Responsible: EYE SYSTEMS International GmbH Zeughausstr. 44 20459 Hamburg Germany Phone: +49 40 59355530 Fax: +49 40 593 555 311 Email: [email protected] Managing Director: Chris Achim Braun Register Court: Amtsgericht Hamburg Register Number: HRB 131072 Sales tax identification number according to § 27 a Umsatzsteuergesetz: DE815375730
As of March 22, 2018
1. Basic information on data processing and legal basis
1.1 This data protection declaration clarifies the type, scope and purpose of the processing of personal data within our online offer and the websites, functions and contents associated with it (hereinafter jointly referred to as “online offer” or “website”). The data protection declaration applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offer is used.
1.2 The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
1.3 The use of our website is generally possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail address) is collected on our website, this is done on a voluntary basis wherever possible. This data will not be passed on to third parties without your express consent.
1.4 We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can be subject to security gaps. It is not possible to completely protect data from access by third parties.
1.5 We use terms such as “personal data” or their “processing” according to their definitions in Art. 4 of the General Data Protection Regulation (GDPR).
1.6 The personal data of users processed within the framework of this online offer includes inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of agents, payment information), usage data (e.g. websites visited within our online offer, interest in our products) and content data (e.g. entries in the contact form).
1.7 The term “user” covers all categories of persons affected by data processing. They include our business partners, customers, interested parties and other visitors to our online offer. The terms used, e.g. “user”, are to be understood in a gender-neutral way.
1.8 We process personal data of users only in compliance with the relevant data protection regulations. This means that user data will only be processed if legal permission has been granted. This applies in particular if the data processing is necessary or required by law for the provision of our contractual services (e.g. processing of orders) and online services, or if the consent of the users has been obtained, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR, this applies in particular to the measurement of reach, the creation of profiles for advertising and marketing purposes, the collection of access data and the use of third-party services).
1.9 We would like to point out that the legal basis of the consents is Art. 6 Para. 1 lit. a. and Art. 7 GDPR, the legal basis for processing to fulfil our services and implement contractual measures is Art. 6 Para. 1 lit. b. GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 Para. 1 lit. c. DSGVO, and the legal basis for processing to safeguard our legitimate interests is Art. 6 Para. 1 lit. f. GDPR.
2. Security measures
2.1 We take organisational, contractual and technical security measures in accordance with state-of-the-art technology to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
2.2 The security measures include in particular the encrypted transmission of data between your browser and our server. (SSL certificate)
2.3 This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. (Source: eRecht)
If the SSL encryption is activated, the data that you transmit to us cannot be read by third parties.
3. Transfer of data to third parties and third party providers
3.1 Data will only be passed on to third parties within the legal framework. We will only pass on user data to third parties if this is necessary for contractual purposes, e.g. on the basis of Art. 6 Para. 1 lit. b) GDPR or on the basis of justified interests in accordance with Art. 6 Para. 1 lit. f. GDPR in the economic and effective operation of our business operations.
3.2 If we employ subcontractors to provide our services, we shall take suitable legal precautions as well as appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
3.3 If content, tools or other means from other providers (hereinafter jointly referred to as “third party providers”) are used within the scope of this data protection declaration and their registered office is located in a third country, it is to be assumed that a data transfer to the countries in which the third party providers are based is taking place. Third countries are understood to be countries in which the GDPR is not a directly applicable law, i.e. in principle countries outside the EU or the European Economic Area. Data is transferred to third countries either if there is an appropriate level of data protection, user consent or other legal permission.
4. Provision of contractual services
4.1 We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 Para. 1 lit b. GDPR.
4.2 Users can optionally create a user account, for example to view their orders. During the registration process, the user is told which mandatory data is required. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data relating to the user account will be deleted (in accordance with Art. 6 para. 1 lit. c GDPR), provided that it is no longer required to comply with legal requirements under commercial or tax law. It is the responsibility of the users to back up their data before the end of the contract if they have terminated it. We are entitled to irretrievably delete all user data stored during the term of the contract.
4.3 As part of the registration and renewed logins and use of our online services, we store the IP address and the time of the respective user activity. This storage of data is based on our legitimate interests as well as the user’s need for protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c GDPR.
4.4 We process usage data (e.g., the websites visited on our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, in order to show the user, for example, product information based on the services they have used so far.
When contacting us (via contact form or e-mail), the user’s details are processed for the purpose of processing the contact request and its handling in accordance with Art. 6 Para. 1 lit. b) GDPR.
6. Comments and Posts
6.1 If users leave comments or other contributions, their IP addresses will be stored for 7 days on the basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. f. GDPR.
6.2 This is done for our security in the event that someone leaves unlawful content in comments and contributions (insults, prohibited political propaganda, etc.). In this case we can be prosecuted ourselves for the comment or contribution and are therefore interested in the identity of the author.
7. Collection of access data and log files
7.1 On the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit f. GDPR, we collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the website previously visited), IP address and the requesting provider.
7.2 For security reasons (e.g. to investigate misuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes are excluded from deletion until the respective incident has been conclusively resolved.
8. Cookies & Reach Measurement
8.1 Cookies are information that is transferred from our web server or web servers of third parties to the web browsers of users and stored there for later retrieval. Cookies can be small files or other types of information storage media.
8.2 We use “session cookies”, which are only stored for the duration of your current visit to our online presence (e.g. to enable the storage of your login status or the shopping basket function and thus the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online services and, for example, log out or close the browser.
8.4 If the users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
9. Google Analytics
9.2 Google is certified under the Privacy-Shield-Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3 Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and our online presence.
9.4 We use Google Analytics in order to display advertisements within the advertising services of Google and its partners only to those users who have also shown an interest in our website or who exhibit certain characteristics (e.g. interests in certain topics or products determined by the websites visited), which we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). With the help of Remarketing Audiences, we also want to ensure that our advertisements correspond to the potential interest of the users and are not annoying.
9.5 We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
9.6 The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser settings accordingly; users can also prevent the cookie from generating data relating to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
9.7 You can find further information on data use by Google, settings and objection possibilities on the websites of Google: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Data use for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising”).
10.1 We use the marketing and remarketing services (in short “Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR).
10.2 Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3 Google’s marketing services allow us to display more targeted advertisements for and on our website in order to show users only those advertisements that potentially match their interests. For example, if a user is shown ads for products that he or she has shown interest in on other websites, this is referred to as “remarketing”. For these purposes, when our and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (instead of cookies, comparable technologies can also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer. The IP address of the user is also logged, we do however inform Google Analytics that the IP address is shortened within member states of the European Union or in other states that are members of the Agreement on the European Economic Area and only in exceptional cases is the IP address transmitted in full to a Google server in the USA and shortened there. The IP address is not merged with user data from other Google offers. Google may also combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, advertisements tailored to the user’s interests may be displayed.
10.4 User data is processed anonymously within the framework of Google marketing services. This means that Google does not store and process e.g. the name or e-mail address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. This means that from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.
10.5 The Google marketing services used by us include the online advertising programme “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected through the cookie is used to compile conversion statistics for AdWords customers who have opted in to conversion tracking. AdWords customers are informed of the total number of users who have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
10.8 We may also use the “Google Optimizer” service. Google Optimizer allows us to track the effects of various changes to a website (e.g. changes to input boxes, design, etc.) within the scope of so-called “A/B testing”. For these test purposes, cookies are stored on the users’ devices. Only pseudonymous user data is processed.
10.9 Furthermore, we can use the “Google Tag Manager” to integrate and manage the Google analysis and marketing services in our website.
10.11. If you wish to opt out of receiving interest-based advertising through Google marketing services, you may do so using the opt-out and opt-in options provided by Google: http://www.google.com/ads/preferences.
11. Facebook Social Plugins
11.1 On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR) we use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognised by one of the Facebook logos (white “f” on blue tile, the term “Like” or a “thumbs up” symbol) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
11.2. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
11.3 If a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offer by the device. User profiles can be created from the processed data. We therefore have no influence on the scope of data that Facebook collects with the help of this plugin and can therefore only inform the users to the best of our knowledge.
11.4 By integrating the plugins, Facebook receives the information that a user has accessed the respective page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by pressing the Like button or making a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store his or her IP address. According to Facebook, they only store anonymous IP addresses in Germany.
11.6 If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and additional objections to the use of data for advertising purposes can be made within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
12. Facebook-, Custom Audiences and Facebook-Marketing-Services
12.1 Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used based on our legitimate interests in analysis, optimisation and economic operation of our online offer.
12.2 Facebook is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
12.3 With the help of the Facebook pixel, Facebook is on the one hand able to designate the visitors of our online offer to a target group for displaying advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel in order to display the Facebook Ads placed by us only to those Facebook users who have also shown an interest in our online offer or who exhibit certain characteristics (e.g. interests in certain topics or products as determined by the websites they visit) which we communicate to Facebook (so-called “custom audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook Ads match the potential interest of users and do not appear to be annoying. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users are redirected to our website after clicking on a Facebook Ad (so-called “conversion”).
12.4 The Facebook pixel is incorporated directly by Facebook when you call up our websites and can deposit a so-called cookie, meaning a small file, on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous to us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook meaning that a connection to the respective user profile can be made and used by Facebook and for our own market research and advertising purposes. Insofar as we transfer data to Facebook for verification purposes, this data is encrypted locally in the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of comparing the data with similarly encrypted data from Facebook.
12.5 The processing of the data by Facebook is carried out within the framework of Facebook’s data usage guidelines. General information on the presentation of Facebook Ads, in the Facebook Data Usage Guidelines: https://www.facebook.com/policy.php. Specific information and details about the Facebook pixel and its functionality can be found in the Facebook help area: https://www.facebook.com/business/help/651294705016616.
12.6 You may object to the collection of your data by the Facebook Pixel and use of your data to display Facebook Ads. To control what types of ads are shown to you within Facebook, you can go to the page set up by Facebook and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
13.1 With the following information, we will inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
13.2 Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletter”) only with the consent of the recipients or with a legal permission. Insofar as the contents of the newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the users. Our newsletters also contain information about our products, offers, promotions and our company.
13.3 Double-Opt-In and logging: The registration for our newsletter is carried out via a so-called Double-Opt-In procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to ensure that nobody can register with a stranger’s e-mail address. The newsletter registrations are logged so we can verify the registration process in accordance with the legal requirements. This includes the storage of both the registration as well as the confirmation time and the IP address. Changes to your data stored by the dispatch service provider are also logged.
13.5 Furthermore, the dispatch service provider may, according to its own informations, use these data in pseudonymous form, i.e. without assignment to a user, to optimise or improve its own services, e.g. for technical optimisation of the dispatch and the presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to write to these recipients himself or pass them on to third parties.
13.6 Registration data: In order to subscribe to the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name, so we can address you by name in the newsletter.
13.7 Statistical survey and analyses – The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file which is accessed by the server of the dispatch service provider when the newsletter is opened. As part of this access, technical information, such as information on the browser and your system, as well as your IP address and time of access, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their access locations (which can be determined via the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our nor the dispatch service provider’s intention to track individual users. The evaluations are used to recognise the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
13.8 The use of the dispatch service provider, the conducting of statistical surveys and analyses and the recording of the registration procedure are based on our legitimate interests in accordance with Art. 6 Para. 1 lit f GDPR. We aim to provide a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users.
13.9 Cancellation/revocation – You can cancel the subscription to our newsletter at any time, i.e. revoke your consent. Your consent to the dispatch of the newsletter by the dispatch service provider and the statistical analyses will simultaneously be cancelled. Unfortunately, it is not possible to separately cancel the dispatch by the dispatch service provider or the statistical analysis. You will find a link to cancel the newsletter at the end of each newsletter. If users have only registered for the newsletter and cancelled this registration, their personal data will be deleted.
14. Integration of third party services and content
14.1 Within our online offer, we use content or service offers from third parties on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter referred to uniformly as “content”). This always presupposes that the third-party providers of these contents are aware of the IP address of the users, as without the IP address they would not be able to send the contents to the users’ browser. The IP address is therefore necessary for the display of these contents. We make every effort to use only content where the respective providers use the IP address only to provide the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags” can be used to evaluate information such as traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information on the browser and operating system, referring web pages, visiting time and other details on the use of our online offer, these data may also be combined with similar information from other sources.
14.2 The following presentation offers an overview of third party providers and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, the possibility of objection (so-called opt-out):
– If our customers use the payment services of third parties (e.g. PayPal or Sofortüberweisung), the terms and conditions and the data protection information of the respective third party providers apply, these can be accessed on the respective websites or transaction applications.
– Our pages integrate plugins from the social network Facebook, Provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA. You can recognise the Facebook plugins by the Facebook logo or the “Like Button” (“Like”) on our site. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/.
– If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account. (Source: eRecht)
– You can change your privacy settings on Twitter in the account settings at: https://twitter.com/account/settings. (Source: eRecht)
– This website uses the “demographic features” function of Google Analytics.
This allows reports to be generated that contain information about the age, gender and interests of the site visitors. This data comes from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”. (Source: eRecht)
– You may reject the storage of cookies by selecting the appropriate settings in your browser software; however, please note that if you do so you may not be able to use all the functions of this website to their full extent. You can also prevent the transfer of the data generated by the cookie (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de (source: eRecht)
– We have activated the IP anonymisation function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the internet. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google. (Source: eRecht)
15. Users’ rights
15.1 Users have the right to request information about the personal data we have stored about them free of charge.
15.2 In addition, users have the right to correct inaccurate data, restrict the processing and delete their personal data, if applicable, to exercise their rights to data portability and, in the event of suspected unlawful data processing, to lodge a complaint with the competent supervisory authority.
15.3 Users may also revoke their consent, generally with effect for the future.
16. Rights of data subjects
– You can request information about the personal data processed by us as per Art. 15 GDPR. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if they have not been collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details of such data;
– in accordance with Art. 16 GDPR, you can request without delay the correction of incorrect data or the completion of your personal data stored with us;
– in accordance with Art. 17 GDPR you can demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
– in accordance with Art. 18 GDPR, you can demand that the processing of your personal data be restricted if you dispute the accuracy of the data, if the processing is unlawful but you object to its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
– in accordance with Art. 20 GDPR, you can receive your personal data that you have provided us with in a structured, common and machine-readable format or request that it be transferred to another responsible party;
– in accordance with Art. 7 para. 3 GDPR, you can revoke your consent at any time. As a result, we may no longer continue the data processing that was based on this consent and
– in accordance with Art. 77 GDPR you have the right to complain to a supervisory authority. As a rule, you can turn to the supervisory authority of your place of habitual residence or workplace or to the supervisory authority of our head office.
17. Deletion of data
17.1 The data stored by us will be deleted as soon as it is no longer required for the purpose for which it was collected and the deletion does not conflict with any legal obligation to retain it. If the users’ data is not deleted because it is necessary for other and legally permissible purposes, its processing is restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.
17.2 In accordance with legal requirements, we store data for 6 years as per § 257 (1) HGB (Account books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for 10 years as per § 147 (1) AO (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.).
18. Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 S. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data for reasons arising from your particular situation or to object to direct marketing. In the latter case, you have a general right of objection, which will be enforced by us without specifying a specific situation. If you wish to exercise your right of objection or revocation, simply send an e-mail to “[email protected]”.
19.2 Users are asked to inform themselves regularly about the content of the data protection declaration.