in Union-law ordinances, laws or other provisions to which the controller is subject. Blocking or deleting the data is also done if a storage period prescribed by the norms named expires, unless there is a necessity for further storage of the data for entry into or performance of a contract.
III. Providing the website and generating log files
1. Description and scope of the data processing
Whenever our website is accessed, automated data and information from the computer accessing it is collected. The following data is collected in this context:
(1) information about the browser type and the version used
(2) the user’s operating system
(3) the user’s Internet service provider
(4) the user’s IP address
(5) date and time of the access
(6) websites from which the user’s system arrives at our website
(7) websites which are accessed by the user’s system via our website
(8) HTTP status code.
The data is also saved in our system's log files. This data is not stored together with other personal data of the user’s.
2. Legal basis for the data processing
The legal basis for the provisional storage of the data and the log files is Article 6 paragraph 1 f of the GDPR.
3. Purpose of the data processing
The provisional storage of the IP address by the system is necessary in order to make it possible to deliver the website to the user's computer. For this purpose, the user’s IP address must be saved for the duration of the session.
Saving is done in log files in order to ensure the functionality of the website. Moreover, we use the data in order to optimise the website and to guarantee the security of our information-technology systems. No evaluation of the data for marketing purposes takes place in this context.
These purposes also include our justified interest in data processing pursuant to Article 6 paragraph 1 f of the GDPR.
4. Duration of the storage
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. In the case of the collection of the data in order to make the website available, this is the situation when the respective session has come to an end.
In the case of storage of the data in log files, this is the situation after a maximum of seven days. Storage going beyond this is possible. In such case, the IP addresses of the users are deleted or transformed so that it is no longer possible to allocate them to the accessing clients.
5. Objection and removal option
Collecting the data in order to make the website available and storing the data in log files are absolutely essential for the operation of the website. As a consequence, it is not possible for the user to object thereto.
IV. Using cookies
1. Description and scope of the data processing
2. Legal basis for the data processing
The legal basis for the processing of personal data using technically-necessary cookies is Article 6 paragraph 1 f of the GDPR.
Insofar as cookies are placed for the analysis of user behaviour, this is done on the basis of consent pursuant to Article 6 paragraph 1 a of the GDPR.
3. Purpose of the data processing
The user data collected by means of technically-necessary cookies is not used to generate user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we ascertain how the website is used and can thus continuously optimise our offer.
4. Duration of the storage, objection and removal option
5. Cookie consent with Borlabs Cookie
Our website uses the cookie-consent technology of Borlabs Cookie in order to obtain your consent to storage of certain cookies in your browser and to document this in a data protection-compliant manner. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter referred to as “Borlabs”).
When you access our website, a Borlabs Cookie is stored in your browser, in which the consents granted by you or the revocations of those consents are saved. This data is not passed on to the provider of Borlabs Cookie.
The data collected is stored until you make a deletion request to us or delete the Borlabs Cookie yourself or the purpose for the data storage ceases to exist. Mandatory statutory storage periods remain unaffected. You can find details about the data processing of Borlabs Cookie at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
V. Contact form and email contact
1. Description and scope of the data processing
Our website has a contact form which can be used for making contact electronically. If a user makes use of this option, then the data entered into the form will be transmitted to us and stored. This data is:
- user’s first and last names
- your email address
- your address
- your telephone number
- any additional personal data supplied by you in the framework of your message.
Moreover, the following data is saved at the point in time when the message is sent:
- user’s IP address
- date and time of the registration.
For the processing of the data in the framework of the dispatch process, your consent is obtained and reference is made to this Data Protection Declaration.
Alternatively, it is possible to make contact via the email address provided. In such case, the user’s personal data transmitted with the email is stored.
The data is not passed on to third parties in this context. The data is exclusively used in order to process the conversation.
2. Legal basis for the data processing
If consent has been granted by the user, the legal basis for the processing of the data is Article 6 paragraph 1 a of the GDPR.
The legal basis for the processing of the data which is transmitted in the course of sending an email is Article 6 paragraph 1 f of the GDPR. If the aim of the email contact is to enter into a contract, then an additional legal basis for the processing is Article 6 paragraph 1 b of the GDPR.
3. Purpose of the data processing
The processing of the personal data from the form serves only for us to process the contact by you. In the case of contact by email, the requisite justified interest in processing the data is also present therein.
The other personal data processed during the dispatch process serves to prevent the contact form from being misused and to guarantee the security of our information-technology systems.
4. Duration of the storage
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. For the personal data in the contact form and the data which is sent by email, this is the case if the respective conversation with the user has come to an end. The conversation is at an end if it can be inferred from the circumstances that the pertinent set of facts has been finally clarified.
The personal data additionally collected during the dispatch process is deleted at the latest after a period of seven days.
5. Objection and removal option
The user has the option at all times to revoke his or her consent to the processing of the personal data. If the user contacts us by email, then s/he can object at any time to the storage of his or her personal data. In such a case, the conversation cannot be continued.
The user can object to the processing of his or her data by email or by mail. All personal data which is saved in the course of making contact is deleted in such case.
VI. Comment function on this website
On our website, we offer a comment function with which you can make blog contributions.
Using this comment function requires a name to be inserted, and you can choose a pseudonym here. The email address also has to be inserted. Giving an email address is necessary in order that we can forward to you any complaints about your comments in the blog and can ask you for a statement in this respect. You cannot use the comment function without providing these details. When publishing your comments, the email address given by you will be saved but not published. For the comment function on this website, in addition to your comments, the name given and the email address, details about the time of the making of the comments and about the IP address are saved.
The legal basis for the processing of the data which is transmitted when using the comment function for blog contributions is Article 6 paragraph 1 a of the GDPR.
Your data will be deleted as soon as it is no longer required to achieve the purpose of its collection. The comments and the data associated therewith will remain on this website until a conversation with you about any complaint is over, the content commented on has been completely deleted, or the comments must be deleted for legal reasons (e.g. insulting comments).
The comments are stored on the basis of your consent (Article 6 paragraph 1 a of the GDPR). You have the ability at all times to revoke your consent to the processing of the personal data. An informal message by email to us is sufficient for this purpose. The revocation does not affect the lawfulness of the data processing already done before the revocation. After a revocation, we will delete your personal data within 7 days.
1. Type and purpose of the processing:
We send newsletters with current information about our products and offers. In this context, personal data is processed. For the processing of the data in the framework of the dispatch process, your consent is obtained and reference is made to this Data Protection Declaration. Collecting the user’s email address serves to deliver the newsletter. Collecting other personal data in the framework of the registration process serves to prevent misuse of the services or of the email address used. Passing on data to other third parties is excluded. The data is used exclusively to send the newsletter.
2. Legal basis:
If consent has been granted by the user, after the user has registered for the newsletter the legal basis for the processing of the data is Article 6 paragraph 1 a of the GDPR.
3. Storage period:
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. The user’s email address will thus be stored as long as the newsletter subscription is active. The other personal data collected in the framework of the registration process will usually be deleted after a period of seven days.
4. Objection and removal option
You can terminate the newsletter subscription at any time. There is a corresponding deregistration link for this purpose in each newsletter. Revocation of the consent to storage of the personal data collected during the registration process is also enabled thereby.
5. Use of MailChimp
This website uses the services of MailChimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which inter alia the sending of newsletters can be organised and analysed. If you enter data for the purpose of subscribing to the newsletter (e.g. email address), this will be stored on MailChimp's servers in the USA.
With MailChimp's help, we are able to analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called “web beacon” connects to MailChimp’s servers in the USA. Thus it can be determined whether a newsletter message has been opened and what, if any, links have been clicked on. In addition, technical information is collected (e.g. access time, IP address, browser type and operating system). This information cannot be allocated to the respective newsletter recipient. It serves exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used in order to adjust future newsletters to recipients' interests better.
If you do not want any analysis by MailChimp, you must deregister for the newsletter. We provide a corresponding link in every newsletter message for this purpose. Moreover, you can deregister for the newsletter directly on the website.
VIII. Passing data on to the USA
Inter alia, tools from companies with their headquarters in the USA are integrated into our website. When these tools are active, your personal data can be passed on to the respective companies’ servers in the USA. We hereby draw your attention to the fact that the USA is not a safe non-EU country in the sense of EU data protection law. US-American companies are obliged to deliver personal data to security authorities without you as the data subject being able to take action against this in court. Accordingly, it cannot be excluded that US-American authorities (e.g. intelligence agencies) process, evaluate and permanently store your data located on US-American servers for surveillance purposes. We have no influence on those processing activities.
IX. Google Analytics
Insofar as you have granted your consent, Google Analytics, a web analysis service of Google LLC. (“Google”), is used on this website. Google Analytics uses so-called “Cookies”, text files which are stored on your computer and which enable an analysis of your usage of the website. The information generated by the cookie about your usage of this website is usually transferred to a Google server in the USA and stored there.
This website uses Google Analytics with the extension “_anonymizeIp()”. As a result thereof, IP addresses are processed further in abbreviated form, which precludes people from being identified. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and the personal data is therefore deleted without delay.
On our behalf, Google will use this information in order to compile reports about the website activities and in order to render further services associated with the website usage and Internet usage to us as the website operator. We use Google Analytics in order to be able to analyse and regularly improve the usage of our website. Via the statistics acquired, we are able to improve our offer and configure it in a more interesting way for you as a user. The IP address transmitted by your browser in the framework of Google Analytics is not conflated with other data by Google.
Google Analytics cookies are stored on the basis of Article 6 paragraph 1 a of the GDPR. Consent is obtained in the framework of asking for your consent to the placement of cookies.
You have several ways of objecting to the collection of your data by Google Analytics and/or the prevention thereof: opt-out cookie: Place an opt-out cookie, which prevents collection of your data when visiting this website in future. Use the following link for this: deactivate Google Analytics. You will find more information about the treatment of user data by Google Analytics in Google's data protection declaration:
You can also prevent your data from being collected by not granting any consent to cookies for marketing purposes in the framework of our cookie-consent process. If you have granted consent, you can revoke this at any time. See section IX below in this respect. Moreover, you can prevent the collection of the data generated by the cookie and related to your usage of the website (including your IP address) to Google, as well as the processing of that data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
We have entered into a contract with Google regarding order data processing and fully implement the strict stipulations issued by the German data-protection authorities in connection with Google Analytics usage.
External provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.
X. Google reCAPTCHA
We use Google reCAPTCHA (hereinafter referred to as “reCAPTCHA”) on our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Using reCAPTCHA is intended to check whether data is being entered onto our website (for example, in a contact form) by a human or by automated software. For this purpose, reCAPTCHA analyses the website visitor’s behaviour on the basis of various characteristics. This analysis begins automatically as soon as the website visitor accesses the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, how long the website visitor spends on the website, or mouse movements made by the user). The data collected in connection with the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data processing takes place on the basis of Article 6 paragraph 1 f of the GDPR. As the website operator, we have a justified interest in the determination of individual responsibility on the Internet and the prevention of misuse and spam.
You can access further information regarding Google reCAPTCHA as well as Google's data protection declaration at the following links: www.google.com/intl/de/policies/privacy/ and www.google.com/recaptcha/intro/android.html.
XI. Google Maps
Our website contains the integrated service "Google Maps" of the provider Google. The processed data may include in particular your IP address and location data, which will not be collected without your consent. This data may also be transferred to the USA. In this respect, Section VIII applies.
XII. Facebook Pixel
To measure conversion rates, this website uses the visitor activity pixel of Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.
This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy. This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.
In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/
You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/
If you do not have a Facebook account, you can deactivate any user based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.
XIII. Facebook fanpage
Pursuant to the case law of the European Court of Justice, we are jointly responsible with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook) in the sense of data protection law for the processing of personal data which is collected when visiting our Facebook page (https://de-de.facebook.com/hitschler.DE/).
When you visit our profile page, Facebook automatically collects personal data from you as a visitor to the page, without us being able to influence this. You will find further information regarding the collection of data by Facebook in Facebook’s data protection declaration at https://www.facebook.com/privacy/explanation.
- https://www.facebook.com/settings?tab=ads (log-in necessary)
Facebook provides us with various anonymised statistics about the visitors to our profile page, in the framework of the so-called Page Insights. We have no influence on the generation of that information. In particular we are unable to stop the collection and processing by Facebook. We are provided with the following anonymised data by Facebook with regard to our profile page for a selectable period as well as for each of the categories of fans, subscribers, people reached and interacting people:
total number of page accesses, “like me” details, page activities, post interactions, scope, video views, post scope, comments, shared content, replies, proportion of men and women, origin related to country and city, language, accesses and clicks in the shop, clicks on route planner, clicks on telephone numbers. You can obtain more information about Page Insights on Facebook’s corresponding website at
We use that information in order to make our profile page and the content therein more attractive to visitors to our profile page. This also constitutes our justified interest in the sense of our legal basis for this processing pursuant to Article 6 paragraph 1, sentence 1 f) of the GDPR.
The reciprocal obligations with regard to joint responsibility are set out in the Page Insights addendum with regard to the controller at https://www.facebook.com/legal/terms/page_controller_addendum. Therein, Facebook assumes primary responsibility in the sense of the GDPR for the processing of Insights data and declares fulfilment of all of the obligations arising out of the GDPR with regard to the processing of Insights data (inter alia Articles 12 and 13 of the GDPR, Articles 15 to 22 of the GDPR, and Articles 32 to 34 of the GDPR). Only Facebook can make and implement decisions with regard to the processing of Insights data. Because Facebook makes decisions solely in its discretion as to how its obligations arising out of this agreement are fulfilled, we have no influence on the fulfilment of the data protection-law obligations by Facebook. If we receive queries in connection with the Insights data, we are obliged to forward all relevant information to Facebook.
XIV. Instagram fanpage
Pursuant to the case law of the European Court of Justice, we are jointly responsible with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook) in the sense of data protection law for the processing of personal data which is collected by Facebook when our Instagram fanpage is visited.
When you visit our Instagram fanpage, Facebook automatically collects personal data from you as a visitor to the respective fanpage, without us being able to influence this. You will find further information regarding the collection of data by Facebook in Instagram’s data protection declaration.
- https://www.facebook.com/settings?tab=ads (log-in necessary)
In the event that Facebook passes personal data on to its parent company, Facebook Inc., Menlo Park, California, U.S.A., (Facebook Inc.), Facebook Inc. is certified pursuant to the EU-US Privacy Shield and makes the commitment thereby to complying with European data protection standards.
- You can obtain more information about the Privacy Shield from https://www.privacyshield.gov.
- You can obtain information about the status of Facebook’s certification from https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Facebook provides us with various anonymised statistics about the visitors to our Instagram fanpage, in the framework of the so-called Page Insights. We have no influence on the generation of that information. In particular we are unable to stop the collection and processing by Facebook. We are provided with the following information by Facebook in the form of anonymised data with regard to the respective fanpage for a selectable period:
- Activity: In this area, insights are provided regarding our profiles, including interactions (such as profile visits and website clicks) as well as regarding the subject of discovery (how many people have seen our content and where did they find this).
- Content: We are given insights into posts, stories and promotions.
- Public: Here we find out more about our subscribers and our public.
You can find more information at https://help.instagram.com/788388387972460?helpref=faq_content.
We use that information in order to make our fanpages and the content therein more attractive to visitors to our fanpages. This also constitutes our justified interest in the sense of our legal basis for this processing pursuant to Article 6 paragraph 1, sentence 1 f) of the GDPR.
We endeavour to enter into an agreement with Facebook also concerning the Instagram service with regard to joint responsibility. So far, Facebook has not yet responded with regard to the Instagram service. It remains the case, however, that only Facebook can make and implement decisions with regard to the processing of Insights data. We have no influence on this whatsoever. If we receive queries in connection with the Insights data, we will forward them directly to Facebook.
XV. Facebook and Instagram social-media plug-ins
So-called social plug-ins for Facebook and Instagram social media are used on our website, which enable content to be shared and liked. You can usually recognise these plug-ins on the basis of the respective social-media logos.
We use the Shariff solution on our website in order to protect your privacy. With Shariff, the connection between you and the social network’s server is only generated if you actually click the respective button of the social network. Then your browser establishes a direct connection to the respective social network, and the social network receives at least the information that you have accessed the corresponding page of our online offer, and when, plus your IP address, and details about the browser used, the operating system and the language settings. Activating the plug-in constitutes consent in the sense of Article 6, paragraph 1 a of the GDPR. You can revoke this declaration of consent at any time, with effect for the future.
If you do not want the social network to collect data about you through this online offer, you must not click the button. If you are logged into the social network, the social network can also allocate the information after the activation of the button directly to your account with the social network.
You will find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/?locale=de_DE. You will find more details about Facebook's data processing and about configuration options to protect your privacy at http://www.facebook.com/about/privacy/. For Instagram, you will find this information at https://instagram.com/about/legal/privacy/.
XVI. Usage of YouTube plug-ins
1. About the plug-in:
We use YouTube to embed videos. YouTube is operated by YouTube LLC with its headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., with its headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The YouTube plug-in used on our website in this context is only activated if you click on the “activate YouTube now” button and thus consent to the use of YouTube. Upon your consent being granted, a connection to the YouTube servers is created and the plug-in shown. By doing so, it is transmitted to the YouTube servers which of our website pages you have visited. If you are logged in as a member of YouTube, YouTube allocates that information to your personal user account. When using the plug-in, e.g. by clicking on the “start” button of a video, this information is also allocated to your user account. You can prevent this allocation by logging out of your YouTube user account and out of other user accounts associated with YouTube LLC and Google Inc. and deleting the corresponding companies’ cookies before you use our website.
Please see YouTube’s data protection information at www.google.de/intl/de/policies/privacy/ for the purpose and scope of the data collection and the further processing and usage of the data by YouTube as well as your rights and configuration options in this respect with regard to the protection of your privacy.
2. Permission cookie:
The legal basis for the processing of personal data using cookies is Article 6 paragraph 1 a of the GDPR.
Analysis cookies are used for the purpose of improving the quality of our website and its contents, as well as to increase user-friendliness.
In order to lease our Candybar, we use the booking system of bookingkit GmbH, Sonnenallee 233, 12059 Berlin (“bookingkit”). If you enter a booking on our website, you declare that you are in agreement with the storage and processing of your personal data by bookingkit.
Your personal data is forwarded to bookingkit and processed. The purpose of this storage and processing of data is to assist with and process your orders, your authentication, execution of the payment transaction, and improvement of bookingkit’s services. You will find more details about usage conditions and data protection and the possible instructing of third parties with the data processing by bookingkit at https://bookingkit.net/de/datenschutzerklaerung/.
If you lodge a job application with us electronically, i.e. by email or via our website form, then we collect and process your personal data for the purpose of executing the application process and for the implementation of pre-contractual measures. We use a specialised software provider for the execution of the application process. The job applicant portal is run by Personio GmbH, Rundfunkplatz 4, 80335 Munich, with which we have entered into a contract regarding order data processing.
By sending a job application to our recruiting website, you announce your interest in wanting to be employed by us. In that context, you transmit personal data to us which we exclusively use and store for the purpose of your job search/job application. The following data in particular is collected in this context: first and last names, email address, telephone number, LinkedIn profile.
In addition, you have the option of uploading documents such as a cover letter, your curriculum vitae and references. These may contain further personal information, such as date of birth, address, etc.
Only authorised employees from the personnel department and/or employees involved in the application process have access to your data.
The personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.
Your data is stored for a period of 6 months after the end of the application process. This is usually done to fulfil legal obligations and/or to defend against any claims arising out of statutory provisions. Subsequently we are obliged to delete or anonymise your data. In such case, the data is only then available to us as so-called metadata, without direct personal reference, for statistical evaluations.
XIX. Links to other websites
Our website can contain links to third-party websites. If you follow a link to one of these websites, please note that we cannot assume any liability or give any guarantee regarding third-party content or data protection conditions. Please inform yourself about the respectively-applicable data protection conditions before you transmit personal data to these websites.
XX. Data security
Unfortunately, transferring information via the Internet is not completely secure, which is why we cannot guarantee the security of the data transmitted via the Internet to and via our website. However, we secure our website and other systems in the best possible manner through technical and organisational measures against loss, destruction, access, modification or dissemination of your data by unauthorised parties.
We take precautionary measures in order to guarantee the security of your personal data. Your data is conscientiously protected against loss, destruction, falsification, manipulation and unauthorised access or unauthorised disclosure.
XXI. Rights of the data subject
If personal data of yours is processed, you are a data subject in the sense of the GDPR, and you are entitled to the following rights in relation to the controller:
1. Information right
You can request a confirmation from the controller as to whether personal data pertaining to you is being processed by us. If such processing is taking place, you can request details from the controller about the following information:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data which are processed;
(3) the recipients and/or the categories of recipients to whom the personal data pertaining to you has been disclosed or will be disclosed;
(4) the planned duration of the storage of the personal data pertaining to you or, if no specific details are possible in this respect, criteria for the determination of the storage period;
(5) the existence of a right to correction or deletion of the personal data pertaining to you, a right to limit the processing by the controller or a right to object to this processing;
(6) the existence of a right to complain to a supervisory authority;
(7) all available information concerning the origin of the data, if the personal data is not collected from the data subject.
You are entitled to the right to request information about whether the personal data pertaining to you will be transmitted to a non-EU state or to an international organisation. In this context, you can request to be informed about the suitable guarantees pursuant to Article 46 of the GDPR in connection with the transmission.
2. Right to correction
You have a right to correction and/or completion against the controller insofar as the processed personal data pertaining to you is incorrect or incomplete. The controller is obliged to make the correction without undue delay.
3. Right to restrict processing
Subject to the following prerequisites, you can request restriction of the processing of the personal data pertaining to you:
(1) if you dispute the correctness of the personal data pertaining to you for a period which enables the controller to check the correctness of the personal data;
(2) if the processing is unlawful and you refuse deletion of the personal data and instead request restriction of the usage of the personal data;
(3) the controller no longer requires the personal data for the purposes of the processing but you require it for the assertion, exercise or defence of legal claims; or
(4) if you have filed an objection to the processing pursuant to Article 21 paragraph 1 of the GDPR and it is not yet certain whether the controller’s justified reasons outweigh your reasons.
If the processing of the personal data pertaining to you is restricted, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the right of another natural person or legal entity or for reasons of an important public interest of the Union or a member state.
If the restriction of the processing has been restricted pursuant to the abovementioned prerequisites, you will be informed by the controller before the restriction is lifted.
4. Right to deletion
a) Deletion obligation
You can ask us to delete the personal data pertaining to you without undue delay, and we are obliged to delete that data without undue delay, if one of the following reasons applies:
(1) The personal data pertaining to you is no longer necessary for the purposes for which it was collected or processed in another way.
(2) You revoke your consent on which the processing pursuant to Article 6 paragraph 1 a or Article 9 paragraph 2 a of the GDPR was based and there is a lack of another legal basis for the processing.
(3) You file an objection to the processing pursuant to Article 21 paragraph 1 of the GDPR and there are no overriding justified reasons for the processing, or you file an objection to the processing pursuant to Article 21 paragraph 2 of the GDPR.
(4) The personal data pertaining to you has been processed unlawfully.
(5) The deletion of the personal data pertaining to you is necessary in order to fulfil a legal obligation pursuant to the law of the Union or the member state(s) to which the controller is subject.
(6) The personal data pertaining to you was collected in connection with services offered by the information company pursuant to Article 8 paragraph 1 of the GDPR.
b) Information to third parties
If we have made public the personal data pertaining to you and if we are obliged pursuant to Article 17 paragraph 1 of the GDPR to delete that data, then taking consideration of the available technology and the implementation costs we take appropriate measures, including of a technical nature, to inform parties responsible for the data processing who process the personal data that you as a person affected have requested from them the deletion of all links to that personal data or of copies or reproductions of that personal data.
The right to deletion does not exist insofar as the processing is necessary
(1) to exercise the right to free expression of opinion and information;
(2) to fulfil a legal obligation which requires processing pursuant to the law of the Union or the member states to which the controller is subject, or to perform a task which is in the public interest or in exercise of public authority which has been transferred to the controller;
(3) for reasons of the public interest in the area of public health pursuant to Article 9 paragraph 2 h and i as well as Article 9 paragraph 3 of the GDPR;
(4) for archive purposes in the public interest, scientific or historic research purposes, or for statistical purposes pursuant to Article 89 paragraph 1 of the GDPR, insofar as the right named in a) probably makes realisation of the aims of this processing impossible or seriously detrimentally impacts thereon; or
(5) for the assertion, exercise or defence of legal claims.
5. Right to information
If you have asserted the right to correction, deletion or limitation of the processing, we are obliged to notify all of the recipients to whom the personal data pertaining to you has been disclosed about that correction or deletion of the data or limitation of the processing, unless this transpires to be impossible or is associated with disproportionate expenditure.
You are entitled to the right against the controller to be informed about those recipients.
6. Right to data transferability
You have the right to receive in a structured, common and machine-readable format the personal data pertaining to you which you have provided to us. In addition, you have the right to transmit this data to another controller without impediment by the controller to whom the personal data has been provided, insofar as
(1) the processing is based on a consent pursuant to Article 6 paragraph 1 a of the GDPR or Article 9 paragraph 2 a of the GDPR or on a contract pursuant to Article 6 paragraph 1 b of the GDPR, and
(2) the processing is done with the assistance of automated processes.
In exercise of this right, you also have the right to procure that the personal data pertaining to you is transmitted directly by one controller to another controller insofar as this is technically feasible. No freedoms or rights of other parties may be detrimentally affected thereby.
The right to data transferability does not apply for processing of personal data which is necessary in order to carry out a task which is in the public interest or in exercise of official authority which has been transferred to the controller.
7. Objection right
You have the right for reasons which arise from your special situation to file an objection at any time to the processing of the personal data pertaining to you which is done on the basis of Article 6 paragraph 1 e or f of the GDPR.
We no longer process the personal data pertaining to you, unless we can prove mandatory protection-worthy reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves in the assertion, exercise or defence of legal claims.
If the personal data pertaining to you is processed in order to execute direct advertising, then you have the right to file an objection at any time to the processing of the personal data pertaining to you for the purposes of such advertising.
If you object to the processing for the purposes of direct advertising, then the personal data pertaining to you will no longer be processed for those purposes.
You have the option of exercising your objection right in connection with the usage of services by the information company – irrespective of Directive 2002/58/EC – by means of automated processes where technical specifications are used.
8. Right to revocation of the data protection-law consent declaration
You have the right to revoke your data protection-law consent declaration at any time. The revocation does not affect the lawfulness of the processing which took place on the basis of the consent until the revocation. To revoke a consent or to make an objection, a simple message is sufficient by email to us at: firstname.lastname@example.org.
9. Right to complain to a supervisory authority
Irrespective of contrary administrative-law or judicial legal remedies, you are entitled to the right to complain to a supervisory authority, particularly in the member state of your place of residence, your workplace or the location of the alleged breach, if you are of the view that the processing of the personal data pertaining to you breaches the GDPR.
The supervisory authority to which the complaint is submitted will inform the complainant about the status and the outcome of the complaint, including the possibility of a judicial legal remedy pursuant to Article 78 of the GDPR.
XXII. Changes to the data protection provisions
We reserve the right to adjust this Data Protection Declaration at any time with effect for the future, in order that it always conforms to the current legal requirements or in order to incorporate changes to our services in the Data Protection Declaration, e.g. if we introduce new services. For this reason, please look again at the Data Protection Declaration during your next visit.