Data protection is a very special concern for us. In order for you to know when we collect and use which personal data, please take note of the following information. In it you will also find information about your rights.
1. Person responsible
1. Person responsible The person responsible for data processing in accordance with data protection regulations is GERMANBEAUTYLAB GmbH & Co. KG, Wilhelm-Blos-Strasse 33, 12623 Berlin, represented by the managing and personally liable partner Just It GmbH, which in turn is represented by the managing director Mr. Robert Scharrenberg.
Our data protection declaration is based on the relevant provisions of the European Data Protection Regulation (DS-GVO). In order to make the data protection declaration comprehensible to everyone, we would like to explain the main terms used in the DS-GVO in advance (not exhaustively):
- Personal data is any information relating to an identified or identifiable natural person (“data subject”), whereby a natural person is deemed to be identifiable if he or she can be identified, directly or indirectly, in particular
by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, Art. 4 No. 1 DS-GVO;
- processing is any operation or set of operations, performed with or without the aid of automated means, concerning personal data, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, Art. 4 No. 2 DS-GVO;
- Restriction of processing is the marking of stored personal data with the aim of restricting their future processing, Art. 4 No. 3 DS-GVO;
- profiling is any type of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or change of location of that natural person, Art. 4 No. 4 DS-GVO;
- Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the inclusion of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data is not assigned to an identified or identifiable natural person, Art. 4 No. 5 DS-GVO;
- controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his or her designation may be laid down by Union law or by the law of the Member States, Art. 4 No. 7 DS-GVO;
- processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, Art. 4 No. 8 DS-GVO;
- Recipient is a natural or legal person, authority, institution or other body to whom Personal Data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered to be recipients; the processing of such data by the said authorities is carried out in accordance with the applicable data protection provisions, in accordance with the purposes of the processing, Art. 4 No. 9 DS-GVO;
- third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data, Art. 4 No. 10 DS-GVO;
- Consent of the data subject means any voluntary expression of will, in a specific case, given in an informed and unequivocal manner, in the form of a declaration or any other unequivocal affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her, Art. 4 No. 11 DS-GVO;
- breach of personal data protection is a breach of security leading to destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed, Art. 4 No. 12 DS-GVO;
- Health data are personal data relating to the physical or mental health of a natural person, including the provision of health services, and from which information on his or her state of health is derived, Art. 4 No. 15 DS-GVO;
3. Data processing
We always process personal data in accordance with the relevant data protection regulations (DS-GVO, BDSG etc.). In principle, you can visit our website without having to provide personal information. However, if and insofar as a person concerned wishes to make use of certain offers on our website, it may be necessary to process personal data.
Personal data will only be processed if there is legal legitimation for data processing or if the person concerned has consented to data processing.
As the persons responsible for processing personal data, we have taken a number of technical and organizational measures to provide comprehensive protection for the personal data processed via our website. Nevertheless, we cannot exclude the possibility that security gaps may exist when personal data is transmitted via the Internet, so we cannot guarantee absolute protection. Anyone affected is therefore free to send us their personal data by other means (telephone, mail, etc.).
4. General data
General data and information is collected and stored in the server log file each time the person concerned visits our website or an automated system. This may include:
browser type and version
operating system used
website from which you visit us (referrer URL)
website you visit
date and time of your access
your Internet Protocol (IP) address
other data and information that is used to ward off dangers in case of attacks on our IT-system
Through this general data and information we cannot draw any conclusions about the person concerned. The general data and information are stored separately from any personal data you may have provided and therefore do not allow any conclusions to be drawn about a specific person. They are only evaluated for statistical purposes in order to be able to optimize our website and our offers, to be able to display our contents correctly, to ensure the permanent function of our IT systems and our technology or to be able to provide law enforcement agencies with the information required for criminal prosecution in the event of a system attack.
We want to ensure that we obtain statistical information through the evaluation and that we can also increase data protection and data security in order to ultimately achieve a high level of protection for the personal data we process.
The use of the personal data processed via the cookies is based either on the legal basis of the consent or on the legal basis in the form of the legitimate interest. Consent is always the legal basis when we ask you to give it. Otherwise, the legal basis is our legitimate interest in data processing. Our legitimate interest in data processing exists in particular with regard to the improvement and the continuous development and optimization of our online offer.
As the person concerned, you can exclude the acceptance of cookies for certain cases or generally, prevent or restrict the storage of cookies and activate the automatic deletion of cookies when closing the browser. However, the functionality of our website may be restricted after this.
By using the link below, you can adjust the settings once selected.
This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie preferences.
Borlabs Cookie does not collect any personal data.
The borlabs-cookie cookie stores the consent you have given when you entered the website. If you wish to revoke these consents, simply delete the cookie from your browser. If you re-enter/reload the website, you will be asked again for your cookie consent.
6. Contact possibility
For legal reasons, we provide information on our website (e.g. e-mail, telephone etc.) which enables you to contact us electronically and to communicate with us directly. If and to the extent that the person concerned contacts us in this way, the information you provide will be stored for the purpose of processing the contact. This data will not be passed on by us to third parties. We also do not compare the data collected in this way with data that may be collected by other components of the website.
7. SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content (e.g. contact requests) sent to us by data subjects, we, as the data controller, use SSL/TLS encryption. Data subjects can recognize such an encrypted connection in the address line of their browser if it contains the “https://” and/or the lock symbol. If encryption is activated, data that affected users send to us cannot be viewed and read by third parties.
8. Registration function
We, as the data controllers, enable data subjects to register on our website by providing personal data. The personal data to be provided, which are transmitted to us in this context, result from the input mask on our website. We process the personal data entered by the data subject for the purpose of registration and to enable access to the content restricted by the registration.
When registering on our website, the IP address of the person concerned and the date and time of registration are also stored. This data is stored for the purpose of preventing misuse of our services. If necessary, the data can also be used to uncover criminal offences committed. The data processing is necessary in this respect to protect us as the persons responsible for the processing. The data processed in this way will not be passed on to third parties, unless this is necessary for the execution of the contract, required by law and/or the passing on of the data serves criminal prosecution.
Those affected have the right to have their data stored for registration changed/corrected or completely deleted at any time. Upon request, we, as the persons responsible for processing, will provide information at any time as to whether and, if so, which data we have stored about the person concerned. In addition, we will correct or delete personal data at the request of the data subject, provided there are no legal storage obligations to the contrary.
We, as the data controller, offer our customers the possibility to subscribe to our products on a regular basis. The personal data required for the subscription, which are transmitted to us, result from the self-explanatory input mask during the ordering process, in particular, this includes last name, first name, address, e-mail, telephone.
In connection with the subscription, we also process the IP address of the person concerned, which was assigned to him by the respective Internet provider at the time of the order, as well as the date and time of the order.
We, as the data controllers, process the personal data collected in connection with the subscription order exclusively for the purpose of fulfilling the contract and to send reminders to the data subject by e-mail, to give the data subject the opportunity to inform us in good time of any changes regarding delivery address, delivery time, delivery stop and, alternatively, to make changes independently in his customer account.
Affected users can cancel the subscription at any time in the customer account or by e-mail, whereby the concrete contact information is communicated to the respective user separately by e-mail.
Affected users have the right to change/correct or completely delete their data stored for the subscription order at any time. Upon request, we, as the persons responsible for processing, will provide information at any time as to whether and, if so, which data we have stored about the person concerned. In addition, we will correct or delete personal data at the request of the data subject, provided there are no legal storage obligations to the contrary.
We collect information about your shopping cart during the checkout process on our store.
What personal data we collect and why we collect it
We will start tracking your shopping cart as soon as you add an item to your shopping cart and enter your email or phone number in the checkout form or popup. If you have signed into your account, we will start tracking your cart as soon as you add an item to your cart.
We are storing both shopping cart contents as well as data you provide in the checkout form or popup to:
- send you a transactional email about your abandoned cart
- improve customer experience by restoring data that has been entered in the checkout form in case you leave or accidentally refresh the page
How long we retain your data
We will store abandoned cart information for 180 days for the purpose of restoring your abandoned cart and checkout form data. This includes your name, surname, billing address, shipping address, email address, phone number, location, and additional information.
Who has access
Our store Administrators have access to the abandoned cart data you have provided.
Who we share your data with
The data is not shared, it is bound to the store.
11. Google Analytics with anonymization function and Signals
We, as the data controller, use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics enables a web-based analysis of the use of our website by the person concerned. This is done by using text files that are stored on the computer of the respective user, so-called “cookies” (see above). The information thus generated is usually transferred to a server operated by Google and stored there.
However, this website uses the IP mask method, which causes your IP address to be shortened by Google and thus made anonymous. Google uses this information to evaluate the use of the website on behalf of the operator, to create reports on the website activities and to provide other services to the website operator in connection with the use of the website.
You can prevent the storage of cookies by adjusting your browser settings accordingly. In this case, however, you may no longer be able to use all the functions of this website to their full extent. You can also use the browser plugin to prevent Google from recording and processing the data collected by the cookie. You can also prevent the collection of data relating to your use of the website to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout/.
You can read more about Google Signals here: https://support.google.com/analytics/answer/7532985?hl=en
12. Google-AdWords (Google Ads)
We, as the data controller, use on our website the Google AdWords service, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google AdWords enables us to place advertisements on the Internet, that is, we can place ads that appear in Google’s search results as well as ads that appear directly in Google’s advertising network. In the context of Google AdWords, we can define certain keywords (keywords) before the advertisement is placed. If a user enters one of these keywords into Google’s search engine, our ads with these keywords will be displayed in the results.
Within the advertising network of Google, the ads with keywords are distributed to the matching web pages by an automated algorithm, taking into account the previously determined keywords.
We use the Google AdWords service for the purpose of advertising our website, on the one hand to display relevant advertising on third-party websites or to display third-party advertising on our website and on the other hand to appear in Google’s search results.
A cookie in the form of a conversion cookie is automatically set on the computer of the user who accesses our website via a Google ad. See above for the definition of cookies.
The user cannot be identified by the conversion cookie. Furthermore, the conversion cookie loses its validity after 30 days. During the time in which the conversion cookie is valid, it is possible to track whether and if so, which sub-pages of our website were visited or accessed. The conversion cookie enables us and Google to track whether, for example, the user reached our website via a Google AdWords ad.
Google uses the data obtained via the conversion cookie to create statistics about the visits to our website. We, as the person responsible for processing, use the results of the statistics to determine how many visits have reached us via a Google AdWords ad. It thus serves to evaluate whether the Google AdWords ad was successful or not. Hereby we can optimize future advertisements. By the evaluation neither we, nor other advertising customers of Google AdWords attain information about the users, with whose assistance we could identify users.
Through the conversion cookie, personal data, such as the visited website, including the IP address is stored and forwarded to Google. Google stores this data there. It is possible that Google will pass on this information to third parties.
13. Google Adsense (Google Ads)
We, as the data controller, use Google AdSense, a service for the insertion of advertisements from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of using Google AdSense is to enable the implementation of advertising on our website. Google AdSense uses so-called “cookies”, text files which are stored on the computer of the person concerned and which enable an analysis of the use of the website. What is meant by a cookie has already been explained above. The cookie enables Google to analyse the use of our website by the person concerned.
If a website is called up which is equipped with a Google AdSense component, the internet browser automatically transfers data to the person concerned for the purpose of advertising and the settlement of commission payments to Google. Through this Google gains knowledge of personal data of the person concerned, such as the IP address. This data enables Google to trace the origin of the person concerned and the clicks made and to invoice the corresponding commissions.
Affected persons can prevent the setting of cookies at any time by means of appropriate settings (see below). This setting also prevents Google from placing a cookie on the IT system of the person concerned. Data subjects can also delete cookies already set by Google using their Internet browser or other software solutions.
Google AdSense also uses so-called counting pixels. This is a thumbnail image embedded in the website that allows the log file to be recorded and analyzed. This, in turn, serves to be able to carry out a statistical evaluation of the flow of visitors to our website. The integrated pixel-code enables Google to recognize whether and at what time the person concerned has called up one of our websites and which link the person concerned has clicked on.
Google AdSense transfers and processes personal data of the person concerned, such as the IP address to Google, which are necessary for the collection and billing of the displayed advertising. It is possible that personal data may be passed on to third parties. Further information about Google AdSense can be found under the link https://www.google.de/intl/de/adsense/start/.
Every user can prevent the setting of cookies by changing the settings in the browser accordingly. The suppression of cookies by third-party providers also prevents you from receiving advertisements from these third parties. The setting of cookies in the context of Google Ads can also be prevented completely or partially by the plug-in provided by Google. The link to this is: https://support.google.com/ads/answer/7395996.
You can also modify the setting of cookies through appropriate cookie settings, whereby we would like to point out that under certain circumstances and depending on the settings, not all of our functions may be fully usable.
14. Google Remarketing (Google Ads)
We as the data controller use Google Remarketing, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The remarketing service enables us to display ads that match your interests on other websites that are within the Google advertising network. For this purpose, we will analyze your activities and interactions on our website, including, for example, analyzing your interests in relation to our offers. This enables us to display advertising that is tailored to your interests, even after you have finished visiting our website.
Google stores cookies (see above) on the device you use, which record you as a visitor to the website when you visit certain Google services or websites from the Google network. By setting the cookies, only a unique identification of the web browser on the respective terminal device is ensured. This does not identify you as a person.
You can find more information on Google’s data protection policy at https://policies.google.com/privacy?hl=en and https://services.google.com/sitestats/en.html.
Every user can prevent the setting of cookies by changing the settings in the browser accordingly. The suppression of cookies by third-party providers also prevents you from receiving advertisements from these third parties. The setting of cookies in the context of Google Ads can also be prevented completely or partially by the plug-in provided by Google. The link to this is: https://support.google.com/ads/answer/7395996.
You can also modify the setting of cookies by means of appropriate cookie settings, whereby we would like to point out that under certain circumstances and depending on the settings, not all of our functions may be fully usable.
Affected users can prevent the setting of cookies in their browser settings (see above), whereby cookies already set can also be deleted.
17. Google +1
We use the social media features of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website. When pages with Google plug-ins are called up, a connection is established between the browser of the person concerned and the servers of Google. In the process, data is already transferred to Google. If the person concerned has a Google account, this data can be linked to it. If the person concerned does not wish this data to be associated with the Google account, it is necessary to log out of Google before visiting the Off The Path page. Interactions, in particular the use of a comment function or clicking a “+1” or “share” button are also passed on to Google. Further information on the collection and use of data by Google, as well as the rights of the person concerned, can be found at https://www.google.de/intl/de/policies/privacy.
We, as the data controller, use the YouTube service component on our website. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube enables publishers to post videos on the internet-based video portal free of charge. In addition, YouTube enables other users to view and rate the videos posted free of charge and to comment on them. Since YouTube enables publishers to publish all types of videos, complete film and TV shows, trailers, music videos or videos created by the respective users themselves can be accessed.
When users visit a single page on our website where a YouTube component has been embedded, the YouTube component automatically triggers the person’s browser to download a representation of the YouTube component from YouTube. Users can view detailed information about YouTube at https://www.youtube.com/intl/en/about/.
Through this automated technical process, YouTube and Google gain knowledge of which individual subpage of our website is visited by the user/the person concerned. If the user is logged in at YouTube when visiting our website, YouTube will know which specific subpage is being visited by calling up our subpage containing the YouTube component. YouTube and Google collect this information and assign it to the user’s YouTube account accordingly.
We use the component of the provider facebook. Facebook is a service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Whenever our website is accessed, which is equipped with such a component, this component causes the browser used by the user to download a corresponding representation of the component from facebook. This process informs facebook which specific page of our website is currently being visited. If you visit our website and are logged in to facebook during this time, facebook recognizes which specific page is being visited and assigns this information to your personal account on facebook. For example, if you click on the “Like” button or make corresponding comments, this information is transmitted to your personal user account on facebook and stored there. In addition, the information that you have visited a page from us is passed on to facebook. This happens regardless of whether you click on the component or not.
In addition, external tools are available on the market that can be used to block Facebook social plug-ins with add-ons for all common browsers.
An overview of the Facebook plugins can be found at https://developers.facebook.com/docs/plugins/
20. Payments/ payment service providers
We, as the data controllers, offer data subjects the possibility to make payments quickly and securely within our business relationships, due to legal obligations or due to our legitimate interest. For this purpose, we use the services of banks, credit institutions and other payment service providers.
The personal data processed within the scope of payment transactions originates in particular from the category of inventory data (e.g. surname, first name, address, bank data (IBAN, BIC, passwords, TAN, contract data, payment amounts as well as data concerning the recipient, etc.). In addition, the following data or data categories are processed in particular: Invoice data and payment histories, contract data (such as subject matter of the contract, duration, etc.), metadata and communication data (such as IP addresses, data on the device used).
The data processing is necessary to execute and process the payment transaction. However, the personal data collected in this respect will only be processed and stored by the selected payment service provider. We do not obtain information about the account, nor do we obtain information about any credit card used. We only obtain information about whether the payment has been made or not.
It may happen that the respective payment service providers forward the personal data to credit agencies. This is done for the purpose of checking the identity and creditworthiness of the person concerned. In this respect, reference is made to the respective general terms and conditions and data protection provisions of the payment service providers used. Information on the rights of the persons concerned (revocation, information, etc.) can also be viewed here.
We use the following payment service providers on our website:
PayPal (Europe) S.à r.l. et Cie, S.C.A
22-24 Boulevard Royal
L-2449 LuxembourgTel: 0800 723 4500
510 Townsend Street
San Francisco, CA 94103, USAE-Mail: email@example.com
1015CW Amsterdam, NiederlandeTel: +49 (032) 240 9020
STUZZA Studiengesellschaft für Zusammenarbeit im Zahlungsverkehr GmbH
1090 Wien (Austria)Tel: +43/1/505 32 80
Ant Group Co., Ltd.
Z Space 556 Xixi Road Hangzhou
310000 ChinaTel: 86-571-2688-8888
Website: https://intl.alipay.com/ & www.antgroup.com
Sociedade Interbancaria de Servicos, S.A. (SIBS)
Rua Soeiro Pereira Gomes, Lote 1
1649 – 031 LissabonTel: (00 351) 217 918 780
ul. Kanclerska 15
60-327 PoznańTel: +48616429344
5th Floor, BIDV Tower
194 Tran Quang Khai street, Hoan Kiem district
Ha Noi, Viet Nam.Tel: +84 24 3936 6668
Email: Sales department: firstname.lastname@example.org, email@example.com
Merchant services: firstname.lastname@example.org
Risk management: email@example.com
21. Shipping Service Providers
We, as the data controllers, use shipping service providers (e.g. DHL, UPS, etc.) for the execution and fulfillment of our contractual obligations regarding the delivery of goods to our customers. For this purpose, it is necessary that we pass on the address data of the recipient of our goods, which was provided when the order was placed, to the respective shipping service provider for the purpose of delivering the goods, thus for the purpose of fulfilling the contract (Art. 6 para. 1 p. 1 lit. b DSGVO). In addition, personal data (telephone number, e-mail) will only be passed on to the respective shipping service provider if this data is indispensable for the fulfillment of the contract, e.g. regional requirements in delivery countries, when transporting goods that are not suitable for parcel delivery, which must be delivered by a forwarding agent and for which a delivery date must be agreed with the recipient, or if we have received prior consent for this within the meaning of Art. 6 para. 1 S. 1 lit. a DSGVO.
22. Deletion and blocking
The processing of personal data is only carried out for the period of time required to achieve the storage purpose or as long as required by relevant legal provisions.
After the storage purpose has ceased to apply or after a statutory storage period has expired, we delete or block the personal data in accordance with the statutory provisions.
23. Data subject rights
The data subjects are entitled to the following rights in particular:
Affected persons may request confirmation from us, as the data controller, as to whether we are processing personal data. In order to exercise this right, the person concerned can contact one of our employees at any time.
Any data subject may, at any time and free of charge, request from us, as the data controller, information as to whether, and if so, which personal data we have stored about him/her. A copy of this information must be provided to the person concerned. In addition, the data subject may obtain information on (a) the purposes of the processing, (b) the categories of personal data processed, (c) the recipients or categories of recipients to whom personal data have been or will be disclosed, (d) the envisaged duration for which the personal data are stored or, if this is not possible, the criteria for determining this duration, (e) the existence of the right of rectification or erasure or of the right to have the processing limited by the controller or to object to such processing, (f) the existence of a right of appeal to a supervisory authority, and (g) the existence of automated decision making, including profiling, and requiring meaningful information about the logic involved and the scope and intended impact of such processing on the data subject. Where personal data are not collected directly from the data subject, the data subject shall be provided with all available information on the origin of the data. In addition, the data subject shall have the right to obtain information as to whether personal data have been transferred to a third country or to an international organization. If the answer is in the affirmative, the data subject shall be informed of the appropriate guarantees in connection with the transfer. In order to exercise this right, the person concerned can contact one of our employees at any time.
Any data subject may at any time request us, as data controller, to rectify without delay any inaccurate personal data concerning him or her. In addition, the data subject is entitled to request the completion of incomplete personal data, taking into account the purposes of the processing. In order to exercise this right, the person concerned can contact one of our employees at any time.
- Cancellation/ Right to be forgotten
Any data subject may request from us, as data controller, that the personal data relating to him/her be deleted without delay if one of the following reasons applies and provided that the processing is not necessary:
• The processing of the personal data is no longer necessary for the original purpose for which it was collected or otherwise processed,
• The consent to data processing has been withdrawn by the data subject and there is no legal basis for legitimacy for the data processing,
• The data subject has objected to the data processing in accordance with Art. The data subject has lodged an objection to data processing in accordance with Art. 21 Para. 1 DS-GVO and there are no overriding legitimate reasons for data processing
• The data subject has objected to the data processing in accordance with Art. The data subject has lodged an objection to data processing in accordance with Art. 21 Para. 2 DS-GVO
• The processing of personal data is unlawful
• The deletion is required for legal reasons
• The data collection was carried out in connection with information society services offered in accordance with Art. 8 Para. 1 DS-GVO. If one of the above-mentioned reasons exists and the person concerned wishes the deletion of the personal data stored with us, he or she can contact one of our employees at any time who will arrange for the deletion. If personal data is published and we are obliged to delete personal data as the data controller in accordance with Art. 17 Para. 1 DS-GVO, we will take appropriate (technical) measures, taking into account the available technology and the costs of implementation, to inform other data controllers who process the published personal data of the data subject of the request for deletion of the data subject. These measures include in particular informing the other data controllers that the data subject has requested that all links to the personal data or copies or reproductions thereof be deleted, unless the processing is necessary. Our employees will arrange everything necessary in individual cases.
- Restricted processing
Any data subject may request us, as data controller, to restrict the processing of personal data if and to the extent that one of the following conditions applies:
• The data subject contests the accuracy of the personal data for the period of time during which we, as data controller, are able to verify its accuracy
• The data processing is unlawful and the data subject requests the limited processing of the personal data instead of its deletion
• We, as data controller, no longer need the personal data of the data subject; the data subject needs the personal data for the purpose of asserting, implementing and/or defending his legal claims
• The data subject has lodged an objection to the data processing in accordance with Art. 21 Para. 1 DS-GVO and it is still unclear whether there are any overriding legitimate reasons for us, as the data controller, to process the data If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by us, he or she may, at any time, contact any of our employees, who will arrange the restriction of the processing.
- Right to data portability
Any data subject may require us, as data controller, to transfer personal data concerning him/her in a structured, common/known and machine-readable format. The data subject may also request that the personal data relating to him/her be transferred to another controller without our hindering this, provided that the data processing is based on consent within the meaning of Art. 6 para. 1 lit. 1 letter a DS-GVO, Art. 9 para. 2 lit. a DS-GVO or on a contract pursuant to Art. 6 para. 1 lit. b DS-GVO and is carried out with the aid of an automated procedure, unless the data processing is necessary for the performance of a task carried out in the public interest or is carried out in the exercise of official authority vested in us as the controller.
Within the scope of exercising the right to data transferability, the data subject is entitled to have his/her personal data transferred directly from one responsible party to another, provided that this transfer is technically feasible and does not infringe the rights and freedoms of other persons. To exercise this right, the person concerned can contact one of our employees at any time. In order to exercise this right, the person concerned can contact one of our employees at any time.
- Right of objection
Any data subject may at any time object to the processing of personal data relating to him/her, as the controller, provided that the data processing is carried out in accordance with Article 6 paragraph 1 1 lit. letter e or f DS-GVO. This applies equally to profiling based on this provision.
As the data controller, we no longer process the personal data after an objection has been raised, unless there are compelling reasons for processing the data that are worthy of protection and outweigh the interests, rights and freedoms of the data subject. This applies equally to cases in which the data processing serves the assertion, exercise or defense of claims. In the event that we process personal data for the purpose of direct marketing, the person concerned can object to this at any time. This applies accordingly to profiling, if and to the extent that it is related to direct marketing. After an objection has been made to the processing of data for direct marketing purposes, we will no longer process the personal data for these purposes. The data subject also has the right to object to the processing of personal data concerning him/her that is carried out at our company for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 DS-GVO, if there are reasons arising from the specific situation of the data subject, unless the data processing is necessary for the performance of a task in the public interest. In order to exercise this right, the person concerned can contact one of our employees at any time. In addition, when using information society services, irrespective of Directive 2002/58/EC, the data subject may exercise his/her right to object by means of an automated procedure involving technical specifications.
- Automated individual case decisions/ profiling
Any data subject may request us, as the controller, not to implement decisions which produce legal effects concerning him or her or similarly significantly affect him or her solely on the basis of automated processing, including profiling, provided that the decision is (a) not necessary for the conclusion or performance of a contract between the data subject and us, or (b) is authorised by relevant legal provisions and those provisions contain adequate safeguards with respect to the rights and freedoms and legitimate interests of the data subject, or (c) is made with the explicit consent of the data subject. If the decision is necessary for the conclusion or performance of a contract between the data subject and us, as data controller, or if the data subject has expressly consented, we shall take reasonable measures to safeguard the rights and freedoms and the legitimate interests of the data subject. These measures shall include, at a minimum, the right to obtain the intervention of a data controller, to express one’s point of view and to challenge the decision.
In order to exercise this right, the person concerned can contact one of our employees at any time.
- Withdrawal of consent
Each person concerned may withdraw his/her consent to the processing of personal data at any time. In order to exercise this right, the person concerned can contact one of our employees at any time.
- Right of appeal
Dependents have the right to complain to the competent supervisory authority at any time. The data protection officers responsible for each federal state and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html
24. Legal basis for data processing
For us, the legal basis for data processing is Art. 6 Par. 1 lit. a DS-GVO, if we obtain the consent of the data subject for a specific processing purpose. In the case of data processing for the performance of a contract to which the data subject is a party, the legal basis for processing is Art. 6 Paragraph 1 lit. b DS-GVO. This applies equally to processing operations that are necessary to carry out pre-contractual measures, such as inquiries about our products or services. If we are subject to a legal obligation according to which we must process personal data (e.g. tax obligations), the legal basis for data processing is Art. 6 para. 1 lit. c DS-GVO. In certain situations, data processing may be necessary to protect vital interests of the data subject or another natural person, for example if injuries occur when visiting our company. In this case, we would have to transmit the name, age, health insurance data or other vital information to a doctor, hospital or other third party. The legal basis for data processing here is Art. 6 para. 1 lit. d DS-GVO. Data processing may also be based on Art. 6 Para. 1 lit. f DS-GVO if none of the above-mentioned legal bases is relevant and the data processing is necessary to safeguard the legitimate interests of us or a third party, provided that the interests, fundamental rights and freedoms of the person concerned do not prevail. In the case of data processing based on Article 6 Paragraph 1 lit. 1 letter f DS-GVO, our legitimate interest is the execution, exercise and continuous optimization of our business activities for the benefit of the well-being of all our employees.
25. Duration of storage
The duration of the storage of personal data is largely determined by the legally prescribed retention periods. After expiry of the respective period, the corresponding personal data is routinely deleted if and to the extent that it is no longer necessary for the performance of the contract or the initiation of the contract.
26. Provision of personal data
We hereby inform you that in some cases there are legal regulations that require the provision of personal data (e.g. tax law) or that such an obligation to provide personal data may also arise from contractual provisions. It may occur that it is necessary for the conclusion of a contract for the person concerned to provide us with personal data which we have to process in the course of the contract, as is required, for example, when concluding a contract. If in these cases the personal data is not provided, we would not be able to conclude the contract with the person concerned. Before the provision of the personal data by the person concerned, the person concerned must contact us, who will inform the person concerned in each individual case whether the provision of the personal data is required by law or contract or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
27. Objection of advertising mails
The use of the contact data given in the imprint and on the website for sending unsolicited advertising and information material is hereby expressly objected to. We reserve the right to take legal action in the event of any infringement of unsolicited advertising and similar material, e.g. through spam emails.
28. Changes to our data protection policy