Privacy Policy
Privacy policy
We take your privacy seriously and would like to inform you (hereinafter referred to as the "user") below of how personal data is processed in connection with the use of our web pages.
"Personal data" includes all information relating to an identified or identifiable natural person (hereinafter also referred to as the "data subject"). In this case, a natural person is regarded as "identifiable" who can be identified, directly or indirectly, by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, which express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
I. Name and address of the controller
The controller, within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations, is:
Vitaminum ProLife e.Kfm.
Thomas Chrobok
Hohler Weg 26
D-32760 Detmold
Germany
Telephone +49 (0) 5231/3077153
Email: vitaminum-prolife@web.de
The data protection officer of the controller is:
Thomas Chrobok
Hohler Weg 26
D-32760 Detmold
Germany
Telephone +49 (0) 5231/3077153
Email vitaminum-prolife@web.de
II. General information about data processing
Extent of processing of personal data
We only process the personal data of our users to the extent necessary to provide a functioning website and our content and services. Personal data is the data that allows you to personally identify you.
Legal basis for the processing of personal data
The legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is a party is Art. 6(1)(b) GDPR. This also applies to processing operations required to carry out pre-contractual actions.
To the extent that the processing of personal data is required to fulfil a legal obligation that governs our business, Art. 6(1)(c) GDPR serves as a legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6(1)(f) GDPR serves as a legal basis for processing.
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6(1)(a) GDPR serves as a legal basis.
Data deletion and storage duration in principle
Once the purpose of storage no longer applies, the personal data of the data subject will be deleted or blocked. Furthermore, storage is permitted and possible if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Data is also blocked or deleted when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
If no specific storage period is indicated, the aforementioned principles for storage apply.
Encryption
This website uses SSL or TLS encryption to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). An encrypted connection can be recognised by the string "https://" and the lock icon in your browser line.
III. Provision of the website and log files
Description and scope of data processing
Every time you visit our website, even if you do not otherwise submit any information, data and information are automatically collected by the computer system of the calling computer. The following data required for the technical operation of our website are collected:
- the operating system of the calling computer/device
- information about the browser version of the calling computer/device
- the internet service provider of the user
- amount of data transmitted
- date and time of access
- web pages from which the user accesses our website (URL)
- web pages accessed by the user's system through our website
- the subpages, which are accessed via an accessing system on our website,
- the type of device and browser used, e.g. "iPhone 8 & Safari",
- the IP address of the calling computer/device
The data is stored in our system in log files. This data is not stored with other personal data of the user.
Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.
Purpose of data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. For this, the user's IP address must be retained for the duration of the session.
Storage in log files ensures the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. No data is evaluated for marketing purposes in this context.
With regard to these purposes, our legitimate interest with regard to data processing is substantiated by 6(1)(f) GDPR. Other interests include the stable and functional operation of this website and the achievement of targets in relation to privacy, integrity and availability.
Duration of storage
The data is deleted as soon as it is no longer required for the purpose of its collection. In the case of the collection of data to provide the website, the data is deleted when the respective session is completed.
In the case of storing the data in log files, the data is deleted after no more than seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated in order that an assignment to the calling client is no longer possible.
Objection and removal
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no right of objection on the part of the user.
IV. Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are small text files that are stored on your browser on the computer system (terminal) of the user. If a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string (cookie ID), by means of which web pages and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual's browser from other internet browsers that contain other cookies. Thus, the cookie allows a clear identification of the browser when (re-)visiting the website.
We use cookies to make our website more user-friendly and to enable certain functions. On the one hand, we use so-called session cookies, which are automatically deleted from your browser immediately after the visit to the website.
In the field of web analytics, on the other hand, we also use persistent cookies that enable us to recognise your browser the next time you visit, for example, to remember the information you provided during your last visit for your subsequent visit to our website.
The following data is stored and transmitted in the cookies:
location data, login information, IP addresses
Insofar as we use cookies which allow an analysis of the surfing behaviour of the users, the following data can also be transmitted: search terms entered, frequency of page views, use of website functions.
We also work with (advertising) partners to help us optimise our website and make it more interesting. For this purpose, in this case, when you visit our website, cookies from partner companies are also stored on your hard drive (third-party cookies).
Insofar as we cooperate with such advertising partners, you will be informed about the use of such cookies and the scope of the information collected below.
Legal basis for data processing
In the case of the processing of personal data by cookies implemented by us, processing occurs either in accordance with Art. 6(1)(b) GDPR for the execution of the contract or in accordance with Art. 6(1)(f) GDPR for the protection of our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective site experience.
Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of web pages for users. Some features of our website cannot be provided without the use of cookies, as they require the recognition of the browser after navigation to another page.
The user data collected through technically necessary cookies is not used to create user profiles. The use of analysis cookies is for the purpose of improving the quality of our website and its contents. Through analysis cookies, we learn how our website is used and as a result we can constantly optimise our offer.
For these purposes, our legitimate interest lies in the processing of personal data in accordance with Art. 6(1)(f) GDPR.
Objection and removal
Since cookies are stored on the user's computer and transmitted by the user to our site, you as the user have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser.
The transmission of any "Flash Cookies" is not prevented by the settings of the browser, but is prevented by changing Flash Player settings.
V. Newsletter
Description and scope of data processing
There is an opportunity on our site to subscribe to a free newsletter.
Registration is via the so-called double opt-in procedure. This means that we will only send you an email newsletter if you have previously explicitly confirmed to us that you agree to the sending of the newsletter. After your registration, we will send you a confirmation email asking you to confirm that you wish to receive newsletters in future by clicking on a corresponding link in the email ("Double Opt-In").
When registering for the newsletter, your email address will be the only required information.
In addition, the following additional data will be collected upon registration:
- IP address of the calling computer
- date and time of registration
There is no disclosure of data to third parties in connection with the processing of data for the sending of newsletters. The data will be used exclusively for the sending of the newsletter.
Legal basis for data processing
The legal basis for the processing of data after the user has registered for the newsletter is Art. 6(1)(a) GDPR.
The legal basis for sending the newsletter following the use of services by you is Section 7(3) Law against Unfair Competition. Data processing in this respect occurs solely on the basis of our legitimate interest in personalised direct marketing in accordance with Art. 6(1)(f) GDPR.
Purpose of data processing
The collection of the user's email address is for the purpose of delivering the newsletter.
The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the email address used.
Duration of storage
The data is deleted as soon as it is no longer required for the purpose of its collection. The email address of the user is therefore stored as long as the subscription to the newsletter is active.
The other personal data collected during the registration process is normally deleted after a period of seven days.
Objection and removal
The subscription to the newsletter can be terminated by the relevant user at any time with future effect. For this purpose, there is a corresponding link in each newsletter; alternatively, you can also send a message to the above-mentioned controller. For this purpose, you only have to pay transmission costs in line with the basic rates.
You also have the option of revoking your consent to the storage of the personal data collected during the registration process.
After cancellation, your email address will be deleted immediately from our newsletter distributor, insofar as you have not expressly consented to a further use of your data or we reserve the right to further data usage permitted by law and about which we inform you in this statement. In the latter case, your email address will be blocked for the newsletter.
VI. Getting in touch with us
You can contact us at any time via our email address, by post or by phone. If you contact us, your personal data transmitted to us with the contact request may be stored.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
Legal basis for data processing
The legal basis for the processing of the data transmitted in the course of a contact attempt is Art. 6(1)(f) GDPR. Our "legitimate interest" is the processing of your request. If the purpose of contact is the conclusion of a contract, then an additional legal basis for the processing is Art. 6(1)(b) GDPR.
Purpose of data processing
The processing of personal data is solely for the purpose of facilitating the communication. This is also the necessary legitimate interest in the processing of the data.
Duration of storage
The data provided in the context of the communication will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data that you send us as part of a contact attempt, this is usually the case when the respective contact with the user has ended and the deletion does not conflict with any statutory storage requirements. The contact is terminated when it can be inferred from the circumstances that the matter in question has been fully clarified.
Objection and removal
If you contact us, you may object to the storage of your personal data at any time. In such a case, we cannot continue the communication with you. All personal data stored in the course of communication will be deleted in this case, unless we are entitled to retain it for other legal reasons, especially for the fulfilment of an existing contract with you in accordance with Art. 6(b) GDPR.
VII. Use of YouTube videos
Our website uses the embedding function of YouTube to display and playback videos of the provider "YouTube". YouTube belongs to
Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google LLC is based in the USA and is certified under the US-European Privacy Shield, which ensures compliance with the applicable level of data protection in the EU.
Here, we use the extended data protection mode, whereby, according to YouTube, storage of user information only commences when the videos are played back. After the commencement of playback of YouTube videos embedded on our website, the provider uses cookies to collect information about your user behaviour.
According to information provided by "YouTube", this data is used, among other things, to create video statistics, optimise user-friendliness and prevent abusive actions. If you are logged in to Google, your data will be assigned directly to your account as soon as you click on a video. If you do not wish to be assigned to your profile on YouTube, you must log out before pressing the button. Google stores your data, even for non-logged-in users, as usage profiles and evaluates it.
Legal basis
The legal basis for such an evaluation is Art. 6(1)(f) GDPR, the legitimate interest is the interest of Google in the placement of personalised advertising, market research and needs-based design of its website.
Objection and removal
You have a right to object to the creation of these user profiles; you must raise this objection with YouTube. Regardless of any playback of the embedded video, every time you visit this site, you will be connected to the Google Network "DoubleClick", which may trigger further data processing without any influence on our part.
Further information on data protection at "YouTube" can be found in the provider's privacy policy at:
https://policies.google.com/privacy?hl=en&gl=ZZ
VIII. Purchase/registration/guest access
Description and scope of data processing
Users can register on our website by providing personal data. The data is entered in an input mask in the registration process and is transmitted to us and stored by us. No data is transferred to third parties. Alternatively, we provide guest access, which does not require the creation of a customer account.
The following data is collected for the purpose of concluding the contract and for registration on our website:
(1) company
(2) first and last name
(3) address / PO box
(3) telephone number
(4) email address
In addition, you can provide voluntary information about your company, if you order from us in a commercial/freelance/self-employed capacity.
Legal basis for data processing
The legal basis for the processing of the data with the consent of the user to registration Art. 6(1)(a) GDPR.
Insofar as the provision of your data serves the fulfilment of a contract concluded with us, the additional legal basis for the processing of the data is Art. 6(1)(b) GDPR.
Purpose of data processing
Registration allows you to order easily and quickly via a simple login, as well as use certain features, such as order tracking and an overview of previous orders.
Duration of storage
The data is deleted as soon as it is no longer required for the purpose of its collection. This is the case for the data collected during the registration process if the registration on our website is cancelled or modified, unless the data is still necessary for the execution of the contract concluded with us. Even after the conclusion of the contract, there may be a need to store personal data of the contracting party in order to comply with contractual or legal obligations.
Objection and removal
As a user, you have the option of cancelling registration at any time. You may change the data stored about you at any time by modifying this data in our login area.
If the data is necessary for the fulfilment of a contract or for the execution of pre-contractual measures, premature deletion of the data is only possible if contractual or legal obligations, for example, with regard to tax and commercial storage periods, do not obstruct deletion. In this case, the data is blocked and deleted after the retention periods have elapsed.
IX. Credit check and scoring
If we provide services in advance, for example for purchases on account, to safeguard our legitimate interests, we reserve the right to obtain an identity and credit check from specialised service providers (credit reference agencies). We will submit your personal data required for a credit check to the following company:
heidelpay GmbH
Vangerowstraße 18
D–69115 Heidelberg
Email: info@heidelpay.com
Telephone: +49 (0)6221 - 6471 200
Fax: +49 (0)6221 - 6471 999
The credit information may include probability values (score values) which are calculated using scientifically recognised methods and include address data. We use the obtained information about the statistical probability of a payment default to make a balanced decision on the establishment, implementation or termination of the contractual relationship. Your legitimate interests are considered in accordance with the statutory provisions (GDPR).
X Disclosure of personal data to shipping service providers:
DHL
We only pass on your email address to DHL for the purpose of prior agreement of a delivery date or delivery notification if you have given your explicit consent in the course of the ordering process. The responsible entity on the part of DHL is
DHL Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn
DPD
We only pass on your email address to DPD for the purpose of prior agreement of a delivery date or delivery notice if you have given your express consent in the course of the ordering process. The responsible entity on the part of DPD is
DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg
Hermes
We only pass on your email address to Hermes for the purpose of prior agreement of a delivery date or delivery notification if you have given your explicit consent in the course of the ordering process. The responsible entity on the part of Hermes is
Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg
UPS
We only pass on your email address to UPS for the purpose of prior agreement of a delivery date or delivery notice if you have given your express consent in the course of the ordering process. The responsible entity on the part of UPS is
UPS United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss
Colissimo
We only pass on your email address to Colissimo for the purpose of prior agreement of a delivery date or delivery notice if you have given your express consent in the course of the ordering process. The responsible entity on the part of Colissimo is
Colissimo (La Poste), 9 rue du Colonel Pierre Avia - 75015 PARIS
Legal basis
The legal basis for the transfer of the data to the transport service providers is your consent in accordance with Art. 6(1)(a) GDPR.
Objection and removal
You may revoke your consent at any time with future effect by contacting the transport service provider or us. In this case, for the purpose of service in accordance with Art. 6(1)(b) GDPR, we only forward the name of the recipient as well as the delivery address to the transport service provider. Forwarding in this case only occurs to the extent necessary for the delivery of goods. A prior coordination of the delivery date with the transport service providers or a delivery notice by email is not possible in this case.
XI. Use of payment service provider and collection:
Direct Debit, Giropay, Credit Card, SOFORT Transfer, Purchases on Account
If you have chosen one of the types of payments above, payment is processed by the respective payment processor.
heidelpay GmbH is responsible for processing, and for collection in case of default of the above payment types. Contact address:
heidelpay GmbH
Vangerowstraße 18
D–69115 Heidelberg
Email: info@heidelpay.com
Telephone: +49 (0)6221 - 6471 200
Fax: +49 (0)6221 - 6471 999
Your legitimate interests are considered in accordance with the statutory provisions (GDPR).
If we make use of other payment methods (e.g. by telephone order on account) to provide services in advance, we reserve the right to pass on your data to the debt collection agency Allgemeiner Debitoren- und Inkassodienst GmbH in the event of a default of payment in order to safeguard our legitimate interests:
Allgemeiner Debitoren- und Inkassodienst GmbH
Eduard-Pestel Str. 7
D-49080 Osnabrück
Your legitimate interests are considered in accordance with the statutory provisions (GDPR).
Legal basis
We will provide Heidelpay GmbH and, if necessary, Allgemeiner Debitoren- und Inkassodienst GmbH with your information communicated in the order process in accordance with Art. 6(1)(b) GDPR. The legal basis is the execution of the contract concluded between us. Your data is transferred exclusively for the purpose of payment processing and only to the extent that disclosure is necessary for this, e.g. in case of default.
Objection and removal
You can also object to the processing of your data at any time by sending a request to Heidelpay GmbH or Allgemeiner Debitoren- und Inkassodienst GmbH.
Heidelpay GmbH and Allgemeiner Debitoren- und Inkassodienst GmbH also continue to be entitled to process your personal data if this is necessary for contractual payment.
XII. Google AdWords conversion tracking
This website uses "Google AdWords" and the conversion tracking of
Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google LLC is based in the USA and is certified under the US-European Privacy Shield, which ensures compliance with the applicable level of data protection in the EU.
Google AdWords allows us to promote our website and offers on external websites. Google AdWords uses cookies to help website operators ("Google AdWords customers") measure how successful individual advertising measures are.
Google AdWords uses a cookie when a user clicks on a Google AdWords advertisement for conversion tracking purposes. Cookies are small text files stored on your computer system; for a precise definition of cookies, see above. Each Google AdWords customer receives a different cookie. If the user visits certain pages and the cookie is still valid, both Google and we can recognise that the user has clicked on the advertisement and has been redirected to this page. Conversion cookies can be used to generate conversion statistics. Google AdWords customers receive information on the total number of users who have clicked on an advertisement and have been redirected to the website bearing the conversion tracking tag. However, they do not receive information that personally identifies users. If you do not wish to participate in tracking, you can block it by disabling the Google Conversion Tracking cookie in your internet browser under User Preferences. You will not be included in conversion tracking statistics.
For more information about Google's privacy policy, visit the following website: http://www.google.com/policies/privacy/
Legal basis
The legal basis for the use of Google AdWords is Art. 6(1)(f) GDPR. Our interest in using Google AdWords is to measure the interest in our advertising. This helps us show you advertising that interests you, and make our website more interesting and tailored towards you. In addition, Google AdWords enables us to make a fair analysis of advertising costs and their benefits.
Objection and removal
You can permanently deactivate ad preference cookies by blocking them in your browser settings or by downloading and installing the browser plug-in available under the following link:
https://support.google.com/ads/answer/7395996
Please note that, if you have deactivated the use of cookies, certain functions of this website may not work or may only be used to a limited extent.
XIII. Google AdWords remarketing
We use the features of Google AdWords Remarketing to promote our website in Google's search results or on third-party websites. The provider of Google AdWords Remarketing is
Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
Google LLC is based in the USA and is certified under the US-European Privacy Shield, which ensures compliance with the applicable level of data protection in the EU.
Google AdWords Remarketing allows you to add interest-based advertising based on the pages you visit by automatically setting a cookie in your device's browser using a pseudonymous cookie ID.
Further information and the privacy policy regarding advertising and Google can be viewed here: http://www.google.com/policies/technologies/ads/
Legal basis
Processing takes place in accordance with Art. 6(1)(f) GDPR. "Legitimate interest" is our interest in the optimal marketing of our website.
Any further data processing only occurs if you have consented to Google linking your Google browsing history to your Google Account and using information from your Google Account to personalise online ads. If you are logged into Google while visiting our website, Google uses your data together with data from Google Analytics to create audience lists for remarketing (across devices). For this, Google temporarily links your personal data to Google Analytics data in order to form corresponding target groups.
Objection and removal
To prevent the setting of ad preference cookies permanently, you can download and install the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/
In addition, you can set your browser so that you are aware of the setting of cookies and individually decide whether to accept cookies or refuse them either in general or for specific cases (see above). The deactivation of cookies may limit the functionality of our website.
XIV. Google Analytics
Our website uses Google Analytics, a web analytics service of
Google LLC. ("Google"), 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google LLC is based in the USA and is certified under the US-European Privacy Shield, which ensures compliance with the applicable level of data protection in the EU.
The purpose of using the Google Analytics component is to analyse visitor traffic to our website. Among other things, data is collected on the website from which a data subject came to our website ("referrers"), which subpages of the website were accessed or how often and for what length of time a subpage was viewed. Google uses the data and information obtained to, among other things, create online reports, which evaluate the use of our website and show the activities on our website, as well as other services related to the use of our website. This data also helps us to create a cost-benefit analysis of internet advertising. The web analysis also enables us to detect and correct errors on the website, for example incorrect links.
Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you. A detailed description of how such cookies work can be found above. A cookie stores personally identifiable information, such as access time, the location from which the site was accessed and the frequency of site visits by the data subject. The information generated by cookies about your use of this website (including your IP address) is transmitted by Google to a Google server in the USA and stored there. Google may transfer such personal data collected through the technical process to third parties as required by law or as far as third parties process this data on behalf of Google.
Only in exceptional cases, the full IP address is sent to a Google server in the USA and shortened there: on our website, Google Analytics has been extended by the code "gat._anonymiseIp ();" to guarantee an anonymous collection of IP addresses (so-called IP masking). Since we have activated this so-called IP anonymisation on this website and have concluded a corresponding order processing contract with Google, your IP address will be shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area. Google will never associate your IP address with other Google data.
By using our website, you agree to the processing of data about you by Google in the manner and for the purpose described above.
Legal basis
The legal basis for the use of Google Analytics and the associated data processing is Art. 6(1)(f) GDPR. Our "interest" within the meaning of Art. 6(1)(f) GDPR is the operation and optimisation of our website to the needs of visitors, as well as the troubleshooting enabled by Google Analytics.
Objection and removal/deactivation of Google Analytics
You can prevent the storage of cookies through a corresponding setting of your browser software, as described above in this Privacy Policy under the section "Cookies"; however, please note that this may mean you will not be able to use all functions of this website in full.
You also have the opportunity to object to the collection of usage data via Google Analytics. Google provides a so-called deactivation add-on, which you can install via the link below
https://tools.google.com/dlpage/gaoptout?hl=en-GB. The Google Analytics opt-out browser add-on gives you control over what data Google Analytics collects from accessed sites. The add-on informs the JavaScript (ga.js) of Google Analytics that no data or information about your website visit should be transmitted to Google Analytics. The installation of the browser add-on is recognised by Google as an objection. If the computer system you are using is later deleted, formatted, or reinstalled, you must reinstall the browser add-on to disable Google Analytics.
For more information about Terms of Use and Privacy, please see
http://www.google.com/analytics/terms/en.html
https://www.google.com/intl/en/policies/.
XV. Google Maps
On our website, we use Google Maps (API), provided by
Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
Google LLC is based in the USA and is certified under the US-European Privacy Shield, which ensures compliance with the applicable level of data protection in the EU.
Google Maps is a web service for displaying interactive (land) maps. Google Maps will show you our location and show you a potential route.
Through this integration, Google receives the information that your browser has accessed the corresponding page of our website, as well as other information, even if you do not have a Google account or have a Google account but are not currently logged in to it. This information (including your IP address) is transmitted from your browser directly to a Google server in the USA and stored there. If you are logged in to Google, Google can immediately assign the visit to our website to your local user account.
Google Maps terms of service can be found here https://www.google.com/intl/en_US/help/terms_maps.html.
Detailed information about privacy in connection with the use of Google Maps can be found here: http://www.google.com/intl/en/policies/privacy/.
Legal basis
In accordance with Art. 6(1)(f) GDPR, the use of Google Maps serves our legitimate interest of making our website more attractive by offering an (interactive) map for our users, especially those who would like to visit us. The evaluation by Google takes place in particular in accordance with Art. 6(1)(f) GDPR on the basis of the legitimate interests in the display of personalised advertising, market research and needs-based design of the website.
Objection and removal
You have a right to object to the creation of the user profiles described above, and you must contact Google to exercise this right. If you do not wish to be associated with your profile on Google, you must log out before activating the button. If you disagree with the future transmission of your data to Google when using Google Maps, you can also disable the Google Maps web service completely by turning off the JavaScript application in your browser. Google Maps and the map display on this website cannot be used in this instance.
XVI. Rights of the data subject
Data subjects whose personal data is processed have the following rights vis-a-vis the controller with respect to the personal data concerning them:
Right of access
At your request, the controller confirms that personal data concerning you is processed by us.
If we carry out any processing, you can request the following information from the controller:
(1) the categories of personal data processed;
(2) the purposes for which the personal data is processed;
(3) the recipients/categories of recipients to whom the personal data has been disclosed or is still being disclosed;
(4) the planned duration of the storage of personal data concerning you or, if specific information is not available, the criteria for determining the duration of storage;
(5) the existence of a right to rectification or erasure of personal data, a right to restriction of processing by the controller or a right to object to such processing;
(6) all available information on the source of the data if the personal data are not collected from the data subject;
(7) the existence of a right of appeal to a supervisory authority;
(8) the existence of automated decision-making including profiling (Art. 22(1) and (4) GDPR) and – at least in these cases – meaningful information about the logic involved, as well as the scope and intended impact of such processing on the data subject.
You also have the right to know the extent to which personal data concerning you are transmitted to a third country (or to an international organisation). In this regard, you can request information regarding the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
Right of rectification
You have a right to rectification and/or completion vis-a-vis the controller, if the processed personal data concerning you is incorrect or incomplete. Rectification must be performed immediately.
Right to restriction of processing
You may request a restriction on the processing of personal data concerning you if
(1) you contest the accuracy of personal data concerning you for a period of time that enables the controller to verify the accuracy of your personal data;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
(4) if you object to the processing in accordance with Art. 21(1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data – regardless of its storage – may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, the controller will inform you before the restriction is lifted.
Right to erasure
Erasure obligation
You may request that the controller delete your personal data without delay, and the controller is required to delete that data immediately if any one of the following is true:
(1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke the consent on the basis of which processing is performed in accordance with Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for processing.
(3) You submit an objection to processing in accordance with Art. 21(1) GDPR and there are no prior justifiable reasons for the processing, or you submit an objection to processing in accordance with Art. 21(2) GDPR.
(4) Personal data concerning you has been processed unlawfully.
(5) The deletion of personal data concerning you is required to fulfil a legal obligation under European Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you was provided in connection with information society services offered in accordance with Art. 8(1) GDPR.
Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it in accordance with Art. 17(1) GDPR, it shall take appropriate measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers who process the personal data for which you, the data subject, have requested the deletion of any links to such personal data or copies or replications of such personal data.
Exceptions
The right to erasure does not exist if processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation that requires processing under European Union law or the law of the Member States to which the controller is subject or for the performance of a task of public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the field of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, to the extent that the law referred to in Section (a) is likely to render the achievement of the objectives of that processing impossible or severely prejudice it, or
(5) to assert, exercise or defend legal claims.
Right of information
If you have exercised the right of rectification, erasure or restriction of processing vis-a-vis the controller, s/he is obliged to notify all recipients to whom personal data concerning you has been disclosed of this rectification, erasure of data, or restriction of processing, unless this proves to be impossible or involves a disproportionate amount of work.
You have a right to be informed of these recipients by the controller.
Right to data portability
You have the right to obtain personal data concerning you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the controller to whom this data was provided, as long as
(1) the processing is based on consent in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract in accordance with Art. 6(1)(b) GDPR and
(2) the processing is done by automated means.
In exercising this right, you also have the right to have personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.
Right of objection
You have the right to submit an objection to the processing of personal data concerning you which occurs in accordance with Art. 6(1)(e) or (f) GDPR, at any time, for reasons that arise from your particular situation; this also applies to profiling based on these provisions.
The controller will no longer process personal data concerning you unless the controller can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of enforcing, exercising or defending legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object to the processing of personal data concerning you for the purpose of such advertising at any time; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to processing for direct marketing purposes, personal data concerning you will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, of exercising your right of objection through automated procedures that use technical specifications.
Right to revoke the data privacy consent declaration
You have the right to revoke your data privacy consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Automated decision on an individual basis including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or considerably affect you in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the controller,
(2) is permitted by European Union law or the law of the Member States to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3) is made with your express consent.
However, these decisions may not apply to specific categories of personal data under Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and reasonable measures have been taken to protect rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller takes appropriate measures to uphold the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the side of the controller, to express his/her own position and to challenge the decision.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.