Privacy Policy according to the GDPR (current German data privacy regulations)
Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other legal data protection provisions is:
Technische Akademie Esslingen e.V.
An der Akademie 5
73760 Ostfildern
Deutschland
The Data Protection Officer of the Controller is:
legal data Schröder Rechtsanwaltsgesellschaft mbH
E-Mail: datenschutz@tae.de
1. Scope of the Processing of Personal Data
The Technische Akademie Esslingen e.V. welcomes your visit to our website and with your interest in our company and our services. As a guiding principle we process the personal data of our users only where this is required to provide a functional website and our content and services. The personal data of our users is as a rule only processed with the prior consent of the user. An exception applies in cases where prior consent cannot be obtained for practical reasons and statutory regulations permit processing of the data.
2. Legal Basis for the Processing of Personal Data
Where we obtain consent from the data subject for personal data processing operations, point (a) of Art. 6 (1) of the EU General Data Protection Regulation (GDPR) is the legal basis for personal data processing.
If processing of personal data is necessary for the performance of a contract to which the data subject is party, point (b) of Art. 6 (1) GDPR is the legal basis. This also applies to processing operations required to implement pre-contractual measures.
Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, point (c) of Art. 6 (1) GDPR is the legal basis. If processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, point (d) of Art. 6 (1) GDPR is the legal basis.
If processing is necessary for the purposes of any legitimate interest pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, point (f) of Art. 6 (1) GDPR is the legal basis for processing.
3. Erasure of Data and Storage Period
The data subject’s personal data will be erased or blocked once the purpose of storage ceases to apply. In addition, the data can be stored if this has been provided for by European or national legislators in union law regulations, laws or other legislation which apply to the controller. The data will also be blocked or erased once a storage period specified by the aforementioned standards expires, unless further storage of the data is required for the conclusion or performance of a contract.
I. Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
(1) Information on the browser type and version used
(2) The operating system of the user
(3) The internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system accesses our website
(7) Websites accessed by the user’s system through our website
2. Purpose of Data Processing
It is necessary for the system to temporarily store the IP address to allow the website to be delivered to the computer of the user. To this end, the IP address of the user must be stored for the duration of the session. Such purposes also constitute our legitimate interest in data processing pursuant to point (f) of Art. 6 (1) GDPR.
3. Storage Period
The data will be erased as soon as it is no longer required to achieve the purpose of its collection. In the case of collecting of data for the provision of the website, this is the case when the relevant session ends.
4. Objection and Elimination Option
The collection of data to provide the website and the storage of data in log files is absolutely necessary to ensure operation of the website. Consequently, the user has no option to object.
II. Use of Cookies
a) Description and Scope of Data Processing
Our website uses cookies. Cookies are text files which are stored within or by the internet browser in the user’s computer system. If a user accesses a website, a cookie can be stored in the user’s operating system. This cookie contains a distinctive sequence of characters that allows the unique identification of the browser the next time the website is accessed. We use cookies to make our website more user-friendly. Certain elements of our website also require the accessing browser to remain identifiable after changing to a different webpage. The user data to be collected in this way is encrypted with the use of technical measures in such a way that it is no longer possible to assign such data to the user who accessed the webpage. The data will not be stored with any other personal data of the users. Upon accessing our website, an info banner informs the users about the use of cookies for analysis purposes and the users are referred to this privacy policy.
b) Legal Basis for Data Processing
The legal basis for the processing of personal data using technically required cookies is point (f) of Art. 6 (1) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes where the user has given his or her consent is point (a) of Art. 6 (1) GDPR.
c) Purpose of Data Processing
The purpose of the use of technically required cookies is to facilitate the use of websites for the users. Some functions of our website cannot be provided without the use of cookies. For these functions, it must also be possible to recognise the browser after changing to a different webpage. The user data collected by technically required cookies is not used to create user profiles. Analysis cookies are used for the purpose of improving the quality of our website and its content. Via the analysis cookies, we find out how the website is used, allowing us to continually optimise our content. Such purposes also constitute our legitimate interest in personal data processing pursuant to point (f) of Art. 6 (1) GDPR.
d) Storage Period, Objection and Elimination Option
Cookies are stored on the user’s computer, and transferred from it to our site. Therefore, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. Cookies which have already been stored can be erased at any time. This can also occur automatically. If cookies are deactivated for our website, you may no longer have full access to the website functions.
III. Newsletter
1. Description and Scope of Data Processing
Our website offers the possibility to subscribe to a free newsletter. In this case, the data entered in the input screen upon subscription to the newsletter is transferred to us.
Additionally, the following data is collected upon subscription:
(1) IP address of the accessing computer
(2) Date and time of registration
We will obtain your consent to process the data in the course of the subscription process while referring to this privacy policy. If you purchase goods or services through our website and store your email address in the process, it may consequently be used by us to send a newsletter. In this case, only direct advertising for own similar goods or services will be sent via the newsletter. There is no disclosure of personal data to third parties in the context of data processing for sending newsletters. The data is exclusively used for sending the newsletter. In order to optimise the newsletter for you, you agree to our evaluation, with which we measure how often the newsletter is opened and on which links the readers click.
2. Legal Basis for Data Processing
The legal basis for data processing after the user’s subscription to the newsletter where the user has given his or her consent is point (a) of Art. 6 (1) GDPR. The legal basis for sending the newsletter as a consequence of the sale of goods or services is Art. 7 (3) of the German Unfair Competition Act (UWG).
3. Purpose of Data Processing
The user’s email address is collected to send the newsletter. The collection of other personal data within the framework of the subscription process serves to prevent any misuse of the services or of the email address used.
4. Storage Period
The data will be erased as soon as it is no longer required to achieve the purpose of its collection. The user’s email address is, therefore, stored for as long as the newsletter subscription is active. The additional personal data collected during the subscription process is usually erased after a period of seven days.
5. Objection and Elimination Option
The data subject can cancel his or her subscription to our newsletter at any time. To that end, each newsletter contains a corresponding link. This also enables consent to the storage of personal data collected in the subscription process to be revoked.
IV. Seminar Registration
1. Description and Scope of Data Processing
On our website, we provide users with the possibility of registering by stating personal data. The data will be entered into the input screen and transferred to us and stored. The data will not be disclosed to third parties. At the time of registration, the following data will be stored:
(1) The IP address of the user
(2) Date and time of registration
As part of the registration process, the user’s consent to the processing of this data is obtained.
2. Legal Basis for Data Processing
The legal basis for data processing where the user has given his or her consent thereto is point (a) of Art. 6 (1) GDPR.
3. Purpose of Data Processing
A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.
4. Storage Period
The data will be erased as soon as it is no longer required to achieve the purpose of its collection. This is the case during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.
5. Objection and Elimination Option
As a user you have the possibility to cancel the registration at any time. You can have the data stored about you changed at any time. If the data is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, a premature erasure of the data is only possible insofar as contractual or legal obligations do not stand in the way of an erasure. If your personal data is processed, you are a data subject in the sense of the GDPR and you have the following rights vis-à-vis the controller:
1. Right of Access
You can request confirmation from the controller whether we process personal data related to you.
2. Right to Rectification
You have a right to rectification and / or completion vis-à-vis the controller if the processed personal data related to you is incorrect or incomplete. The controller must perform rectification immediately.
3. Right to Restriction of Processing
You have the right to obtain restriction of processing of the personal data concerning you where one of the following applies:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
(3) if the controller no longer needs the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims, or
(4) if you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your legitimate grounds.
Where processing of the personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Where processing has been restricted pursuant to the aforementioned conditions, you will be notified by the controller before the restriction is lifted.
4. Right to Erasure
You may demand the controller to erase the personal data concerning you without undue delay and the controller is obliged to erase such data without undue delay where one of the following grounds applies:
(1) the personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(2) you withdraw your consent on which the processing is based according to point (a) of Art. 6 (1), or point (a) of Art. 9 (2) GDPR, and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR;
(4) the personal data concerning you has been unlawfully processed;
(5) the personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) the personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
a) Information to third Parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
b) Exceptions
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) as well as Art. 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR insofar as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise or defence of legal claims.
5. Right of Information
If you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the controller, the latter is obliged to notify all recipients, to whom the personal data concerning you has been disclosed, of such rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the controller to be informed of such recipients.
6. Right to Data Portability
You have the right to receive any personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit that data to another controller without hindrance from the controller to whom the personal data has been provided, where
(1) the processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR or on a contract pursuant to point (b) of Art. 6 (1) GDPR and
(2) if the processing is carried out by automated means.
In exercising such right, you further have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of other persons. The right to data portability does not apply to any personal data processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 (1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data concerning you is processed for direct marketing purposes, you shall have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to Withdraw
Declaration of Consent under Data Protection Laws You have the right to withdraw your declaration of consent under data protection laws at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent granted before its withdrawal.
9. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of the personal data concerning you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
V. Social Media
You can find us in various social media with our own presence. Through this, we would like to provide you with a broad, multimedia offering and exchange information with you on topics that are important to you. In addition to the respective provider of a social network, we also collect and process personal user data on fan pages.
1. General
We link on this website to our presences in social networks. For this purpose, we have linked a graphic of the respective network. When you load our website, no data is yet transmitted to the operators of the social networks, but only when you actively follow the link to our profile on the respective social network. When you call up our profile page on a social network, the operator of the social network may set cookies on your end device regardless of whether you have an account with the network or whether you are logged in there. Cookies are set primarily in order to be able to display personalized advertising to visitors to the social networks, including our profile pages. This is done, for example, by displaying ads on the social network pages to the user from advertising partners of the social network whose websites the user has previously visited. In addition, cookies enable us to compile statistics on the use of our profile page (e.g. number of page views, user categories). If we receive such statistical analyses from the operator of the social network, the data is anonymized by the operator beforehand, i.e. it is not possible for us to assign usage data to an individual user. If you are logged in to the social network, however, the operator of the social network may be able to assign the visit to our profile on the social network to your account there.
At least the following data is processed by the respective social network:
• IP address
• Date, time
• Visited page in the social network
In addition, depending on the operator, other categories of data may also be processed, e.g.:
• Referral URL (page from which the user reached a sub-page of the social network)
• URL of internal and external pages accessed from the social network
• End device of the user (desktop, smartphone, tablet)
• Language settings of the user
• Region of the user
If you are logged into your user account of the respective network during this time, the network operator may be able to assign the collected information of the specific visit to your personal account. If you interact via a "Share" button of the respective network, this information can also be stored in the user's personal user account and may be published. If you want to prevent the collected information from being directly assigned to your user account, you must log out of the respective social network before clicking on the graphic. You can also configure the respective user account accordingly.
We have no influence on which data is collected and transmitted by the operator of the social network, to which third-party recipients a transmission by the operator of the social network takes place and how long the data is stored by the operator of the social network. In this regard, we refer to the privacy policy of the respective social network.
You are not obliged to provide us with your data on our profile pages on social networks. If you do not want the operators of the social networks to collect data from you on our profile pages, you can prevent this by not accessing our profile pages.
2. Legal basis for the processing of personal data
The purpose pursued by us in processing your data on our profile page on the respective social network is to provide information about our offers and services and to respond to any inquiries on our profile page. The legal basis for the processing is Art. 6 (1) f) DS-GVO. To this extent, public relations work is covered by our legitimate interests within the meaning of the provision. Legal basis for the use of social plugins such as "share" buttons is your consent according to Art. 6 para. 1 a) DS-GVO.
3. Deletion
We delete private messages that you send to us via social networks within one year after the last communication with you. Public posts from you (e.g., in our Timeline) we generally leave permanently published until you explicitly request their deletion.
We reserve the right to delete illegal content published by users on our profile page on the respective social network, e.g. copyright infringements or criminally relevant statements. In addition, we store usernames and comments that are deleted due to violation of netiquette. These are only kept for possible proof in case of legal disputes within the statute of limitations.
4. Responsibility
According to the case law of the European Court of Justice, we are jointly responsible with the operator of the respective social network for the operation of our profile page with regard to compliance with data protection regulations. In this context, the operator of the social network provides the associated IT infrastructure as well as the website of the social network and is basically the primary contact when it comes to processing your data on the pages of the social network (e.g. information or deletion). With regard to data processing on social networks, we therefore recommend that you contact the respective social network directly for information requests or other questions regarding user rights, such as a deletion request, as only the operators of the social networks have full access to your user data.
5. Objection and Removal Option
If you no longer wish to have the data processing described here in the future, you can remove the connection of your user profile to our site by using the functions "I no longer like this page" and/or "Do not subscribe to this page". However, you can also assert your legal rights against us. In this case, we will forward your requests to the operator of the social network.
6. Social Media
We include the following social networks on our website by linking to them:
Facebook
If you access our Facebook fan page, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 D02 X525, Ireland, collects, stores and processes your personal data in accordance with Facebook's privacy policy. The privacy policy can be found here: de-de.facebook.com/policy.php
As part of the "Facebook Insights" function, Facebook may provide us with the following data categories, among others, in anonymized / statistical form for the purpose of performance measurement and optimization of our Facebook presence:
• Predefined interactions on our fan page
• Timestamp
• Country/city of the user
• HTTP language code
• Age/gender group
• Previously visited website (so-called referral URL)
• End device of the user
• Facebook user ID (if logged in)
Regarding the processing of Insights data, there is a joint responsibility between Facebook and us, under which Facebook has assumed primary responsibility. This concerns the processing of Insights data and the implementation of data subject rights. Therefore, please contact Facebook directly regarding all obligations under the GDPR about the processing of Insights data. We will forward your inquiries received by us in this regard to Facebook. Further details on this are governed by the Joint Controller Addendum, which you can find here: www.facebook.com/legal/terms/page_controller_addendum
You can find more information about Facebook Insights here: https://analytics.facebook.com/features/list#automated_insights
www.facebook.com/legal/terms/information_about_page_insights_data
Instagram
If you visit our Instagram channel, personal data will be stored and processed by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 D02 X525, Ireland, as provider of Instagram in accordance with Instagram's privacy policy. The privacy policy can be found here: help.instagram.com/519522125107875
For the purpose of demand-oriented design and continuous optimization of our pages, we use the statistics service Instagram Insights. This service records your activity on our site and makes it available to us in anonymized statistics. This gives us insights into, among other things, the interactions of our fan page visitors, the views of our page, the reach of posts, information about the activity of our subscribers, as well as information about which countries and locations our visitors come from, and statistics about the gender ratios of our visitors. Conclusions about individual users as well as access to individual user profiles by us are not possible.
Twitter
On our Twitter channel you will receive our offers and services.
When you visit our channel, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"), as operator, stores and processes personal data to the extent described in the privacy policy.The privacy policy of Twitter can be found here: twitter.com/de/privacy.
For the purpose of demand-oriented design and continuous optimization of our pages, we use the statistics service Twitter Analytics. This service records your activity on our site and makes it available to us in anonymized statistics. This provides us with information about, among other things, impressions (how often a particular ad was viewed by Twitter users and by which target groups), conversions (e.g. website visits, registration) and other interactions (e.g. retweets, hashtag clicks). Conclusions about individual users as well as access to individual user profiles by us are not possible.
You can find more information about Twitter Analytics at: business.twitter.com/de/advertising/analytics.html
YouTube
On our YouTube channel you can find videos or helpful tips about our offer. The customer service team also professionally answers users' questions and comments on YouTube.
Personal data is stored and processed by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 D04 E5W5, Ireland ("Google"), as operator of YouTube, in accordance with Google's privacy policy. The privacy policy can be found here: policies.google.com/privacy
With the help of YouTube's Analytics functions, it is possible for us to perform certain statistical analyses to optimize our channel. This includes, in particular, details on the most popular videos (e.g., dwell time of users, ranking of videos), target groups (e.g., countries, language settings, age and gender, activity times) and the reach of our channel (e.g., where users were redirected to a video from) and impressions (e.g., how many users have seen a certain ad). Conclusions about individual users as well as access to individual user profiles by us are not possible.
For more information on YouTube's analytics functions, please visit: support.google.com/youtube/answer/9002587
LinkedIn
On our LinkedIn page, we inform you about career opportunities with us and you can contact us directly.
In the process, personal user data is processed by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn").
We use the analytics functions provided by LinkedIn to optimize the performance of our LinkedIn page. In doing so, LinkedIn provides us with a statically prepared - i.e. anonymized - compilation of certain data. These include, among others, the following data categories: Conversions (achievement of certain targets such as registrations for events, leads), user actions (e.g. clicks, views of certain ads) and target groups (e.g. professional position, industry). Conclusions about individual users and access to individual user profiles by us are not possible.
You can find more information about LinkedIn's analytics functions at: business.linkedin.com/de-de/marketing-solutions/reporting-analytics.
In addition, we are also able to search for suitable candidates for vacancies on the basis of certain characteristics (e.g. current position, knowledge, professional experience, salary expectations). In this way, specific LinkedIn profiles can be displayed to us, which we can contact directly.
You can find LinkedIn's privacy policy at: www.linkedin.com/legal/privacy-policy
Xing
On our XING page, we inform you about career opportunities with us and you can contact us directly.
In the process, personal user data is processed by New Work SE, Am Strandkai 1, 20457 Hamburg ("XING").
We use the "Recruiter Insights" function from XING. This enables us to find suitable candidates for vacant positions based on certain targets (e.g. current position, knowledge, professional experience, salary expectations) and to contact them directly. The categories of data processed may include all information provided by the user on his own profile page. In addition, statistical - i.e. anonymized - evaluation functions of "Recruiter Insights" enable us to measure the effectiveness of our candidate search, e.g. with the help of information on how candidates were included in our applicant pool (i.e. via job advertisements, projects, recommendations or other means) or on the response rate.
XING users can influence the extent to which their user behavior may be recorded when visiting our XING site under the settings for advertising preferences. Further options are offered by the XING settings or the form for the right to object. The processing of information by means of the cookie used by XING can also be prevented by not allowing cookies from third-party providers or those from XING in your own browser settings.
You can find XING's privacy policy at: privacy.xing.com/en/privacy-policy
7. How is personal data passed on?
In order to make our services available, it is generally necessary to involve instruction-dependent processors, such as data center operators or other parties.External service providers who process data on our behalf are carefully selected by us and strictly bound by contract. The service providers work according to our instructions, which is ensured by strict contractual regulations, by technical and organizational measures and by supplementary controls. As a matter of principle, we do not pass on your data collected on our profile page with the respective social network to third parties, unless this is required on the basis of consent from you or to fulfill a contract with you. Insofar as we use external service providers (e.g. in the area of IT), this takes the form of commissioned processing with the service provider, on the basis of which the service provider is obliged to process data in accordance with our instructions. In addition, data may be passed on to courts and competent law enforcement and supervisory authorities on the basis of official orders and legal obligations.
We would like to point out that the US providers Facebook, Instagram, Twitter, YouTube and LinkedIn may transfer personal data to the USA. These providers oblige recipients outside the EU/EEA to comply with an appropriate data protection standard due to so-called EU standard contractual clauses. In addition, a transfer to a third country can also take place due to the recognition of an adequate level of data protection by the European Commission (so-called adequacy decision).
Otherwise, your data will only be transferred if you have given us your express consent to do so or on the basis of a statutory regulation.
VI. Your rights
If your personal data is processed, you are a data subject in the sense of the GDPR and you have the following rights vis-à-vis the controller:
1. Right of Access
You can request confirmation from the controller whether we process personal data related to you.
2. Right to Rectification
You have a right to rectification and / or completion vis-à-vis the controller if the processed personal data related to you is incorrect or incomplete. The controller must perform rectification immediately.
3. Right to Restriction of Processing
You have the right to obtain restriction of processing of the personal data concerning you where one of the following applies:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
(3) if the controller no longer needs the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims, or
(4) if you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your legitimate grounds.
Where processing of the personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where processing has been restricted pursuant to the aforementioned conditions, you will be notified by the controller before the restriction is lifted.
4. Right to Erasure
You may demand the controller to erase the personal data concerning you without undue delay and the controller is obliged to erase such data without undue delay where one of the following grounds applies:
(1) the personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(2) you withdraw your consent on which the processing is based according to point (a) of Art. 6 (1), or point (a) of Art. 9 (2) GDPR, and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR;
(4) the personal data concerning you has been unlawfully processed;
(5) the personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) the personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
a) Information to third Parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
b) Exceptions
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) as well as Art. 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR insofar as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise or defence of legal claims.
5. Right of Information
If you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the controller, the latter is obliged to notify all recipients, to whom the personal data concerning you has been disclosed, of such rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right vis-à-vis the controller to be informed of such recipients.
6. Right to Data Portability
You have the right to receive any personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit that data to another controller without hindrance from the controller to whom the personal data has been provided, where
(1) the processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9
(2) GDPR or on a contract pursuant to point (b) of Art. 6 (1) GDPR and
(2) if the processing is carried out by automated means.
In exercising such right, you further have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of other persons.
The right to data portability does not apply to any personal data processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 (1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you shall have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to Withdraw Declaration of Consent under Data Protection Laws
You have the right to withdraw your declaration of consent under data protection laws at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent granted before its withdrawal.
9. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of the personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.