We appreciate your interest in our company. We take the protection of your personal data very seriously and so would like to inform you about the processing of your data as comprehensively as possible.
1. Definition of terms
a) Personal data
Personal data is all information relating to an identified or identifiable natural person (hereinafter called “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person, whose personal data is processed by a data controller responsible for the processing.
Processing is any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
d) Restriction of processing
Restriction of processing is marking stored personal data with the aim with the aim of limiting its processing in future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of processing are determined by European Union law or the law of the Member States, the controller or the specific criteria for its nomination may be designated by European Union law or the law of the Member State.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or any other body to whom personal data is disclosed, irrespective of whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
The data subject’s consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and contact information of controller
WORKSHOP 60, 3/F, BLOCK A,
EAST SUN INDUSTRIAL CENTRE NO.
16 SHING YIP STREET KL
Phone: +1 (912) 454-2850
Contact information of data protection officer:
The Bohemianclothing data protection officer can be contacted as follows:
EAST SUN INDUSTRIAL CENTRE NO.
16 SHING YIP STREET KL
Phone: +1 (912) 454-2850
3. Extent and purpose of processing of personal data
3.1 Accessing the website
When you access this website: aurawigs.com, the internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file. Until the automatic erasure, the following data is stored without further input by the visitor:
– IP address of the visitor’s device,
– Date and time of visitor access,
– Name and URL of the page accessed by the visitor,
– Website from which the visitor arrived at the website (so-called referrer URL),
– Browser and operating system of the visitor’s device, as well as the name of the access provider used by the visitor.
The processing of such personal data is in accordance with Art. 6 (1), sentence 1 lit f) of the GDPR. The company has a legitimate interest in the data processing for the purpose of:
– Rapidly connecting to the website of the company,
– Enabling user-friendly use of the website,
– Identifying and ensuring the security and stability of the systems and
– Facilitating and improving the administration of the website.
3.2 Data collection during registration and payment processing
For the purposes of registration and payment processing, data such as the object of purchase, shopping basket, name, date of birth, address, email address, delivery address, payment type and bank data is collected and processed by us, insofar as the processing is necessary for the performance of the contract or if the customer has consented to the processing. The legal basis for processing of personal data is Art. 6 (1), Sentence 1, lits a) and b) GDPR.
Where desired by the customer, a customer account may be created for future orders (registration). In this process, the customer data is also retained for use for future orders in our online shop, so that the customer is not required to enter it again. Registration additionally requires a username and password (access data) to ensure that the customer can only log into his/her own customer account. We may process the customer’s data provided upon registration under point (b) of Art. 6(1) GDPR, where this is necessary for the establishment or performance of a contract. Other than that, we may also process the data under point (f) of Art. 6(1) GDPR, since we want to simplify future orders of the customer. The customer account may be deleted at any time.
To do so, we are authorised, based on the customer’s consent as per point (a) of Art. 6(1) GDPR, to save goods and products added by the customer to the shopping cart. We retain and use this data to remind the customer by e-mail of his/her product selection where a purchase process has not been completed. This is in the customer’s interest, since there may be circumstances when the product is available in the selected size only in limited quantities.
Moreover, we are authorised as per section 7 (3) UWG (German Act against Unfair Competition) to use the e-mail address indicated by the customer upon purchase for direct marketing for similar own goods. If the customer does not want to receive such direct marketing any longer, he/she may withdraw his/consent to the use at any time without incurring any transmission costs other than under the basic rates. The withdrawal may be declared directly via the link indicated in the advertising e-mail or by e-mail to www.bohemianclothing.shop.
3.3 Contact form
Visitors can submit messages to the company via an online contact form on the website. In order to be able to receive an answer, at least a valid email address is required. All other information can be voluntarily provided to the person making the request. By sending the message via the contact form, the visitor agrees to the processing of the transmitted personal data. The data is processed exclusively for the purpose of processing and responding to requests via the contact form. This will be done on the basis of the voluntarily granted consent pursuant to Art. 6(1), sentence 1, lit a) GDPR. The personal data collected for the use of the contact form is automatically deleted once the request has been completed and there are no grounds for further storage.
We offer our newsletter to persons with a minimum age of 16. If he/she subscribes to the newsletter, the visitor expressly agrees to the processing of the personal data provided. We use the so-called double opt-in procedure for the subscription to our newsletter. This means that after your registration, we will send an e-mail to the specified e-mail address in which we ask you to confirm that you want to receive the newsletter. Furthermore, we will always store the IP addresses used and the time of the registration and confirmation. This serves as a means of proof of your subscription and, if applicable, to solve any potential misuse of your personal data.
Mandatory information for sending the newsletter is your e-mail address. More, separately marked data can be specified voluntarily and will only be used to address you personally. If you have consented to the receipt of our newsletter, which is adjusted to your individual interests, we particularly process your e-mail address and your name for the purpose of sending the newsletter.
With your consent, we will record your user behaviour on our website. This evaluation of user behaviour includes in particular, which areas of the applicable website you visit, and what links you activate there. This creates personalised user profiles assigned to your person and/or email address, to better align any potential advertising campaigns, particularly in the form of newsletters and on-site advertisements, with your personal interests, and to improve the web content.
The legal basis for processing the personal data of the visitor for the purpose of sending newsletters is consent pursuant to Art. 6(1), sentence 1, lit a) GDPR.
The visitor can unsubscribe from the newsletter at any time This can be done by using a special link at the end of the newsletter or by a relevant e-mail message to www.bohemianclothing.shop (without costs other than the transmission costs according to the base rates).
We use the service of Emarsys eMarketing Systems AG, Märzstrasse 1, A-1150 Vienna for processing the newsletter. For this purpose, your e-mail address is transmitted to Emarsys. We use the Emarsys Predict analysis tool for the composition of our individual e-mail newsletter, which evaluates both your use of the newsletter and your use of our website. In order to record your usage behaviour on our website, cookies are used to recognise your browser. Your movements on our website can thus be traced, and the success of specific marketing measures can be recorded and measured. Moreover, our newsletters may contain hyperlinks (“links”) that include random, but distinct identification numbers. These identification numbers can be collected and stored when these links are accessed by your computer. We also use the information on such access to trace the use of the newsletter and our website and to measure the success of specific marketing measures. We can thus adjust our offers to your individual requirements and interests.
Emarsys can use the recipients’ data in a pseudonymous form, i.e. without allocation to a user, for optimising or improving its own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletter, or for statistical purposes. However, Emarsys is not permitted to use the data to contact you itself or to pass on the data to third parties.
The legal basis for the processing of data after subscription to the newsletter by the user is your consent according to point (a) of Article 6(1) GDPR.
You can revoke your consent for the newsletter at any time as described above.
4. Contacts and customers under 16
Our website and our service is addressed to persons who have completed the 16th year of age. Persons who have not yet completed the 16th year of age are not permitted to use our services.
5. Tranfer of data
Personal data will be transferred to a third party, if pursuant to Art. 6(1), sentence 1, lit a) GDPR it has been expressly consented to by the data subject, the transfer pursuant to Art. 6(1) sentence 1, lit f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to believe that the data subject has an overriding legitimate interest in non-disclosure of their data, for the transmission of data pursuant to Art. 6(1) sentence 1 lit c) GDPR, there is a legal obligation, and/or pursuant to Art. 6(1), sentence 1, lit b) GDPR, this is required for the fulfillment of a contractual relationship with the data subject. In other cases, personal data will not be passed on to third parties.
5.1 Payment service providers
We use payment service providers Shopfly Payments to execute purchase contracts. The personal data that is transferred during a payment generally includes first and family names, your address, telephone number, IP address, email address and other information that is required for the processing of your order, including the quantity of the ordered article, the article number, the invoice amount and invoice details.
Storing this data is required for the execution of the purchase contract in accordance with Art. 6 paragraph 1b GDPR.
5.2 Shipping companies
Our offered products are delivered to you with the assistance of shipping companies (DHL and Fed Ex). For this purpose, the shipping companies receive the following data:
Your email address (if the shipping service provider should inform you in advance of the expected delivery date).
Delivery is executed by the following service providers:
Storing this data is required for the execution of the purchase contract in accordance with Art. 6 paragraph 1b GDPR.
5.3 Cloud and storage services
We use cloud and storage services of third-party providers to store and retain your data. This means that we send or otherwise disclose your data to third parties who can be anywhere in the world, including in the USA, for the purpose of storing such data on our behalf or for other processing purposes. Such facilities may be
– Amazon Web Services (Privacy Policies: https://aws.amazon.com/de/privacy/?nc1=h_ls)
– Tableau (Privacy Policies: https://www.tableau.com/de-de/privacy).
They are all certified under the Privacy Shield, i.e. the companies have submitted to the Privacy Shield agreement concluded between the European Union and the USA and received the relevant certification. They thus undertake to comply with the standards and provisions of the European data protection law (further information: https://www.privacyshield.gov/welcome).
So-called cookies are used on the website. These are data packets exchanged between the SNKS Store GmbH server and the visitor’s browser. These are stored when you visit the website by the devices used (PC, notebook, tablet, smartphone, etc.). Cookies cannot damage the devices used. In particular, they contain no viruses or other malicious software. Cookies store information which is related to the specific terminal used. SNKS Store GmbH cannot use them to obtain direct knowledge of the identity of the visitor to the website.
Cookies are largely accepted by default browser settings. The browser settings can be configured so that cookies are not accepted, either on the equipment used, or with specific notice being given before a new cookie is created. It is however important to note that disabling cookies may affect the optimum functionality of the website. Cookies help to make it easier to use the company website. Session cookies, for example, can be used to keep track of whether the visitor has already visited individual pages of the website.
Session cookies are automatically deleted when you leave the website. Temporary cookies are used to enhance user-friendliness. They are stored on the visitor’s device for a temporary period. When you visit the website again, it automatically detects that the visitor already accessed the site at an earlier point in time and which inputs and settings were made so as not to have to repeat these.
Cookies are also used to analyse the number of times the website was accessed for statistical purposes and for the purpose of improving the content. When you next visit the website, cookies make it possible to automatically detect that the web page was previously accessed by the visitor. We use both temporary and permanent cookies on our website.
Cookies of third-party providers are used on the website that enable us to improve the quality of our offers to you during the use of our website. These cookies can collect your IP address and non-personal data of your visit. This is done anonymously and does not include your name, address, e-mail address or other personal data. These cookies are used in addition to receive anonymous statistical information on the use of the website. These cookies are deleted after one year.
6.1 Cookie Consent with Cookie First
By clicking on our cookie banner the following information will be shared with Cookie First:
• Your consent status or the withdrawal of consent
• Your anonymised IP address
• Information about your Browser
• Information about your Device
• The date and time you have visited our website
7. Analysis services for websites and social plugins
7.1 Social Media
Analysis services and social plug-ins of various providers are used on our website. These allow you, in particular, to share contents of the website with your network contacts. As a result of the integration, network providers receive information that the corresponding web page of our website was accessed from your IP address. If you are logged in to the network, the network provider may also associate your visit to our website with your network account. Our analysis services work exclusively with pseudonymised user profiles, which do not make it possible to identify the data subject.
The legal basis for the use of the analysis tools and social plugins is Art. 6(1), sentence 1, lit f) GDPR. The website analysis is in the legitimate interest of our company and is used for statistical recording of the site usage to continuously improve our website and range of services.
We additionally use the plug-in of the social network Pinterest (Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA) to send you advertisements that are, as far as possible, tailored to your requirements and interests. If you access a page which contains such a plug-in, your browser directly establishes a connection to Pinterest’s servers. The plug-in transmits log data to Pinterest’s server in the USA. Such log data may include your IP address, the address of the visited websites which also include Pinterest functions, browser type and settings, date and time of the request, your way of using Pinterest as well as cookies.
The legal basis is point (f) of Article 6(1) GDPR.
7.3 Use of Google Analytics and Google Tag Manager
operating system used;
referrer URL (the website visited before);
host name of the accessing computer (IP address);
time of server request;
is usually transmitted to a server of Google in the USA and stored there. In the event of the activation of the IP anonymisation on this website, your IP address will be shortened beforehand by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on the website activities and to provide other services relating to the use of the website and the Internet to the website operator.
7.3.2 The IP address transmitted by your browser within the framework of Google Analytics will not be amalgamated with any other data of Google.
7.3.3 You can prevent the storage of such cookies by changing the settings of your browser software accordingly; however, we would like to draw your attention to the fact that, in this case, you might not be able to use all functions of this website to the fullest extent. In addition, you can prevent the collection of the data created by the cookie and related to your use of the website (incl. your IP address) as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
7.3.4 This website uses Google Analytics with the “_anonymizeIp()” extension. In this way, IP addresses will be further processed in a shortened form, making it thus impossible to link it to a particular individual. Insofar as the data collected about you is personal, it will be immediately excluded, and the personal data will be deleted immediately.
7.3.5 We use Google Analytics to analyse and make regular improvements to the use of our website. With the statistics that we obtain, we can improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data are transferred to the USA, Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is point (f) of Article 6(1) GDPR.
7.3.6 Information of the third-party provider:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Overview of Data Protection: http://www.google.com/intl/de/analytics/learn/privacy.html
7.3.7 This website uses Google Analytics additionally for an overall device analysis of visitors, which is carried out via a user ID. You can deactivate the overall device analysis in your customer account under “my data”, “personal data”.
7.3.8 Use of the Google Tag Manager: Google Tag Manager is a solution by means of which marketers can manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect personal data. The tool triggers the implementation of other tags that may collect data on their part. Google Tag Manager does not access these data. In case of deactivation on domain or cookie level, it remains in effect for all tracking tags that are implemented using Google Tag Manager. http://www.google.de/tagmanager/use-policy.html
7.4 Use of Google Shopping Reviews
We use “Google Shopping Reviews” on our website, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland. Google Shopping Reviews stores and processes data on your user behaviour on our website. For this purpose, Google Shopping Reviews uses e.g. cookies, small text files that are stored locally in the cache of your terminal device’s web browser and that enable the analysis of your use of our website.
We use Google Shopping Reviews for marketing and optimisation purposes, particularly for analysing the use of our website and to be able to continuously improve individual functions and offers as well as the usage experience. Through the statistical evaluation of the user behaviour, we can improve our offering and make it more interesting for you as a user. Herein also lies our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is point (f) of Article 6(1) GDPR.
You can prevent the installation of cookies by deleting existing cookies and disabling the storage of cookies in the settings of your web browser. Please note that you may not be able to fully use all functions of our website in this case. You can also prevent the collection of the aforementioned data by Google by setting an opt-out cookie on one of the following linked websites:
You can find further data protection information on the following website: https://www.google.com/intl/de/policies/
7.5 Use of Google Adwords
We use on our website “Google Adwords”, a service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google AdWords is a service for Internet advertising that enables us as advertisers to place ads both in the search engine results of Google and in the Google advertising network.
If you access our website via a Google ad, a conversion cookie is set by Google on your terminal device (it is no longer valid after 30 days and is not used for identifying the data subject). Through the conversion cookie, both we and Google can track whether you accessed our website via an AdWords ad and performed or interrupted a purchase there.
The legal basis is point (f) of Article 6(1) GDPR.
You can prevent the setting of cookies at any time by means of a corresponding setting of the used web browser and thus permanently object to the setting of cookies (see description above). You can delete any cookie already set by Google AdWords at any time via your web browser or other software programs. In addition, you can object to Google’s interest-related advertising by clicking on the link https://adssettings.google.de/authenticated and make the desired settings.
Further information on Google’s data protection provisions: https://www.google.de/intl/de/policies/privacy/
7.6. Use of Google reCAPTCHA
We use Google reCAPTCHA on our websites to detect abusive traffic (through machine and automated processing) on the website. This service is provided by Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics, such as: the IP address and, if applicable, other data required by Google for the service to be forwarded to Google. The legal basis of the data processing is Art. 6 (1) (f) GDPR and our legitimate interest in the prevention of misuse and spam.
The use of the reCAPTCHA service may also result in the transfer of personal information to the servers of Google LLC. in the USA. For this transfer case, Google LLC. certified under the US-European Privacy Shield, which ensures compliance with the level of data protection in the EU (Certificate: https://www.privacyshield.gov/list).
7.7 Use of Facebook Connect and Facebook Custom Audience
7.7.1 Facebook Connect
We use “Facebook Connect”, a service of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA. Instead of using the registration screen of our website, you can enter your login data for Facebook. A direct connection to the Facebook server is established, and you are forwarded to the Facebook page for registration. With the registration via your Facebook account, your user account is linked to our service.
We use Facebook Connect to facilitate and shorten your registration and login process. The legal basis is point (f) of Article 6(1) GDPR.
Further data protection information: https://www.facebook.com/about/privacy
7.7.2 Facebook Custom Audiences
We use “Facebook Custom Audiences”, a remarketing tool of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA. Facebook Custom Audiences enables us to have displayed to visitors of our website during a visit of the social network Facebook or during the visit of other websites that also use Facebook Custom Audiences interest-related advertisements, so-called “Facebook Ads”. By using “Facebook Custom Audiences”, your web browser automatically establishes a direct connection to the Facebook server. We do not have any influence on the extent and the further use of data that are collected by Facebook through the use of Facebook Custom Audiences. To our knowledge, Facebook is informed that you have accessed the corresponding part of our website or clicked on one of our ads. If you have a Facebook user account and if you are registered, Facebook can allocate the visit to your user account. Even if you are not registered with Facebook and/or have not logged in, it is possible that Facebook finds out and stores your IP address and possibly other identifiers.
We use Facebook Custom Audiences for marketing and optimisation purposes, particularly to place ads that are relevant and interesting for you and to thus improve our offer and make it more interesting for you as a user. The legal basis is point (f) of Article 6(1) GDPR.
Logged-in users can deactivate Facebook Custom Audiences at https://www.facebook.com/settings/?tab=ads#_. Please note that this setting will be deleted if you delete your cookies. Furthermore, you can deactivate cookies serving range measurement and advertising purposes via the following websites:
Please note that this setting will be deleted as well if you delete your cookies.
Further data protection information: https://www.facebook.com/about/privacy
7.8 Use of Double Click
We use “DoubleClick”, an online marketing tool of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland. DoubleClick uses, amongst others, cookies, small text files that are locally stored in the cache of your terminal device’s web browser. Google records via a cookie ID what ads are placed in what web browser. This can prevent that ads are displayed several times. In addition, by means of the cookie IDs, DoubleClick can record so-called conversions, which are related to ad requests. This is the case if e.g. you see a DoubleClick ad and later access the advertiser’s website with the same web browser and purchase something. According to information provided by Google, the aforementioned cookies do not contain any personal data. By using DoubleClick, your browser automatically establishes a direct connection to the Google server. We do not have any influence on the extent and the further use of data that are collected by Google through the use of DoubleClick. To our knowledge, Google is informed that you have accessed the corresponding part of our website or clicked on one of our ads. If you have a Google user account and if you are registered, Google can allocate the visit to your user account. Even if you are not registered with Google and/or have not logged in, it is possible that Google finds out and stores your IP address.
We use DoubleClick for marketing and optimisation purposes, particularly to place ads that are relevant and interesting for you, to improve campaign performance reports or to prevent that you see the same ads several times. Herein also lies our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is point (f) of Article 6(1) GDPR.
7.9 Use of Instagram
We use on our website plug-ins of the social network Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA).
If you are logged into your Instagram account, you can link the contents of our sites to your profile by clicking the button; Instagram can then allocate your visit of our website to your user account. If you do not agree, either log off from your Instagram profile prior to the use or do not activate the social plug-ins in the Instagram settings.
8. Your rights as a data subject
Insofar as your personal data will be processed during a visit to our website, as a “data subject” within the meaning of the GDPR, you have the following rights:
8.1 Right to confirmation
Each data subject shall have the right granted by the European directives and regulators to obtain confirmation from the controller as to whether or not personal data concerning him or her is being processed. If a data subject wishes to avail himself or herself of this right of confirmation, he or she may, at any time, contact an employee of the controller.
You can request information from us about whether your personal data is processed by us. The right to information is excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or is stored exclusively for the purpose of data backup or data protection control, provided that the exchange of information would incur disproportionately high costs and processing for other purposes by suitable technical and organisational measures is ruled out. If in your case the right of access to information is not excluded and your personal data is processed by us, you can request disclosure from us about the following information:
Purposes of the processing,
Categories of the personal data about you that is processed,
Recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations,
Where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that storage period,
The existence of the right of rectification or erasure or restriction on processing of your personal data or a right to object to such processing,
The existence of the right to lodge a complaint with a supervisory authority,
If the personal data was not collected from you as the data subject, the available information on the origin of the data, Or where applicable, the existence of automated decision-making, including profiling and meaningful information about the logic involved and also the scope and desired impact of the automated decision-making,
Where applicable, in case of the transmission to recipients in third countries, provided that there is no decision of the EU Commission regarding the adequacy of the level of protection according to Art. 45(3) of the GDPR, information about which appropriate guarantees pursuant to Art. 46(2) GDPR have been provided for the protection of personal data.
8.3 Rectification and completion
If you determine that we may hold inaccurate personal data about you, you can request immediate correction of this incorrect data. In the case of incomplete personal data, you may request completion.
You have a right to erasure (“Right to be forgotten”), insofar as the processing is not required to exercise the right to freedom of expression, the right to information or for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest, and one of the following reasons applies:
The personal data is no longer necessary for the purposes for which it was processed. The basis of the justification for the processing was exclusively your consent, which you have withdrawn.
You have objected to the processing of your personal data, which we have made publicly available.
You have objected to the processing of personal data not made publicly available by us and there are no overriding legitimate grounds for the processing. Your personal data has been processed unlawfully.
The erasure of the personal data is required to comply with a legal obligation, to which we are subject.
No claim for erasure exists if, in the event of legitimate non-automated data processing, due to the specific nature of the storage, it is not possible or only with disproportionately high expense and your interest in the erasure is minimal. In this case, limitation of processing shall replace erasure.
8.5 Limitation of processing
You can request limitation of processing from us, if one of the following reasons applies:
You dispute the accuracy of the personal data. In this case, the limitation may be required for the time needed for us to check the accuracy of the data.
The processing is unlawful and, instead of deletion, you demand limitation of the use of your personal data.
Your personal data is no longer needed by us for the purposes of processing, but is still required by you for the assertion, exercise or defence of legal claims.
You have presented an objection according to Art. 21(1) of the GDPR. The limitation of processing may be extended for as long as it remains to be decided whether our legitimate reasons outweigh your reasons.
Limitation of processing means the personal data may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on the grounds of an important public interest. We have a duty to inform you before we remove the limitation.
8.6 Data portability
You have a right to data portability provided that the processing is based on your consent (Art. 6(1), sentence 1, lit a) or Art. 9(2) lit a) GDPR) or is based on an agreement of which you are a contracting party and the processing is performed using automated procedures. The right to data portability in this case includes the following rights, provided this does not affect the rights and freedoms of others: You can ask us to keep the personal data you have provided to us, in a structured, consistent and machine-readable format. You have the right to transfer this data to another controller without hindrance on our part. As far as is technically feasible, you can demand from us that we transfer your personal data directly to another controller.
If the processing is pursuant to Art. 6(1), sentence 1 lit e) of the GDPR (performance of a task carried out in the public interest) or Art. 6(1), sentence 1 lit f) of the GDPR (legitimate interests pursued by the controller or by a third party), you have the right for reasons related to your specific situation to object at any time to the processing of personal data concerning you. This also applies to profiling pursuant to Art. 6(1), sentence 1 lit e) or lit f) of the GDPR. After you exercise the right of objection, we will stop processing your personal data, unless we can prove there are compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or that the processing serves the purpose of asserting, exercising or defending legal claims.
You can object at any time to the processing of your personal data for direct marketing purposes. This also applies to profiling in connection with such direct marketing. Once this right is exercised, we will no longer use the relevant personal data for direct marketing purposes.
8.8 Withdrawal of consent
You have the right to withdraw, with future effect, your consent at any time. The withdrawal of consent can be communicated informally by phone, email or to our postal address. The legality of the data processing performed on the basis of consent up to the receipt of the revocation shall not be affected by the withdrawal. Upon receipt of the withdrawal, the data processing, which is based exclusively on your consent, is discontinued.
If you believe the processing of personal data concerning you is illegal, you can file a complaint with a supervisory authority for data protection responsible for your place of residence or workplace or the location of the alleged infringement.