Privacy Policy
1) Information on the collection of personal data and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Nils Käse, Hinter der Schule 13, 34260 Kaufungen, Germany.
Email: waldmensch.info@gmail.com. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.
2) Data collection when visiting our website
When using our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
3) Hosting
Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop based on processing on our behalf. All data collected on our website is processed on Shopify's servers. Within the framework of the aforementioned services of Shopify, data may also be transmitted to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc. for further processing on our behalf. In the event of data being transferred to Shopify Inc. in Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned above by Shopify only takes place within the scope communicated below.
4) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can find the duration of the respective cookie storage in the overview of the cookie settings of your web browser.
In some cases, cookies serve to simplify the ordering process by storing settings (e.g. remembering the content of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing is carried out either in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of a given consent, or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Please note that if cookies are not accepted, the functionality of our website may be limited.
CLICKCEASE
This website uses functions of the web analysis service Clickcease, 18th Haarba'a Street, Tel Aviv, Israel.
Clickcease uses so-called "cookies" and thereby collects, stores and processes information that your browser automatically transmits to us. This includes: browser type/browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request and the IP address. Clickcease searches this data for conspicuous behavior and, if necessary, transmits suspicious data to Google to protect us from click fraud. During this process, it is possible that the collected data may be processed and stored outside the European Union.
The collection of data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both his advertising offer and his advertising.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
Further information and Clickcease's data protection provisions can be found at https://www.clickcease.com/tos.html.
5) Contacting us
When you contact us (e.g. via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
6) Data processing when opening a customer account and for contract processing
In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide it to us for the purpose of executing a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Your customer account can be deleted at any time and can be done by sending a message to the controller's address mentioned above. We store and use the data you provide for contract processing. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or a legally permitted further data use by us has been reserved.
7) Use of customer data for direct marketing
7.1 Newsletter registration by email
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of further data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an email newsletter if you have expressly confirmed to us that you consent to receiving newsletters. We will then send you a confirmation email asking you to confirm that you wish to receive the newsletter in the future by clicking on a corresponding link.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When registering for the newsletter, we store your IP address entered by the internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us when registering for the newsletter is used exclusively for the purpose of advertising communication by means of the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.
7.2 Sending email newsletters to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range that you have already purchased, by email. For this purpose, we do not need to obtain separate consent from you in accordance with Section 7 (3) UWG. The data processing in this respect is based solely on our legitimate interest in personalized direct marketing in accordance with Art. 6 (1) lit. f GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by sending a message to the controller mentioned at the beginning. For this, you will only incur transmission costs according to the basic rates. After receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.
7.3 Newsletter dispatch via Klaviyo
Our email newsletters are sent via the technical service provider "Klaviyo", 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in using an advertising-effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a Klaviyo server in the USA and stored there.
Klaviyo uses this information to send the newsletters on our behalf. Klaviyo does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
To protect your data in the USA, we have concluded a data processing agreement ("Data-Processing-Agreement") with Klaviyo, in which Klaviyo undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties.
You can view Klaviyo's data protection provisions here: https://www.klaviyo.com/privacy
8) Data processing for order processing
8.1 - Transmission of image files for order processing via upload function
On our website, we offer customers the opportunity to order the personalization of products by transmitting image files via an upload function. The submitted image motif is used as a template for the personalization of the selected product.
Through the upload form on the website, the customer can transmit one or more image files from the storage of the end device used directly to us via automated, encrypted data transfer. We then collect, store and use the transmitted files exclusively for the production of the personalized product in accordance with the respective service description on our website. If the transmitted image files are passed on to special service providers for the production and processing of the order, you will be explicitly informed of this in the following paragraphs. No further transfer will take place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all the processing operations just mentioned are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 Para. 1 lit. b GDPR. After the order has been finally processed, the transmitted image files will be automatically and completely deleted.
8.2 To process your order, we work with the following service provider(s), who support us fully or partially in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution as part of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will explicitly inform you about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.
- Billbee
Order processing is carried out via the service provider "Billbee" (Billbee GmbH, Paulinenstrasse 54, 32756 Detmold). Name, address and, if applicable, other personal data are passed on to Billbee exclusively for the processing of the online order in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data only takes place insofar as this is actually necessary for the processing of the order. Details on Billbee's data protection and its privacy policy can be viewed on Billbee's website at "billbee.io".
Heimatstolz UG (haftungsbeschränkt)
Transfer of data Heimatstolz UG (haftungsbeschränkt) Klosterstraße 2, 85092 Kösching for production and fulfillment:
For the purpose of fulfilling the contract, in particular for the production of goods and the shipping of goods, we cooperate with Heimatstolz UG (haftungsbeschränkt). Data related to your order is processed there. This includes data for the production of the order and for delivery.
Heimatstolz UG (haftungsbeschränkt) processes the data solely for the fulfillment of the contract. The legal basis is Art. 6 Para. 1 b GDPR
- Boender & Beutel GmbH
Transfer of data to Boender & Beutel GmbH, Vogelsanger Str. 356-358, 50827 Cologne for production and fulfillment:
For the purpose of fulfilling the contract, in particular for the production of goods and the shipping of goods, we cooperate with Boender & Beutel GmbH. Data related to your order is processed there. This includes data for the production of the order and for delivery.
Boender & Beutel GmbH processes the data solely for the fulfillment of the contract. The legal basis is Art. 6 Para. 1 b GDPR
8.3 In order to fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name, your delivery address and, if necessary for delivery, your telephone number, exclusively for the purpose of goods delivery in accordance with Art. 6 para. 1 lit. b GDPR to a shipping partner selected by us.
8.4 Use of payment service providers (payment services)
- Amazon Pay
If you choose "Amazon Pay" as your payment method, payment processing will be handled by the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: "Amazon Payments"), to whom we will forward your information provided during the ordering process, along with information about your order, in accordance with Art. 6 (1) lit. b GDPR. The transfer of your data is solely for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent necessary for this purpose. Further information on Amazon Payments' data protection policies can be found at the following internet address: https://pay.amazon.com/de/help/201751600
- Apple Pay
If you choose "Apple Pay" as your payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing will be carried out via the "Apple Pay" function of your iOS, watchOS or macOS-powered device by debiting a payment card stored with "Apple Pay". Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. Therefore, to authorize a payment, you need to enter a pre-defined code and verify it using the "Face ID" or "Touch ID" function of your device.
For the purpose of payment processing, your information provided during the ordering process, along with information about your order, will be forwarded to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for the purpose of carrying out the payment. The encryption ensures that only the website where the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the successful payment.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.
Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
If you use Apple Pay on iPhone or Apple Watch to complete a purchase you made via Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac".
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- Google Pay
If you choose "Google Pay" as your payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing will be carried out via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with an NFC function, by debiting a payment card stored with Google Pay or a verified payment system there (e.g. PayPal). To authorize a payment via Google Pay exceeding €25, you must first unlock your mobile device using the verification method you have set up (e.g. facial recognition, password, fingerprint, or pattern).
For the purpose of payment processing, your information provided during the ordering process, along with information about your order, will be forwarded to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the originating website, which is used to verify a completed payment. This transaction number contains no information about the real payment data of your payment method stored in Google Pay, but is created and transmitted as a uniquely valid numerical token. For all transactions via Google Pay, Google acts solely as an intermediary for processing the payment. The transaction itself is carried out exclusively between the user and the originating website by debiting the payment method stored in Google Pay.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.
Google reserves the right to collect, store, and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 (1) lit. f GDPR on the basis of legitimate interests in proper accounting, verification of transaction data, and the optimization and maintenance of the Google Pay service.
Google also reserves the right to merge the processed transaction data with other information collected and stored by Google when using other Google services.
The terms of use for Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection with Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- giropay
When paying via "giropay", payment processing is carried out by giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, to whom we forward your information provided during the ordering process, along with information about your order. The transfer of your data is carried out in accordance with Art. 6 (1) lit. b GDPR exclusively for the purpose of payment processing and only to the extent necessary for this purpose. Further information on giropay GmbH's data protection policies can be found at the following internet address: https://www.giropay.de/rechtliches/datenschutzerklaerung
- Klarna
If you select a Klarna payment service, payment processing will be handled by Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). To enable payment processing, your personal data (first and last name, street, house number, postcode, city, gender, email address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, items, delivery method) will be passed on to Klarna for the purpose of identity and creditworthiness checks, provided you have expressly consented to this in accordance with Art. 6 (1) lit. a GDPR during the order process. You can view which credit agencies your data may be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, are included in the calculation of the score values. Klarna uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.
Your personal data will be treated in accordance with the applicable data protection regulations and according to the information in Klarna's data protection policies for data subjects residing in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects residing in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "installment payment" via PayPal, we transfer your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of payment processing. The transfer is carried out in accordance with Art. 6 (1) lit. b GDPR and only to the extent necessary for payment processing.
PayPal reserves the right to carry out a credit assessment for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be forwarded to credit agencies in accordance with Art. 6 (1) lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check regarding the statistical probability of payment default for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, are included in the calculation of the score values. Further data protection information, including on the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, payment processing will be handled by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we transmit your information provided during the order process, along with information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1) lit. b GDPR. The transfer of your data is exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on data protection by Shopify Payments can be found at the following internet address: https://www.shopify.com/legal/privacy.
Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
- Stripe
If you choose a payment method from the payment service provider Stripe, payment processing is carried out by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we transmit your information provided during the ordering process, along with information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1) lit. b GDPR. The transfer of your data is exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on Stripe's data protection can be found at the URL https://stripe.com/de/privacy#translation.
9) Contact for review reminders
Review reminder by Loox
If you have given us your express consent to this during or after your order in accordance with Art. 6 (1) lit. a GDPR, we will transmit your email address and possibly other previously collected customer data to the review tool Loox, a service of Loox Online Ltd., Rehov Har Sinai 2, 6581602 Tel Aviv-Yafo, Israel ("Loox"), so that they can send you a review reminder by email. You can revoke your consent at any time by sending a message to the data controller or to the review platform.
The appropriate level of data protection for the transfer of data to Loox in Israel is ensured by an adequacy decision of the European Commission.
We have concluded a data processing agreement with Loox, obliging Loox to protect our customers' data and not to pass it on to third parties. This agreement can be viewed here: https://loox.io/legal/data_processing_addendum.pdf
More information on data protection by Loox can be found at https://loox.io/legal/privacy_policy_merchants.pdf
10) Use of Social Media: Videos
Use of YouTube videos
This website uses the YouTube embedding function to display and play videos from the provider "YouTube," which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
The extended data protection mode is used here, which, according to the provider, only initiates the storage of user information when the video(s) are played. When playing embedded YouTube videos, the provider "YouTube" uses cookies to collect information about user behavior. According to "YouTube," these serve, among other things, to record video statistics, improve user-friendliness, and prevent abusive practices. If you are logged into Google, your data will be directly associated with your account when you click a video. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 (1) lit. f GDPR on the basis of Google's legitimate interests in displaying personalized advertising, market research, and/or designing its website to meet needs. You have a right to object to the creation of these user profiles, for which you must contact YouTube. When using YouTube, personal data may also be transmitted to the servers of Google LLC in the USA.
Regardless of whether embedded videos are played, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations beyond our control.
Further information on data protection at "YouTube" can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy
To the extent legally required, we have obtained your consent for the data processing described above in accordance with Art. 6 (1) lit. a GDPR. You can revoke your given consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website.
11) Rights of the Data Subject
11.1 The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the controller regarding the processing of your personal data, which we inform you about below:
- Right of access in accordance with Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the significance and envisaged consequences of such processing for you, as well as your right to be informed about the safeguards under Art. 46 GDPR when your data is transferred to third countries;
- Right to rectification in accordance with Art. 16 GDPR: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and/or to have incomplete personal data stored by us completed;
- Right to erasure in accordance with Art. 17 GDPR: You have the right to demand the erasure of your personal data if the conditions of Art. 17 (1) GDPR are met. However, this right does not exist, in particular, if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
- Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of processing of your personal data as long as the accuracy of your data, which you dispute, is being verified, if you refuse the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data for the establishment, exercise or defence of legal claims, after we no longer need this data after the purpose has been achieved, or if you have objected for reasons arising from your particular situation, as long as it has not yet been determined whether our legitimate grounds outweigh yours;
- Right to information pursuant to Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request transmission to another controller, insofar as this is technically feasible;
- Right to withdraw consent given pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw consent once given to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned without undue delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent until the withdrawal;
- Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
11.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTERESTS IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. FURTHER PROCESSING REMAINS RESERVED, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
12) Duration of the storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g. commercial and tax retention periods).
When personal data is processed on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, this data is stored until the data subject revokes their consent.
If there are statutory retention periods for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the expiry of the retention periods, provided that it is no longer required for contract fulfillment or initiation and/or we no longer have a legitimate interest in further storage.
When personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.
When personal data is processed for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object pursuant to Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.