The legal foundation for the processing of your personal data is Art. 6 Para. 1 Letter f) of the GDPR.
The processing of your aforementioned personal data allows us to analyse the surfing behaviour of our users. By evaluating the data gathered, we are capable of compiling information about the usage of the individual components of our website. This helps us to constantly improve our website and its user friendliness. In these purposes lies also our legitimate interest in the processing of the data acc. to Art. 6 Para. 1 Letter f) of the GDPR. By making the IP address anonymous, the users’ interest to protect their personal data is sufficiently taken into account.
The data are deleted as soon as they are no longer needed for our recording purposes. In our case, this occurs after 12 weeks.
7. RIGHTS OF THE AFFECTED PERSON
If your personal data are processed, you are an affected person within the meaning of the GDPR and you have the following rights vis-à-vis the responsible party:
7.1 RIGHT TO INFORMATION
You can request a confirmation from the responsible party stating whether we are processing your personal data.
If there is such processing, you can request the following information from the responsible party:
- The purposes for which the personal data are being processed;
- The categories of personal data that are being processed;
- The recipients or categories of recipients to whom your personal data were or will still be disclosed;
- The planned length of storage of your personal data or, if no specific information on this is possible, the criteria for establishing the length of storage
- The existence of a right to correct or delete your personal data, a right to limit the processing by the responsible party or to an objection against this processing;
- The existence of a right to complain to a supervisory authority;
- All available information about the origin of the data when the personal data are not collected from the affected person.
7.2 RIGHT TO CORRECTION
You are entitled to correction and/or completion vis-à-vis the responsible party, provided your processed personal data are incorrect or incomplete. The responsible party must correct them at once..
7.3 RIGHT TO RESTRICTION OF PROCESSING
You can request the processing of your personal data to be restricted under these prerequisites:
- If you dispute the accuracy of your personal data for a period of time that allows the responsible party to verify the accuracy of the personal data;
- When the processing is unlawful and you reject the deletion of the personal data and request limiting the use of the personal data instead;
- When the responsible party no longer needs the personal data for the processing purposes, but you need them for asserting, exercising or defending legal claims, or
- When you have filed an objection against the processing acc. to Art. 21 Para. 1 of the GDPR and it is still uncertain whether the justified reasons of the responsible party outweigh yours.
If the processing of your personal data was restricted, these data may – apart from their storage – only be processed with your consent or for asserting, exercising or defending legal claims or for protecting the rights of another natural person or legal entity or owing to reasons related to an important public interest of the Union or a member state.
If the processing restriction was restricted acc. to the above-mentioned prerequisites, you will be notified by the responsible party before the restriction is lifted.
7.4 RIGHt TO DELETION
- DELETION OBLIGATION
You can request the responsible party to delete your personal data immediately and the responsible party is obligated to delete them at once if one of these reasons applies:
- The purposes for which your personal data were collected or otherwise processed are no longer necessary.
- You revoke your consent on which the processing was based acc. to Art. 6 Para. 1 Letter a) or Art. 9 Para. 2 Letter a) of the GDPR, and there is no other legal foundation for the processing.
- You file an objection against the processing acc. to Art. 21 Para. 1 of the GDPR and there are no overriding legally justified reasons for the processing, or you file an objection against the processing acc. to Art. 21 Para. 2 of the GDPR.
- Your personal data were illegally processed.
- The deletion of your personal data is necessary to fulfil a legal obligation acc. to Union or member state legislation to which the responsible party is subject.
- Your personal data were collected in relation to offered services of the information society acc. to Art. 8 Para. 1 of the GDPR.
- INFORMATION TO THIRD PARTIES
If the responsible party has made your personal data public and he is obligated to delete them acc. to Art. 17 Para. 1 of the GDPR, then taking the available technology and implementation costs into account, he takes reasonable measures (also technical ones) to inform those responsible for the data processing that process personal data that you, as affected person, have requested them to delete all links to these personal data or of copies or replications of these personal data.
- EXCEPTIONS
There is no right to deletion if the processing is necessary:
- To exercise the right to the free expression of opinion and information;
- To comply with a legal obligation that requires the processing according to the law of the Union or the member states to which the responsible party is subject, or to carry out a task that lies in the public interest or takes place in the exercise of public authority that was transferred to the responsible party;
- Owing to reasons of public interest in the public health sector acc. to Art. 9 Para. 2 Letters h) and i) as well as Art. 9 Para. 3 of the GDPR;
- To assert, exercise or defend legal claims. .
7.5 RIGHT TO BE INFORMED
If you have asserted the right to the correction, deletion or restriction of the processing vis-à-vis the responsible party, the latter is obligated to communicate to all recipients to whom your personal data were disclosed this correction or deletion of the data or restriction of the processing unless this turns out to be impossible or this entails an unreasonable effort. Vis-à-vis the responsible party, you are entitled to be notified about these recipients.
7.6 RIGHT TO DATA PORTABILITY
You are entitled to receive your personal data that you provided to the responsible party in a structured, common and machine-readable format. Additionally, you are entitled to transmit these data to another responsible party, without interference from the responsible party, to whom you provided the personal data as long as:
- The processing is based on a consent acc. to Art. 6 Para. 1 Letter a of the GDPR or Art. 9 Para. 2 Letter a) of the GDPR or on a contract acc. to Art. 6 Para. 1 Letter b) of the GDPR and
- The processing is done with the help of automated methods.
In the exercise of this right, you are additionally entitled to see to it that your personal data are transmitted directly from one responsible party to another responsible party as far as this is technical feasible. The rights and freedoms of other persons may not be affected by this.
7.7 RIGHT TO OBJECT
For reasons resulting from your special situation, you are entitled at any time to file an objection against the processing of your personal data, which takes place owing to Art. 6 Para. 1 Letter e) or f) of the GDPR; this also applies to a profiling based on these provisions.
The responsible party no longer processes your personal data unless he can prove mandatory reasons worth protecting for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
If your personal data are processed to engage in direct advertising, you are entitled to file an objection against the processing of your personal data at any time for the purposes of such advertising; this also applies to the profiling as far as it is related to such direct advertising.
If you object to the processing for direct advertising purposes, then your personal data will no longer be processed for these purposest.
In connection with the use of services of the information society and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to objection using automated methods that use technical specifications.
7.8. RIGHT TO OBJECT TO THE LEGAL DATA PROTECTION DECLARATION OF CONSENT
You are entitled to revoke your legal data protection declaration of consent at any time. The revocation of the consent does not affect the legality of the processing that took place until the revocation due to the consent.
7.9 AUTOMATED DECISION IN THE INDIVIDUAL CASE, INCLUDING PROFILING
You are entitled not to be subject to a decision based exclusively on an automated processing – including profiling – that affects you legally or significantly affects you in a similar way. This does not apply if the decision:
- Is necessary for concluding or fulfilling a contract between you and the responsible party,
- Is permissible and these legal regulations contain reasonable measures to safeguard your rights and freedoms as well as your justified interests owing to the legislation of the Union or member states to which the responsible party is subject, or
- Takes place with your express consent.
However, these decisions may not be based on special categories of personal data acc. to Art. 9 Para. 1 of the GDPR, if Art. 9 Para. 2 Letter a) or g) of the GDPR does not apply and reasonable measures were taken to protect your rights and freedoms as well as your justified interests.
7.10 RIGHT TO COMPLAIN TO A SUPERVISORY AUTHORITY
Irrespective of another court or administrative law remedy, you are entitled to complain to a supervisory authority, especially in a member state of your place of residence, workplace or the place where the alleged violation occurred if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint was submitted notifies the complainant about the status and results of the complaint, including the possibility of a legal remedy acc. to Art. 78 of the GDPR.
