Privacy Policy.
-
I. An overview of data protection.
-
1. General.
The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.
2. Data collection on our website.
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your Data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
3. Analytics and third-party tools.
When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy. You can object to this analysis. We will inform you below about how to exercise your options in this regard.
II. General information and mandatory information.
-
1. Data protection.
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.
If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
2. Notice concerning the party responsible for this website.
The party responsible for processing data on this website is:
Coboc GmbH & Co. KG
Kurfürstenanlage 58
69115 Heidelberg
Phone: +49 (0) 62214352810
E-Mail: contact@coboc.biz
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
3. Data Protection Officer.
Bickel Consult
Sachverständigenbüro für Informations- und Kommunikationstechnik
Hermann-Köhl-Straße 14
93049 Regensburg
Phone: +49 941 69800800
E-Mail: datenschutz@bcco.de
III. Data collection on our website.
-
1. Provision of Website.
a) Every time you visit our webpage, our system automatically gathers data and information from the system of the accessing computer.
The following data is collected here:
- The user’s operating system
- The user’s internet service provider
- the user’s IP-address
- date and time of access
- websites that direct the user’s system to our website
- websites accessed by the user’s system from our website
- files retrieved
- quantity of data sent
The legal basis for the temporary storage of data is Art. 6 (1) (f) of the GDPR.
b) The temporary storage of the IP address by the system is required so that the website can be connected to the user’s computer. For this purpose, the IP address of the user must be saved for the duration of the web session. For this purpose, our legitimate interest is in accordance with Art. 6 (1) (f) of the GDPR.
c) Data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the event of collecting data to ensure the website is functioning correctly, this is the case once the relevant session has ended.
d) The collection of data for providing the website is absolutely necessary for the website to operate and therefore the user has no right to object.
2. LOGFILES.
- a) The data is also stored in our system’s log files. This data is stored separately from the user’s personal data. The legal basis for the creation of log files is Art. 6 (1) (f) of the GDPR.
- b) Storage takes place in log files to ensure that the website is functioning correctly. Furthermore, the data allows us to optimise the website and to guarantee the security of our information technology systems. The data is not evaluated for marketing purposes in this context. For this purpose, our legitimate interest in data processing corresponds with Art. 6 (1) (f) of the GDPR.
- c) The data in the log files is deleted after seven days at the latest. However, data may be stored for periods extended beyond this. In such cases, the users’ IP addresses are deleted or altered, meaning that the IP address can no longer be traced back to the respective client.
- d) The storage of data in log files is absolutely necessary to ensure that the website is fully operational. As such, users have no right to object.
3. Cookies.
- a) Our website uses cookies. Cookies are text files that are stored in your browser or on the user’s computer system by the internet browser. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a unique character sequence that enables a unique identification of the browser when the user reconnects to the website.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Essential
Essential cookies enable basic functions and are necessary for the proper functioning of the website.
Borlabs Cookie
Name | Borlabs Cookie |
Provider | Owner of this Website, Imprint |
Purpose | Saves the visitors preferences selected in the Cookie Box of Borlabs. |
Cookie Name | borlabs-cookie |
Cookie Expiry | 1 Year |
Google Tag Manager
Name | Google Tag Manager |
Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
Purpose | Cookie by Google used to control advanced script and event handling. |
Privacy Policy | https://policies.google.com/privacy?hl=de |
Cookie Name | _ga,_gat,_gid |
Cookie Expiry | 2 Years |
WPML
Name | WPML |
Provider | Owner of this Website |
Purpose | Stores the current language. |
Cookie Name | _icl_*, wpml_*, wp-wpml_* |
Cookie Expiry | 1 Day |
Statistics
Statistics cookies collect information anonymously. This information helps us understand how our visitors use our website.
Google Analytics
Name | Google Analytics |
Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
Purpose | Cookie by Google used for website analytics. Generates statistical data on how the visitor uses the website. |
Privacy Policy | https://policies.google.com/privacy?hl=de |
Cookie Name | _ga,_gat,_gid |
Cookie Expiry | 2 Months |
Hotjar
Name | Hotjar |
Provider | Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141 Malta |
Purpose | Hotjar is an user behavior analytic tool by Hotjar Ltd.. We use Hotjar to understand how users interact with our website. |
Privacy Policy | https://www.hotjar.com/legal/policies/privacy/ |
Host(s) | *.hotjar.com |
Cookie Name | _hjClosedSurveyInvites, _hjDonePolls, _hjMinimizedPolls, _hjDoneTestersWidgets, _hjIncludedInSample, _hjShownFeedbackMessage, _hjid, _hjRecordingLastActivity, hjTLDTest, _hjUserAttributesHash, _hjCachedUserAttributes, _hjLocalStorageTest, _hjptid |
Cookie Expiry | Session / 1 Year |
Marketing
Marketing cookies are used by third-party vendors or publishers to display personalized advertisements. They do this by tracking visitors across websites.
Facebook Pixel
Name | Facebook Pixel |
Provider | Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland |
Purpose | Cookie by Facebook used for website analytics, ad targeting, and ad measurement. |
Privacy Policy | https://www.facebook.com/policies/cookies |
Cookie Name | _fbp,act,c_user,datr,fr,m_pixel_ration,pl,presence,sb,spin,wd,xs |
Cookie Expiry | Session / 1 Year |
Google Ads
Name | Google Ads |
Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
Purpose | Cookie by Google used for conversion tracking of Google Ads. |
Privacy Policy | https://policies.google.com/privacy?hl=de |
Bing
Name | Bing |
Provider | Microsoft |
Purpose | Used to track clicks on Microsoft ads. |
Privacy Policy | https://privacy.microsoft.com/de-de/privacystatement |
Host(s) | bing.com |
Cookie Name | MUID |
Cookie Expiry | 6 Months |
External Media
Content from video platforms and social media platforms is blocked by default. If cookies from external media are accepted, access to this content no longer requires manual consent.
Google Maps
Name | Google Maps |
Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
Purpose | Used to unblock Google Maps content. |
Privacy Policy | https://policies.google.com/privacy |
Host(s) | .google.com |
Cookie Name | NID |
Cookie Expiry | 6 Months |
Vimeo
Name | Vimeo |
Provider | Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA |
Purpose | Used to unlock Vimeo content. |
Privacy Policy | https://vimeo.com/privacy |
Host(s) | player.vimeo.com |
Cookie Name | vuid |
Cookie Expiry | 2 Years |
YouTube
Name | YouTube |
Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
Purpose | Used to unlock YouTube content. |
Privacy Policy | https://policies.google.com/privacy |
Host(s) | google.com |
Cookie Name | NID |
Cookie Expiry | 6 Months |
- b) The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) of the GDPR.
- c) We use cookies in order to simplify website use for our users. Analysis cookies are used to improve the quality of our website so that we can continuously optimise our offer in line with the knowledge we gain about precise use of the website. In this context, our legitimate interest in processing personal data also corresponds with Art. 6 (f) of the GDPR.
- Cookies are stored on the user’s computer and sent from there to our website. Therefore, as the user you have full control over the use of cookies. You can limit or deactivate the transmission of cookies by changing the settings in your internet browser. Previously stored cookies can be deleted at any time. This can also be done automatically. If you choose to deactivate cookies for our website, you may no longer be able to use the full range of functions on the site.
IV. Analytics and advertising.
-
1. Google Analytics 4 and Google Signals.
- a) With your consent, we use Google Analytics on our website, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your device, to help the website analyze how users use the site. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server and stored there; it may also be transmitted to the servers of Google LLC. in the USA.
- The Google Analytics service processes the data exclusively with anonymization of the IP address by shortening, which ensures that a direct personal reference is excluded. Only in exceptional cases is the full IP address transmitted to a Google LLC server in the USA and truncated there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
- b) All processing described above, in particular the setting of Google Analytics cookies for reading information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Without this consent, Google Analytics will not be used during your visit to our website.
- c) The purpose of using Google’s web analysis services and cookies is to increase the efficiency of our website by perfecting the analysis of user behavior in order to take full account of the interests and needs of our users.
- d) You can revoke your consent at any time with effect for the future by deactivating this service in the “Privacy settings” on this page. We have concluded an order processing contract with Google for the use of Google Analytics, which obliges Google to protect the data of our website visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Google relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA. You can find more information about Google Analytics here: https://policies.google.com/privacy?hl=de&gl=de
- Information for visitors to websites and apps that use Google Analytics can be found here: https://support.google.com/analytics/answer/6004245#info_for_visitors
- Google’s privacy policy and terms of use describe how Google handles personal data when Google products, such as Google Analytics, are used: http://www.google.com/intl/de/policies/privacy/You can revoke your consent to the processing of your data at any time with effect for the future. You can use a browser plugin (browser add-on to deactivate Google Analytics) to set an opt-out cookie that prevents data collection via Google Analytics. This prevents activity data from being shared with Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de
As an extension of Google Analytics 4, the Google Signals service can also be used on this website. Google Signals is session data (e.g. search terms, usage data, device information, browser information, content viewed, geographic location, IP address, demographic data) from websites and apps that Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) links to those of our website visitors who are logged into their Google account and have activated personalized advertising. Google Signals identifies these users via their Google profile and the data collected is linked to the profile. This allows us to identify these users across different sessions and devices and to merge the data collected into a user profile. As the website operator, we only receive anonymized reports from Google.
Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
Purpose of the data processing
We use Google Signals to exclude users from Google Ads or to include them in the target group of our ads, depending on the action on our website.
Duration of storage, objection and removal options
Google stores the data as long as it is required for the respective purpose (display of interest-based advertising) or you have not objected to the storage of your data or withdrawn your consent.
You have the option of deactivating the “personalized ads” function in the settings of your Google account and thus deactivating the cross-device analysis in connection with Google Signals. To do this, follow the instructions on this page: Google Support. You can find more information about Google Signals at the following link: Google Support.
2. Facebook Pixel.
To measure our conversion rates, our website uses the visitor activity pixel of Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy.
Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.
The use of Facebook Pixel is based on Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in effective advertising campaigns, which also include social media.
The data collected about you in this context is processed by Facebook and may be transferred to countries outside the European Union.
If you visit one of our presences in the social media (e.g. Facebook), you trigger a processing of your personal data during such a visit. In this case, we are jointly responsible with the operator of the respective social network for the data processing operations within the meaning of Art. 26 DSGVO, provided that we actually make a joint decision with the operator of the social network about the data processing and we also have an influence on the data processing. As far as possible, we have concluded joint responsibility agreements with the operators of the social networks pursuant to Art. Art. 26 DSGVO.
We ask you to note that despite the joint responsibility according to Art. 26 DSGVO with the operators of social networks, we do not have a full influence on the data processing of the individual social networks. The corporate policy of the respective provider has a significant influence on our options. In the event of the assertion of data subject rights, we could only forward these requests to the operator of the social network.
In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, is not conclusively and clearly stated by Facebook and is not known to us.
In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/about/privacy/.
You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook.
If you do not have a Facebook account, you can deactivate any user based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
3. Hotjar.
On our website we use “Hotjar”, a web analysis service of Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (hereinafter “Hotjar”). We use Hotjar in order to better understand the needs of our users and optimise our offer on this website. The technology of Hotjar enables us to get a better understanding of the experience of our users (e.g. how much time users spend on which pages, what links they click on, what they like and what they do not like, etc.), which helps us to customize what we offer to the feedback from our users. Hotjar works with cookies and other technologies in order to collect information about the behavior of our users and about their devices (particularly the IP address of the device (this is only collected and stored in anonymised form), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), and preferred language in which our website is displayed). Hotjar stores this information in a pseudonymised user profile. Neither we nor Hotjar use the information in order to identify individual users or combine it with other data about individual users
Hotjar uses cookies, among other things, which are small text files that are stored locally in the clipboard of your device’s web browser and enable your use of our website to be analyzed, as well as what is known as a tracking code. The cookies used by Hotjar are stored on your device for different periods of time, some only for the duration of your visit and others for 365 days. The information collected in this way is sent to a Hotjar server in Ireland and stored there. The information that the tracking code allows to be collected is device-dependent data which are recorded by your device and web browser:
- Device-dependent data that is collected by your device and your web browser:
IP address of your device (collected and stored in anonymised format) - e-mail address, including your first name and surname, if you have provided this through our website
- screen size of your device
- device type and browser information
- geographical data (country only)
- language for viewing our website
- user interactions
- mouse commands (movement, position and clicks)
- keyboard inputs
Log data which are automatically used by our server if Hotjar is used:
- referring domain
- websites visited
- geographical data (country only)
- language for viewing our website
- date and time of access
Hotjar uses this information in order to analyze your use of our website, prepare reports on usage and provide other services associated with the analysis of our website. Hotjar also makes use of services of third parties (e.g. Google Analytics and Optimizely) in order to provide the services. These third parties may store or otherwise process information which your browser sends when you visit our website (including the IP address in certain circumstances).
Information on the third-party provider: Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. Further information on the use of data by Hotjar, setting options, ways to object and data privacy can be found on the following Hotjar page: https://www.hotjar.com/legal/policies/privacy.
- The legal basis is your consent pursuant to point (a) of Art. 6(1) GDPR.
- We use Hotjar in order to analyze the use of our website and continually improve individual functions and offers as well as the user experience as a whole. The statistical analysis of user behavior enables us to improve what we offer and make it more interesting for users.
You can consent to the storage by Hotjar of a user profile and of information about your visit to our website and the setting of Hotjar tracking cookies in our cookie notice and also withdraw your consent there at any time.
4. Bing Universal Event Tracking (UET).
On our website, Bing Ads technologies are used to collect and store data that is used to create pseudonymous usage profiles. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track the activities of users on our website if they have reached our website via ads from Bing Ads. If you arrive at our website via such an ad, a cookie is set on your computer. A Bing UET tag is integrated on our website. This is a code that, in conjunction with the cookie, stores some non-personal data about the use of the website. This includes, among other things, the length of time spent on the website, which areas of the website were accessed and via which ad the users arrived at the website. Information about your identity is not collected.
The legal basis is your consent according to Art. 6 para. 1 p. 1 lit. a) DSGVO.
The collected information is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data, by deactivating the setting of cookies. This may restrict the functionality of the website under certain circumstances.
In addition, Microsoft may be able to track your usage behavior across multiple electronic devices through cross-device tracking, which enables Microsoft to display personalized advertisements on or within Microsoft websites and apps. You can disable this behavior at http://choice.microsoft.com/de-de/opt-out.
For more information about Bing’s analytics services, please visit the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/de/53056/2). For more information about privacy at Microsoft and Bing, see Microsoft’s privacy policy (https://privacy.microsoft.com/de-de/privacystatement).
V. Contact form and e-mail contact.
- a) Our website includes a contact form that can be used to get in touch via electronic means. If a user makes use of this function, the data entered into the input screen will be transmitted to us and stored. This data includes: first name, surname, e-mail address, telephone number.
Your consent will be obtained for data processing as part of the sending process and referred to in this data privacy statement.
Alternatively, you can contact us using the e-mail address provided. In this case, all user personal data transmitted together with the email will be stored.
No data will be forwarded to third parties in connection with such contact. The data will be used exclusively for dealing with the conversation concerned.
- b) Where the user has given consent to such processing, the legal basis for the processing of data is Art. 6 (1) (a) of the GDPR.
The legal basis for processing of data transmitted when sending an e-mail is Art. 6 (1) (f) of the GDPR. If e-mail contact is made with a view to the conclusion of a contract, Art. 6 (1) (b) of the GDPR functions as an additional basis for processing.
- c) The processing of personal data from the input screen serves exclusively to allow us to handle the enquiry concerned. In the event of contact being made by e-mail, this also represents the required legitimate interest in processing the data.
Other personal data processed during the sending process serves to prevent abuse of the contact form and to ensure the security of our information technology system.
- d) The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from the input screen of the contact form and data transmitted by email, this shall be the point at which the conversation concerned with the user comes to an end. The conversation shall be deemed to have come to an end when it can be gathered from the circumstances that the matter at hand has definitely been resolved.
Additional personal data gathered during the sending process will be deleted within a period of seven days at the latest.
The user is entitled to withdraw their consent to the processing of their personal data at any time. In the event that the user contacts us by email, they may object to the storage of their personal data at any time. The conversation cannot be continued under such circumstances.
In this eventuality, all personal data stored in relation to the enquiry will be deleted.
VI. User Registration.
- a) On our website, we offer users the opportunity to register by supplying personal data. Data is entered into an input screen, transmitted to us, and stored. It will not be forwarded to third parties. The following data is collected as part of the registration process: first name, surname, e-mail address, place of residence.
At the time of sending the message, the following data is also stored: The user’s IP-address and the date and time of registration.
As part of the registration process, the user’s consent to the processing of this data is obtained.
- b) Where the user has given consent to such processing, the legal basis for the processing of data is Art. 6 (1) (a) of the GDPR.
- c) The user’s registration is required for providing content and services on our website or for fulfilling a contract with the user or for taking steps prior to entering into a contract.
The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected.
- d) This is the case for data that is gathered during the registration process if registration is canceled or altered on our website.
For data collected during the registration process for the purposes of fulfilling a contract or to take steps prior to entering into a contract, this is then the case if the data is no longer required for the execution of the contract. The need to store the contractual partner’s personal data may continue to exist following the conclusion of the contract in order to meet contractual or statutory requirements.
As a user, you have the right to cancel your registration at any time. You may have the data we hold about you altered at any time.
If the data is required for fulfilling a contract or to take steps prior to entering into a contract, data may only be deleted prematurely where this is not prevented by contractual or statutory obligations.
VII. Newsletter.
-
1. Newsletter data.
- a) We offer a newsletter to which you can subscribe on our website. Details about the newsletter, particularly its possible content, will be given in the declaration of consent. If you subscribe to our newsletter, the data you provide on the input template when registering for the newsletter will be sent to us. To register for the newsletter, you must provide us with your e-mail address. This is mandatory information.
- If you provide other personal information when registering, this is done on a voluntary basis.
We use what is known as the double opt-in procedure for registering for our newsletter. Once you have registered, we will send an e-mail to the email address you gave asking you to confirm that you want us to send you the newsletter in future. If you do not confirm your registration within the period stated in the email, the data you provided will be blocked and then erased after five weeks.
We will store the respective IP address and the dates and times of registration and confirmation so that we can prove your registration and investigate any possible misuse of your personal data. This is a legitimate interest of ours.
- b) We use CleverReach to send our newsletter. Your data will therefore be transmitted to CleverReach GmbH & Co. KG. CleverReach is prohibited from using your data for purposes other than sending the newsletter. CleverReach is not permitted to pass on or sell your data. CleverReach is a German, certified newsletter software provider, which was carefully selected according to the requirements of the DSGVO and the BDSG.
- c) If you have given us consent, the legal basis for the processing is point (a) of Art. 6(1) GDPR. If the processing is founded on our legitimate interests in other respects, the legal basis is point (f) of Art. 6(1) GDPR.
- d) These data will be erased as soon as they are no longer necessary for achievement of these purposes. We will therefore only store the above data for as long as you subscribe to the newsletter. Once you unsubscribe from the newsletter, we will store these data anonymously and for statistical purposes only.
You can at any time withdraw the consent you gave to dispatch of the newsletter by unsubscribing from the newsletter. You can do so by clicking on the link contained in every newsletter email we send you.
VIII. Plugins and Tools.
-
1. Google Web Fonts.
- a) On our website we use “Google Web Fonts”, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter “Google”). Google Web Fonts enables us to use external fonts, known as Google Fonts. When you access our website, your web browser loads the required Google Font into the browser cache. This is required so that your browser can display an optically improved view of our texts. If your browser does not support this function, your computer will use a standard font for display. These web fonts are integrated by means of a server request, usually through a Google server in the USA. In the process, the server will be told which of our web pages you have visited. Google will store the IP address of the browser of your device. We do not have any influence on the extent and the further use of the data that are collected and processed by Google through the use of Google Web Fonts.
Information on the third-party provider: Google Ireland Limited, Google Building, Gordon House, Barrow St, Dublin 4, Ireland
Further information about data protection can be found in the Google privacy policy: https://policies.google.com/privacy?hl=de&gl=de.
Further information about Google Web Fonts can be found at https://fonts.google.com/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1 and https://www.google.com/fonts#AboutPlace:about.
- b) The legal basis is your consent pursuant to point (a) of Art. 6(1) GDPR.
- c) We use Google Web Fonts for optimisation purposes, in particular to improve your use of our website and make its design more user-friendly.
2. Google Maps.
We use the Google Maps API in order to display geographical information. When Google Maps is used, Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) also collects, processes and uses data about the use of the maps function by visitors to the website. Your data will only be forwarded if you have given us your consent to do so pursuant to point (a) of Art. 6(1) GDPR.
Already when calling up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there, this may also result in a transmission to the servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.
3. Vimeo.
When you access a Vimeo video embedded on our website, your browser connects to Vimeo’s servers and data is transferred. This data is collected, stored and processed on the Vimeo servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, your operating system or very basic device information. Furthermore, Vimeo stores information about which website you use the Vimeo service and which actions (web activities) you perform on our website. These web activities include, for example, session duration, bounce rate, or which button you clicked on our website with built-in Vimeo function. Vimeo may track and store these actions using cookies and similar technologies.
If you are logged in to Vimeo as a registered member, more data can usually be collected because more cookies may have already been set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while “surfing” on our website.
Vimeo uses this data, among other things, to improve its own service, to communicate with you and to set its own targeted advertising measures. Vimeo emphasizes on its website that only first-party cookies (i.e., cookies from Vimeo itself) are used for embedded videos, as long as you do not interact with the video.
Vimeo is headquartered in White Plains in the state of New York (USA). However, its services are offered worldwide. In doing so, the company uses computer systems, databases and servers in the USA and also in other countries. Your data can therefore also be stored and processed on servers in America. The data remains stored at Vimeo until the company no longer has an economic reason for storing it. Then the data will be deleted or anonymized.
You always have the option to manage cookies in your browser according to your wishes. For example, if you do not want Vimeo to set cookies and thus collect information about you, you can delete or disable cookies in your browser settings at any time.
4. Google Ads (formerly Google Adwords).
We use the offer of Google Ads Conversion to draw attention to our attractive offers with the help of advertising media (so-called Google Ads) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. In this way, we pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.
These advertisements are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users can be measured. If you access our website via a Google ad, Google Ads will store a cookie on your end device.
For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that a user no longer wishes to be addressed) are usually stored as analysis values.
These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of Ads customers and the cookie stored on his computer has not yet expired, Google and the customers can recognize that a user has clicked on the ad and was redirected to this page. Each Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify the users on the basis of this information.
The legal basis is your consent according to Art. 6 para. 1 p. 1 lit. a) DSGVO.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Ads Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that Google learns your IP address and stores it.
Transmissions to third countries are possible. As appropriate guarantees, so-called standard contractual clauses have been concluded in accordance with Art. 46 DSGVO. For third countries/companies for which an adequacy decision exists, the adequacy decision also applies. More information can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.
You can deactivate the tool via the cookie settings.
IX. Payment service providers.
-
1. Paypal and stripe.
Our website accepts payments via PayPal and via Stripe. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) respectively Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA (hereinafter “Stripe”).
If you choose to pay via PayPal or Stripe, the payment data you enter will be transmitted to PayPal or Stripe.
If you select payment via PayPal respectively Stripe, the payment data you provide will be supplied to PayPal respectively Stripe based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
Encrypted payment transactions on this website
If, after the conclusion of a contract with costs, there is an obligation to transmit your payment data (e.g. account number in the case of direct debit authorization) to us, this data is required for payment processing.
Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.
X. Information on our presence on social media platforms.
1. Information on our Facebook page.
- We also maintain a presence on Facebook. If you visit this Facebook page, your personal data will in principle be processed by Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. If you use interactive functions such as commenting, sharing or rating, the data will be processed solely by Facebook.
- Please note that you yourself are responsible for your use of the Facebook page and its functions. This particularly applies for the interactive functions (e.g. commenting, sharing, rating). Facebook processes personal data relating to your account, your IP address and the devices you use; cookies are used to record data. These are small files that are stored on your devices. Which information Facebook receives and how it is used are explained in general form in its data use policies. They also contain information about how to contact Facebook, how to object and the setting options for advertisements.
The data use policies can be accessed via the following link: http://de-de.facebook.com/about/privacy .
The data use policies can be accessed via the following link: http://de-de.facebook.com/about/privacy .
You can find the shared responsibility agreement according to Art. 26 DSGVO (effective date: August 31, 2020) with Facebook at https://www.facebook.com/legal/controller_addendum
Facebook can use the information to provide us, as the operator of the Facebook page, with statistical data about how our Facebook page is used, such as the age and gender distribution. Facebook can also display further information or advertisements corresponding to your preferences. Facebook provides further information via the following link: de-de.facebook.com/help/pages/insights.
The data collected about you in this context will be processed by Meta Ltd. and may be transferred to countries outside the European Union.
The data about you that are collected in this regard will be processed by Facebook Ltd. and may to that end be transferred to countries outside the European Union.
If you visit one of our pages on social media (e.g. Facebook), doing so will result in your personal data being processed. In this case we, together with the operator of the respective social network, will be responsible for the data processing operations within the meaning of Art. 26 GDPR if we actually reach a joint decision with the operator of the social network on the data processing and we can also exert an influence on the data processing. Where possible, we have reached agreements with the operators of the social network on joint control pursuant to Art. 26 GDPR.
Please note that, despite joint control with the operators of social networks pursuant to Art. 26 GDPR, we do not have complete influence over the data processing performed by the individual social networks. The business policy of the respective provider has the determining influence on our options. In the event that rights as data subjects are asserted, we can only pass these queries on to the operator of the social network.
Facebook does not clearly and finally state, and we do not know, the extent to which Facebook uses the data collected on visits to Facebook pages for its own purposes, the extent to which activities on the Facebook pages are attributed to individual users, for how long Facebook stores these data and whether data collected on a visit to the Facebook page are passed on to third parties.
-
2. Information on our Instagram page.
a) We also maintain a presence on Instagram. If you visit this, the processing of personal data is generally carried out by the company Meta Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. If you use interactive functions, such as commenting, sharing or rating, the data processing is carried out exclusively by Facebook.
Please note that you yourself are responsible for your use of the Instagram page and its functions. This particularly applies for your use of the interactive functions (e.g. commenting or rating).
Facebook processes personal data about your account, your IP address, and the devices you use; cookies are used for data collection. These are small files that are stored on your end devices. Facebook describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Facebook, the options for objecting, and the settings for advertisements.
The data use policy is available at the following link: http://de-de.facebook.com/about/privacy
The complete data policies of Facebook can be found here: https://de-de.facebook.com/full_data_use_policy
You can find the shared responsibility agreement according to Art. 26 DSGVO (effective date: August 31, 2020) with Facebook at https://www.facebook.com/legal/controller_addendum
The information may be used by Facebook to provide us, as operators of the Instagram pages, with statistical information such as gender and age distribution about the use of the Instagram page. In addition, Facebook may show you further information or advertisements according to your preferences. Facebook provides more information about this at the following link: http://de-de.facebook.com/help/pages/insights.
The data collected about you in this context is processed by Meta Ltd. and may be transferred to countries outside the European Union.
If you visit one of our presences in the social media (e.g. Instagram), you trigger a processing of your personal data during such a visit. In this case, we are jointly responsible with the operator of the respective social network for the data processing operations within the meaning of Art. 26 DSGVO, provided that we actually make a joint decision with the operator of the social network about the data processing and we also have an influence on the data processing. As far as possible, we have concluded joint responsibility agreements with the operators of the social networks pursuant to Art. Art. 26 DSGVO.
We ask you to note that despite the joint responsibility according to Art. 26 DSGVO with the operators of social networks, we do not have a full influence on the data processing of the individual social networks. The corporate policy of the respective provider has a significant influence on our options. In the event of the assertion of data subject rights, we could only forward these requests to the operator of the social network.
In what way Meta uses data from visits to Instagram pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us.
- b) If you as a user are currently logged in to Instagram, a cookie with your Instagram identifier will be on your device. This enables Instagram to verify that you have visited this page and how you used it. The same applies for all other Instagram pages. The Instagram buttons integrated in websites enable Instagram to record your visits to these web pages and assign them to your Instagram profile. These data allow targeted content or advertising to be offered to you.
If you want to prevent this, you should log off Instagram or disable the “Stay logged in” function, delete the cookies on your device and close your browser before reopening it. This erases Instagram information that enables you to be identified directly and means you can use our Instagram page without your Instagram identifier being revealed. If you use interactive functions of the page (liking, commenting, messages and others), an Instagram login screen appears. If you log in again, you will be identifiable to Instagram again as a particular user.
Information on how to manage or erase existing information can be found in the following Instagram help area. As the provider of the information service, we do not collect and process any other data arising from your use of our service.
3. Information on our Xing presence.
XING is a social network operated by XING SE, registered in Hamburg. It enables members to manage mainly business but also private contacts and link to new contacts. Organizations can set up a page on this platform with a logo and brief profile, post news items and initiate discussion groups.
A personal profile with administrator rights must be assigned to the company profile. Conversations in groups can only be conducted using the personal profile of a natural person.
Users must register in order to use the network function. There is a free basic version and a chargeable version with additional functions. In contrast to other social networks, XING is based more strongly on the combination of personal and electronic contact, is less commercial and is less visually oriented. It is focused on professional networking on specialist issues with people who have the same professional interests. XING is also frequently used by companies and other organizations to recruit staff and present themselves as an attractive employer. To that end XING is linked with the employer rating platform kununu.
XING provides further information: https://corporate.xing.com/de/unternehmen/.
Coboc currently makes only very limited use of XING through a brief profile and occasional posting of news items that relate primarily to current job opportunities. No topic-related discussion group is offered at present, but is conceivable in the future.
Current information about data privacy can be found at https://privacy.xing.com/de/datenschutzerklaerung.
We do not collect or process any personal data via XING.
4. Notes on the LinkedIn appearance.
LinkedIn is a social network of the operator LinkedIn Ireland Unlimited, based in Dublin. In it, members can primarily manage your professional, but also private contacts and make new contacts. Organizations can set up a page with logo and short profile, post news and initiate discussion groups.
A personal profile with administrator rights must be assigned to the company profile. Dialog in groups can only be done through the personal profile of a natural person.
For some processing operations, we are not solely responsible, but jointly responsible with one or more other controllers. Joint responsibility occurs when two or more controllers determine the purposes and means of processing personal data. Joint responsibility means that there are common purposes for the processing and data subjects can enforce their rights under Art. 12-22 GDPR, including Art. 77 GDPR, with both controllers.
For the processing of personal data with Page Insights on LinkedIn, we jointly determine the purposes and means with
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2 (Ireland)
https://www.linkedin.com/legal/impressum
Contact possibility to the data protection officer of LinkedIn, otherwise contact via the responsible person: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
The terms of use of LinkedIn are authoritative, as well as the other conditions and guidelines listed there at the end. (https://de.linkedin.com/legal/user-agreement)
Furthermore, there is a data processing agreement between us and LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. You can view the Joint Controller Addendum here (link: https://www.linkedin.com/legal/l/dpa).
LinkedIn transfers personal data to the USA on the basis of the standard contractual clauses. (https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de).
You can find LinkedIn’s privacy policy here: www.linkedin.com/legal/privacy-policy.
-
5. Notes on the Pinterest appearance.
In the following, we inform you about the handling of your personal data. Personal data is any data that can be used to identify you personally.
Please check carefully which personal data you share with us via Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. We expressly point out that Pinterest stores the data of its users (e.g. personal information, IP address, etc.) and may also use this data for business purposes.
You can find more information about Pinterest’s data processing in Pinterest’s privacy policy at https://policy.pinterest.com/de/privacy-policy.
We have no influence on the data collection and further processing by Pinterest. Furthermore, it is not apparent to us to what extent, where and for how long the data is stored, to what extent Pinterest complies with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. If you would like to avoid Pinterest processing personal data that you have provided to us, please contact us by other means. You can find our full contact details in our imprint.
You can contact Pinterest’s data protection officer via the online contact form provided by Pinterest at https://help.pinterest.com/de/data-protection-officer-contact-form.
XI. Processing and transmission of data (customer and contract data).
- We collect, process and use personal data only to the extent necessary for the establishment, content or modification of the legal relationship.
- We transmit personal data to third parties only if this is necessary in the context of the contract, such as to the companies entrusted with the delivery of the goods or the credit institution entrusted with the payment processing.
- This is done on the basis of Art. 6 (1) lit. b DSGVO, which permits the processing of data for the performance of a contract or pre-contractual measures. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
- We collect, process and use personal data about the use of our Internet pages (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user.
- The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
- A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
XI. Online Applications.
If you apply to us electronically, i.e. by e-mail or via our web form, we collect and process your personal data for the purpose of processing the application procedure and carrying out pre-contractual measures.
By submitting an application on our recruiting page, you express your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application.
In particular, the following data will be collected:
Name (first and last name)
E-mail address
Telephone number
LinkedIn profile (optional)
Channel, how you became aware of us
You also have the option of uploading meaningful documents such as a cover letter, your resume and references. These may contain further personal data such as date of birth, address, etc.
Only authorized employees from the HR department or employees involved in the application process have access to your data.
Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.
The legal basis for this is § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
Your data will be stored for a period of 90 days beyond the end of the application process. As a rule, this is done to fulfill legal obligations or to defend against possible claims arising from legal regulations. Subsequently, we are obliged to delete or anonymize your data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of women or men in applications, number of applications per period, etc.).
Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 Para. 1 lit. a DSGVO). The provision of consent is voluntary and is not related to the current application process. The person concerned can revoke his or her consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for retention.
If you receive an offer of employment with us as part of the application process and accept it, we will store the personal data collected as part of the application process for at least the duration of the employment relationship.
XII. Data subject rights.
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:
1. Right of access.
You can demand confirmation from the controller of whether we process personal data concerning you.
Where such processing takes place, you can demand details from the controller concerning the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipient to whom the personal data concerning you were or will be disclosed;
(4) the planned period for which the personal data concerning you will be stored or, if it is not possible to provide specific information on this, the criteria used to determine that period;
(5) he existence of a right to rectification or erasure of the personal data concerning you, of a right to restriction of processing by the controller or of a right of objection to this processing;
(6) das the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information about the origins of the data, if the personal data were not collected from the data subject;
You also have the right to demand information on whether the personal data concerning you are transferred to a third country or an international organisation. In this regard you can demand to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in relation to the transfer.
2. Right to rectification.
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are incorrect or incomplete. The controller must bring about the rectification without undue delay.
3. Right to restriction of processing.
Under the conditions set out below, you can demand that the processing of the personal data concerning you be restricted:
(1) if you dispute the accuracy of the personal data concerning you, for a period of time that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) if the controller no longer needs the personal data for the purposes of the processing, but you require this for the establishment, exercise or defense of legal claims; or
(4) if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR pending verification of whether the legitimate grounds for the controller override your grounds.
If the processing of the personal data concerning you were restricted, these data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing was restricted in accordance with the above requirements, you will be informed by the controller before the restriction is lifted.
4. Right to erasure.
- a) Obligation to erase
You can demand that the controller erase any personal data concerning you without undue delay and the controller will be obliged to erase such data without undue delay if one of the following grounds exists:
(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw consent on which the processing is based according to point (a) of Art. 6(1) or point (a) of Art. 9(2) GDPR, and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;
(4) the personal data concerning you have been unlawfully processed.
(5) the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; or
(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
- b) Information to third parties
If the controller has made the personal data concerning you public and if he is obliged pursuant to Art. 17(1) GDPR to erase them, then he, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
- c) Exceptions
The right to erasure does not exist to the extent that processing is necessary
(1) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(2) for the establishment, exercise or defense of legal claims.
5. Right to be informed.
If you have exercised your right to have the controller rectify or erase the personal data concerning you or restrict their processing, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have a right vis-à-vis the controller to be informed of these recipients.
6. Right to data portability.
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit these data to another controller without hindrance from the controller to which the personal data were given, provided that
(1) the processing is based on consent pursuant to point (a) of Art. 6(1) or point (a) of Art. 9(2) GDPR or on a contract pursuant to point (b) of Art. 6(1) GDPR; and
(2) the processing is carried out by automated means.
In exercising this right to data portability, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must be without prejudice to the freedoms and rights of other persons.
7. Right to object.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on points (e) or (f) of Art. 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw consent under data protection regulations.
You have the right at any time to withdraw consent given under data protection regulations. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to the withdrawal.
9. Right to lodge a complaint with a supervisory authority.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint was lodged will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
IX. Competitions.
- a) On our website, there is occasionally the opportunity to take part in a competition in connection with inclusion in our newsletter mailing list. As part of the competition participation, the data necessary for the implementation of the competition, such as e-mail address, is collected.
- b) We process competition data for the purpose of running the competition and for inclusion in the newsletter mailing list. If you have given us your consent, the legal basis for processing the data is Art. 6 para. 1 sentence 1 lit. a) GDPR. Insofar as the processing of the above data takes place for the initiation of contractual relationships, the legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR.
- c) The purpose of the data processing is both to determine the winner and to enable contact to be made in the event of a win and inclusion in our newsletter distribution list.
- d) The data used to determine the winner will be deleted no later than 30 days after the end of the competition. Deletion will not take place if further processing and storage of your personal data is necessary in individual cases for the assertion, exercise or defense of legal claims. In this case, we have a legitimate interest in the further processing and storage of your personal data. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR. Your personal data will not be deleted even if we are obliged by law to continue storing your personal data. The data for inclusion in the newsletter distribution list will be processed as described in the “Newsletter” section of this privacy policy.