Privacy

Privacy and data protection
Privacy policy

Thank you for your interest in our website. As a member of the Verein sicherer und seriöser Internetshopbetreiber e. V., the protection of your personal data is a serious concern for us. In the following, we inform you, transparently and in understandable language, among other things, about the data collection and its scope, what your data is used for and what rights you have. Your data will be collected, stored and processed in compliance with the relevant statutory provisions. Personal data are all types of data with which you can be identified as a person.

1.) Who is responsible for data processing?

Within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other provisions of data protection law, the responsible party is a natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, contact details, etc.).

Responsible for data processing on this website is:

Bettina Büber

Schulstr.19

86707 Westendorf

Phone:082739933899

E-Mail: bettina.bueber@bio-weinkiste.de
 

2.) What data is collected and processed on our website?

2.1 Automated collection of data:

Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer, in so-called server log files. This data is partly technically necessary in order to display our website to you. It is not merged with data from other sources. The following data is collected:

The pages called up
Browser types and versions used
The operating system used by the accessing system
The website from which an accessing system arrives at our site
The date and time the page was accessed
The Internet service provider of the accessing computer
The Internet protocol address (IP address) used
The legal basis for data processing is Article 6 (1) (f) of the General Data Protection Regulation (DSGVO), which allows us to process data in the case of a legitimate interest. Our legitimate interest in this case is the reliable and error-free functioning of our website. No other processing of this data takes place.

2.2 Collection of personal data

2.2.1 Data collection and processing when opening a customer account and when processing a contract

If you open a customer account on our website, this is done voluntarily. Registration is not a prerequisite for the conclusion of a contract. Data is only collected to the minimum extent necessary, the mandatory data can be recognized by the correspondingly marked input fields. The deletion of the customer account is possible at any time and free of charge. In case of a deletion request, please contact the person responsible for data processing. This person is named under point 1 of this data protection declaration.

We use your data only for the purpose for which you have registered or for contract processing. The legal basis for data processing is Article 6 (1) (b) of the General Data Protection Regulation (DSGVO), which allows us to process data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.

The collected customer data will be blocked after completion of the order, after termination of the business relationship or after deletion of your customer account and deleted after expiry of retention periods under tax and commercial law, unless you have consented to further use of your data.

2.2.2 Data collection and processing when using our email address or contact function

In the case of emails or messages via the contact form, we store your data until the processing of your message has been completed. The mandatory data in the mask of the contact form, can be recognized by the correspondingly marked input fields. The data will be used exclusively for the processing of your request, after completion of the processing your data will be deleted. The legal basis for data processing is Art. 6 (1) (f) of the General Data Protection Regulation (DSGVO), which allows us to process data in the case of a legitimate interest. Our legitimate interest in this case is to respond to your message or to process your request.

2.2.3 Newsletter function, data processing and possibility to object.

2.2.3.1 You have registered for our newsletter subscription:

If you subscribe to our free newsletter, data from the registration mask will be transmitted to us. The mandatory data can be recognized by the correspondingly marked input fields and are limited to the minimum required (email address). For the processing of your data, consent is obtained in the registration process and reference is made to this privacy policy. The legal basis for data processing is Article 6 (1) (a) of the General Data Protection Regulation (DSGVO), which allows us to process the data if you have consented to the processing.

The data will not be passed on to third parties, but will be used exclusively for sending newsletters. The subscription to the newsletter (your consent) can be revoked at any time for the future. To revoke your consent, you will find a link to unsubscribe from the newsletter in every newsletter, but optionally you can also unsubscribe directly via our website. The request to unsubscribe from the newsletter can of course also be addressed directly to the data controller. This person is named under point 1 of this data protection declaration. After unsubscribing from the newsletter, the data will be deleted unless you have consented to further use, or we reserve the right to further use (as explained below under 2.2.3.2), which is permitted by law.

2.2.3.2 When we send newsletters to our existing customers

If you have purchased goods or services on our website and have provided your e-mail address, this may be used by us to send a newsletter, unless you have objected to this. In such a case, only direct advertising for similar goods or services from our range will be sent via the newsletter. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG. The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (DSGVO), which allows us to process data in the event of a legitimate interest. Our legitimate interest in this case is to send you personalized advertising. You can object to the use of your data for this purpose at any time with effect for the future. To object, please contact the data controller. This person is named under point 1 of this data protection declaration.

2.2.3.3 Newsletter2Go
This website uses Newsletter2Go to send newsletters. The provider is Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin, Germany.

Newsletter2Go is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of receiving newsletters is stored on Newsletter2Go's servers in Germany.

If you do not want any analysis by Newsletter2Go, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website.

Data analysis by Newsletter2Go

With the help of Newsletter2Go, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often.

In addition, we can see whether certain previously defined actions were performed after opening/clicking (conversion rate). We can thus see, for example, whether you have made a purchase after clicking on the newsletter.

Newsletter2Go also allows us to subdivide ("cluster") newsletter recipients based on various categories. In doing so, newsletter recipients can be subdivided by age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.

Detailed information about the functions of Newsletter2Go can be found at the following link: https://www.newsletter2go.de/features/newsletter-software/.

Legal basis

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Newsletter2Go after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

For more details, please refer to the data protection provisions of Newsletter2Go at: https://www.newsletter2go.de/features/datenschutz-2/.

Conclusion of a contract for order data processing

We have concluded a contract with Newsletter2Go in which we oblige Newsletter2Go to protect our customers' data and not to pass it on to third parties. This contract can be viewed at the following link: https://www.newsletter2go.de/docs/datenschutz/ADV_Muster_Newsletter2Go_GmbH_latest_Form.pdf?x48278.

2.3 Passing on data to third parties for the purpose of fulfilling the contract

2.3.1 Transfer to shipping service providers in general and credit institution

For payment transactions and, if necessary, for the delivery of goods, we pass on personal data, to the minimum extent necessary, to service providers (third parties), insofar as this is necessary for the performance of the contract.

If we pass on your data to a shipping service provider (such as DHL, DPD, UPS Hermes or GLS), the legal basis for this is Art. 6 para. 1 lit. b of the General Data Protection Regulation (DSGVO), which allows us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.

If we pass on your payment data to the commissioned credit institution, the legal basis for this is Art. 6 para. 1 lit. b of the General Data Protection Regulation (DSGVO), which enables us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.

2.3.2 Disclosure of email address and/or telephone number to shipping service providers.

You have the choice on our website to agree to the transfer of your email address and/or telephone number to enable the selected shipping service provider to announce the delivery or to coordinate with you. In the following, we will inform you which data will be passed on to which shipping service provider and on the basis of which legal situation this occurs:

2.3.2.1 DHL

If the delivery of your goods is carried out by the shipping service provider DHL, and you have expressly consented to the forwarding of your email address in the ordering process, it will be forwarded to DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany) for the purpose of announcing the delivery or coordinating the delivery date. The legal basis for the data processing is Art. 6 para. 1 lit. a of the General Data Protection Regulation (DSGVO), which allows us to process the data if you have consented to the processing. If you do not consent to the disclosure of the email address, the delivery will be made according to the conditions of paragraph 2.3.1 of this privacy policy. An announcement of the delivery, or a coordination of the delivery date, by DHL is then not possible.

Consent to the use of data can be revoked at any time for the future. To do so, please contact the person responsible for data processing (this person is named under point 1 of this data protection declaration), or the shipping service provider directly.

2.3.2.2 UPS

If the delivery of your goods is carried out by the shipping service provider UPS, and you have expressly agreed to the forwarding of your email address during the ordering process, this will be forwarded to UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss) for the purpose of announcing the delivery or coordinating the delivery date. The legal basis for data processing is Article 6 (1) (a) of the General Data Protection Regulation (DSGVO), which allows us to process the data if you have consented to the processing. If you do not consent to the disclosure of the email address, the delivery will be made according to the conditions of paragraph 2.3.1 of this privacy policy. An announcement of the delivery, or a coordination of the delivery date, by UPS is then not possible.

Consent to the use of data can be revoked at any time for the future. For this purpose, please contact the person responsible for data processing (this person is named under point 1 of this data protection declaration), or the shipping service provider directly.

2.3.3 Payment service provider

On our website, you have the choice of various payment service providers. In the following, we will inform you about which data is passed on and on the basis of which legal situation this occurs:

2.3.3.1 PayPal/PayPal Plus.

If you choose this payment service provider, the data required for payment will be passed on to PayPal (PayPal Europe, S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). The legal basis for this of Art. 6 (1) (a) of the General Data Protection Regulation (GDPR), which allows us to process the data if you have consented to the processing and Art. 6 (1) (b) of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure. You have the right to revoke your declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

If you choose the PayPal Plus payment methods by "credit card", "invoice", "direct debit" or "PayPal installment payment", PayPal reserves the right to obtain credit information about you.  A credit report may contain scoring values (=probability values). The so-called scoring values have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values also (but not exclusively) includes your address data.

The legal basis for data processing is Article 6 (1) (f) of the General Data Protection Regulation (DSGVO), which allows data to be processed in the event of a legitimate interest. The legitimate interest in this case is to establish your identity or solvency.

You may object to the processing of your personal data at any time. However, PayPal may still be entitled to process, use and transmit the personal data if this is necessary for PayPal to process payments in accordance with the contract, is required by law, or is demanded by a court or an authority.

If you wish to object to the use of your data or wish to communicate changes regarding the stored data, you can contact PayPal directly. You can also obtain more information about PayPal's privacy policy at the following Internet address:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE

3.) What are cookies and what data are processed?

3.1 Cookies that are set by our website

Our website uses so-called cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer. We use cookies to make our website more user-friendly for you. Some elements of our website require that the calling browser can be identified even after a page change. For example, to store and transmit the items in your shopping cart or your login information. Most of the cookies we use, are so-called "session cookies", which are automatically deleted after closing the browser. Some cookies remain stored on your device and allow recognition the next time you visit the site. The legal basis for data processing is Art. 6 (1) (f) of the General Data Protection Regulation (DSGVO), which allows us to process data in the case of a legitimate interest. Our legitimate interest in this case is to offer you a technically error-free and functionally optimized website.

If we store other cookies (for example, from partner companies or to analyze your surfing behavior) on your device, we will provide detailed information about this below.

You can set your browser so that you are informed about the setting of cookies and then only allow these cookies in individual cases. Likewise, you can generally exclude the acceptance of cookies or only accept them for certain cases. In addition, you can set your browser so that set cookies are deleted after closing the browser window. Please note that if you do not accept cookies, the functionality of our website may be limited.

3.2 Comment functions on our website

For this function, your comment, (if specified) your user name (nickname), the time of creation of your comment, your IP address and your email address will be stored. Your data will be stored until the content you commented on has been completely deleted (or had to be deleted for legal reasons). We reserve the right to delete comments which have been objected to by third parties as being illegal. The legal basis for the storage and processing of your comment, the user name and the time of creation of the comment is Art. 6 para. 1 lit. a of the General Data Protection Regulation (DSGVO), which allows us to process the data if you give us your consent to do so. You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. The legal basis for the data processing of your IP address and your email address is Article 6 (1) (f) of the General Data Protection Regulation (DSGVO), which allows us to process the data in the case of a legitimate interest. Our legitimate interest in this case is to be able to take action against you in the event of legal violations such as insults or propaganda. We need the email address in order to contact you if your comment should be objected to by a third party as illegal.

3.3 Web analysis / marketing

3.3.1 Google Analytics

We use the analysis tool Google Analytics on our website. The provider of this analysis tool is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". Cookies are small text files that are stored on your computer and thus enable an analysis of your use of the website. This analysis data is usually transferred to a Google server in the USA and stored there.

The legal basis for data processing is Article 6 (1) (f) of the General Data Protection Regulation (DSGVO), which allows us to process data in the case of a legitimate interest. Our legitimate interest in this case is to analyze user behavior in order to optimize our offer and our advertising.

We would like to point out that on this website Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure anonymized collection of IP addresses (so-called IP masking). By activating IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage.

The IP address transmitted by your internet browser as part of Google Analytics will not be merged with other Google data.

You can prevent cookies from being stored by setting your internet browser accordingly. However, we would like to expressly point out that in this case you may not be able to use all the functions of this website in full.

You can prevent data collection by Google Analytics by clicking on the following link and downloading the tool offered there: https://tools.google.com/dlpage/gaoptout?hl=de.

You can also prevent data collection by Google Analytics by clicking on the following link, which will set an opt-out cookie that will prevent the collection of your data during future visits to this website: Google Analytics deactivate.

You can also obtain more information about Google's privacy policy at the following Internet address:

https://support.google.com/analytics/answer/6004245?hl=de

3.3.2 Matomo (formerly Piwik)

This website uses the open source web analytics service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before storage.

Matomo cookies remain on your terminal device until you delete them.

The storage of Matomo cookies is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its web offering and its advertising.

The information generated by the cookie about the use of this website will not be disclosed to third parties. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

If you do not agree to the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie will be stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, this will have the effect that the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated when you visit our site again.

https://matomo.org/privacy-policy/

3.4 Social media/plugins

Use of social plugins from Facebook, Twitter, Google, Instagram, Pinterest using the Shariff solution.

In our online store, so-called plugins of the social networks mentioned below are used. The operators are:

Facebook - Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

Twitter - Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA

Google+1 - Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Instagram - Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA

Pinterest - Pinterest Inc, 808 Brannan Street, San Francisco, CA, 94103, USA

For increased protection of your data during your visit to our online store, these plugins are not unrestricted, but only integrated into the corresponding store page using an HTML link (so-called "Shariff solution" from c't). This ensures that when you call up a page of our online store with such plugins, no connection is yet established with the servers of the provider of the respective social network. If you click on one of the buttons, a separate browser window opens and calls up the page of the respective provider on which you can, for example, click the Like or Share button. For more information on the scope of the collection and the handling of your data, please refer to the respective detailed privacy policy of the provider:

Facebook: http://www.facebook.com/policy.php

Twitter: https://twitter.com/privacy

Google+1: http://www.google.com/intl/de/+/policy/+1button.html

Instagram: https://help.instagram.com/155833707900388

Pinterest: https://about.pinterest.com/de/privacy-policy

4.) How is the data secured?

The transmission of personal data is exclusively encrypted via an SSL or a TLS connection. This applies to messages via our contact function, as well as to data regarding your order and payment transactions. Due to the encryption, your sensitive personal data cannot be intercepted and viewed by unauthorized third parties. You can recognize an encrypted connection by the fact that the address line of the browser starts with "https://" (and by the lock symbol in the browser line).

The data stored in the systems of our website are secured by passwords and cannot be viewed by unauthorized third parties.

Data transmission on the Internet, for example when sending an email, is not 100% secure and may in some cases have security gaps.

5.) How long will personal data be stored?

How long your personal data is stored by us depends on the respective legal retention period. The retention periods under commercial and tax law are 10 years from the end of the calendar year in which the data was collected. After expiry of the periods, the data is regularly deleted, unless it is still required for the initiation or fulfillment of the contract or we have a legitimate interest in continuing to store it.

6.) What rights do you have against the data controller?

Below we list the rights you have under the General Data Protection Regulation (GDPR), against the data controller. The data controller is named under point 1 of this privacy policy. If personal data is processed by you, you are a "data subject" within the meaning of the General Data Protection Regulation (DSGVO).

6.1 Your right to information pursuant to Art. 15 of the General Data Protection Regulation (DSGVO).

You may request information from the data controller as to whether personal data relating to you is being processed. If such processing exists, you may also request information about the following:

6.1.1 the purposes for which this personal data is processed;

6.1.2 the categories of personal data that are processed;

6.1.3 the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

6.1.4 the planned storage period of the personal data concerning you or, if no specific information can be provided in this regard, the criteria for determining the storage period;

6.1.5 the existence of a right to rectification or erasure of the personal data concerning you, the existence of a right to restriction of processing by the data controller or a right to object to such processing;

6.1.6 the existence of a right to lodge a complaint with a supervisory authority (the competent authority is the data protection commissioner of the federal state in which We are based - addresses and links can be found here);

6.1.7 all available information about the origin of the data, if the personal data is not collected from the data subject (i.e. you);

6.1.8 the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the General Data Protection Regulation (GDPR) in connection with the transfer.

6.2 Your right to rectification pursuant to Art. 16 of the General Data Protection Regulation (GDPR).

You have a right against the data controller to rectification and/or completion without undue delay if the processed personal data concerning you are inaccurate or incomplete.

6.3 Your right to erasure pursuant to Art. 17 of the General Data Protection Regulation (GDPR).

You may request the data controller to erase the personal data concerning you without undue delay, and the data controller is obliged to erase such personal data without undue delay, if one of the following reasons applies:

6.3.1 Obligation to erase

6.3.1.1 The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

6.3.1.2 You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing.

6.3.1.3 You object to the processing of the data pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.

6.3.1.4 The personal data concerning you have been processed unlawfully.

6.3.1.5 The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

6.3.1.6 The personal data concerning you has been collected in relation to information society services offered in accordance with Art. 8(1) DSGVO.

6.3.2 Information to third parties

If the data controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers that process the personal data that you, as the data subject, have requested them to erase all links to or copies or replications of such personal data.

6.3.3 Exceptions

The right to erasure does not exist insofar as the processing is necessary

6.3.3.1 for the exercise of the right to freedom of expression and information;

6.3.3.2 for compliance with a legal obligation which requires processing under Union or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

6.3.3.3 for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

6.3.3.4 for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

6.3.3.5 for the assertion, exercise or defense of legal claims.

6.4 Your right to restrict processing pursuant to Article 18 of the General Data Protection Regulation (GDPR) Right to restrict processing.

You have the right to request the data controller to restrict processing if one of the following conditions is met:

6.4.1 you contest the accuracy of the personal data concerning you for a period enabling the data controller to verify the accuracy of the personal data;

6.4.2 the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

6.4.3 the controller no longer needs the personal data for the purposes of the processing, but you need it for the assertion, exercise or defense of legal claims; or

6.4.4 if you have objected to the processing pursuant to Article 21 (1) DSGVO and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.

If the processing of personal data concerning you has been restricted, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

6.5 Your right to information pursuant to Article 19 of the General Data Protection Regulation (GDPR).

If you have asserted the right to rectification, erasure or restriction of processing against the data controller, the controller is obliged to inform all recipients to whom the personal data relating to you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis the controller to be informed about these recipients.

6.6 Your right to data portability pursuant to Art. 20 of the General Data Protection Regulation (GDPR).

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from the data controller to whom the personal data was provided, provided that

6.6.1 the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and

6.6.2 the processing is carried out with the aid of automated procedures.

When exercising your right to data portability, you also have the right to obtain that the personal data be transferred directly from one data controller to another data controller, where technically feasible.

This right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

The right to data portability shall not affect the rights and freedoms of other persons.

6.7 Your right to revoke your declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

6.8 Automated decision in individual cases including profiling.

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

6.8.1 is necessary for the conclusion or performance of a contract between you and the controller,

6.8.2 is permissible on the basis of legal provisions of the European Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or

6.8.3 is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in 6.8.1 and 6.8.3, the data controller shall take reasonable measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express your point of view and to contest the decision.

6.9 Your right to complain to a supervisory authority.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the General Data Protection Regulation (GDPR).

+++++++++++++++++++++++++++++

6.10 RIGHT OF OBJECTION

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the DSGVO, with effect for the future; this also applies to profiling based on these provisions.

The data controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.