I. Name and address of the controller
The controller in the sense of the General Data Protection Regulation and other national data protection laws in the member states as well as other data protection law provisions is:
Rhenus SE & Co. KG
Rhenus Platz 1
59439 Holzwickede
Germany
Phone: +49 (0)2301 29-0
Email: info@de.rhenus.com
Website: www.rhenus.com
II. Name and address of the data protection officer
The controller’s data protection officer is:
Data Protection Officer
Rhenus Platz 1
59439 Holzwickede
Germany
Email: datenschutz@de.rhenus.com
Website: www.rhenus.com
We would like to provide you with the following notes and information regarding the way that we carefully protect your private details and the extensive level of confidentiality when handling your data:
III. General information on data processing
1. The scope of processing personal data
We generally only gather and use personal data from our users if this is necessary to make available a well-functioning website as well as our content and services. The collection and usage of our users’ personal data normally takes place only after users have provided their consent for this. An exception applies in those situations where it is impossible to obtain any consent in advance for practical reasons and where the processing of data is allowed by statutory provisions.
2. The legal basis for processing personal data
If we obtain consent from the persons concerned to process their personal data, Article 6 Para. 1 a) of the EU General Data Protection Regulation (GDPR) acts as the legal basis for this.
When processing personal data, which is necessary to complete a contract, in which the person concerned is a party to the contract, Article 6 Para. 1 b) of the GDPR acts at the legal basis for this. This also applies to processing procedures that are necessary to complete pre-contractual measures.
If it is necessary to process personal data to satisfy a legal obligation, to which our company is subject, Article 6 Para. 1 c) of the GDPR acts as the legal basis for this.
If absolutely essential interests of the person concerned or of a different natural person make it necessary to process personal data, Article 6 Para. 1 d) of the GDPR acts as the legal basis for this.
If the processing of the data is necessary to maintain a legitimate interest of our company or of a third party and if the interests, basic rights and basic freedoms of the person concerned do not override the interest that was first mentioned, Article 6 Para. 1 f) of the GDPR acts as the legal basis for processing the data.
3. Deleting data and storage period
The personal data of the person concerned shall be deleted or blocked as soon as the purpose of the storage has lapsed. Storage may take place beyond this if this has been envisaged by the European or national laws, in EU legal regulations, acts or other provisions, to which the controller is subject. Any blockage or deletion of data shall also take place if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data in order to sign an agreement or perform a contract.
IV. Making available the website and generating log files
1. Anonymous data collection
In principle, you can use our websites without informing us who you are. We only learn about technical data like the name of your Internet service provider, the website from which you come and the corporate websites that you visit. This information is assessed with the date and time details for internal statistical purposes related to advertising, website analysis and for designing our websites to meet needs. You remain completely anonymous as a user in this process. No pseudonymised user profiles are generated.
2. The legal basis for any processing of data
The legal basis for temporarily storing the data is found in Article 6 Para. 1 f) of the GDPR.
3. The purpose of processing data
The temporary storage of the IP address by the system is necessary in order to enable the website to be sent to the user’s computer. The user’s IP address must be stored for the duration of the session. Our legitimate interest in processing data is also found in Article 6 Para. 1 f) of the GDPR for these purposes.
4. The length of time that data is stored
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was gathered. When gathering data to make available the website, deletion occurs once the session in question has ended.
5. Opportunity to object and to have the data removed
The logging of data for making available the website and storing data in log files is absolutely necessary to operate the Internet site. There is therefore no opportunity for the user to object to this.
V. Using cookies
a.) Description and scope of the data processing
We make use of cookies to improve the quality of establishing the link with and the content of our website and to provide user-oriented navigation that is as smooth as possible. We make use of so-called session cookies that are restricted to the time of your visit to the website. They are used to determine which content is viewed from your PC while you continue to surf and they also play a role in increasing your security when surfing. Once you leave our website or do not click on it for a certain time, these short-term cookies are deleted again.
Cookies cannot do any damage to your PC. They do not cause any security risk in the sense of viruses or spying on your PC. You control how cookies are handled yourself. Please use the help function in your browser to allow, reject, view and delete them.
We make use of cookies in order to make our website more user-friendly. Some elements on our website require us to identify the browser making the request after you move from one site to another. The following data is therefore stored and transmitted in the cookies:
We also use cookies that enable an analysis of the surfing behaviour of users. The following data can be transmitted in this way:
b.) The legal basis for processing the data
Article 6 Para. 1 f) of the GDPR forms the legal basis for processing personal data involving the use of cookies.
c.) The purpose of processing data
The purpose of using cookies that are required for technical purposes is to simplify the usage of the website for users. Some functions of our website are not available without using cookies. It is essential for them that the browser is recognised again after a change of site. We need cookies for the following applications:
The user data collected through the cookies required for technical purposes is not used to draw up any user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies enable us to see how the website is being used and we are then able to continually optimise our services. The following analysis cookies are used:
Our legitimate interest in processing personal data for this purpose can be found in Article 6 Para. 1 f) of the GDPR.
d.) The length of time that data is stored and the opportunity to object and to have the data removed
Cookies are stored on the user’s computer and are transmitted to our site by the latter. As a user, you therefore have full control over the use of cookies. By making changes to the settings in your Internet browser, you can deactivate or restrict the sending of cookies. Any cookies already stored can be deleted at any time. This can take place automatically too. If cookies are deactivated for our website, it may not be possible for you to make full use of all the functions available on the website.
VI. Newsletters
1. Description and scope of the data processing
Newsletters are sent on the basis of the user’s registration on the website:
It is possible to subscribe to a free newsletter on our website. The data entered on the input form is sent to us once you register for the newsletter. The following data is processed in this case:
The following data is also gathered when you register:
Your consent is obtained to process the data as part of the registration process and reference is made to this data protection declaration.
The newsletter is sent on the basis of the sale of goods or services:
If you purchase goods or services from our website and leave your email address there, we may use this subsequently to send out a newsletter. In this case, the newsletter is exclusively used to directly advertise our own similar goods or services.
No data is forwarded to third parties in conjunction with processing data to send out newsletters. The data is exclusively used for sending out the newsletter.
2. Description and scope of the data processing
Newsletters are sent on the basis of the user’s registration on the website:
The legal basis for processing the data, once the user has registered for the newsletter, is Article 6 Para. 1 a) of the GDPR, provided that the user has given consent for this.
The newsletter is sent on the basis of the sale of goods or services:
The legal basis for sending out the newsletter after the sale of goods or services is Section 7 Para. 3 of the German Act Against Unfair Competition.
3. The purpose of processing the data
The user’s email address is gathered for the purpose of delivering the newsletter.
Newsletters are sent on the basis of the user’s registration on the website:
The gathering of other personal data as part of the registration process is used to prevent any misuse of the services or the email address that is used.
4. The length of time that data is stored
The data is deleted as soon as it is no longer required to achieve the purpose for which it was gathered. The user’s email address is therefore stored for as long as the subscription to the newsletter is active.
Newsletters are sent on the basis of the user’s registration on the website:
The other personal data that is gathered as part of the registration process is normally deleted after a period of seven days.
5. Opportunities to object and to have the data removed
The user concerned can terminate the subscription to the newsletter at any time. There is an appropriate link in each newsletter for this purpose.
Newsletters are sent on the basis of the user’s registration on the website:
There is also an opportunity to cancel any consent to store the personal data that is gathered during the registration process.
VII. Registration
1. Description and scope of the data processing
We offer users the opportunity of registering by specifying personal data on our website. The data is entered on the input form and sent to us and stored. No data is forwarded to third parties. The following data is gathered as part of the registration process (login for file destruction at the online shop):
The following data is also stored at the time when you register:
The user’s consent to process this data is obtained as part of the registration process.
2. The legal basis for processing the data
The legal basis for processing the data is Article 6 Para. 1 a) of the GDPR, provided that the user has given consent for this.
If the registration process is used to perform a contract, to which the user is one party or to complete pre-contractual measures, Article 6 Para. 1 b) of the GDPR forms the additional legal basis for processing the data.
3. The purpose of processing the data
The user must register to perform a contract with the user or to complete pre-contractual measures.
The online shop cannot be used if the person concerned does not register.
4. The length of time that data is stored
This is the case for the data gathered to perform a contract or to complete pre-contractual measures if the data for completing the contract is no longer necessary. It may be necessary to store the contract partner’s personal data even after the contract has been completed in order to meet contractual or statutory obligations.
5. Opportunities to object and to have the data removed
As a user, you have the opportunity to cancel your registration at any time. You can have the data stored in relation to yourself amended at any time.
You can handle the change or the deletion of the stored data in the user management section (menu item: Edit user account).
If the data is necessary to perform a contract or to complete pre-contractual measures, the data can only be deleted early if there are no contractual or statutory obligations that oppose the deletion process.
VIII. Contact form and email contact
1. Description and scope of managing the data
There is a contact form on our website and it can be used to make contact electronically. If a user makes use of this facility, the data entered on the input form is sent to us and stored. This data involves:
Your consent to process the data is obtained as part of the sending procedure and reference is made to this data protection declaration.
Alternatively, it is possible to make contact via the email address that is made available. In this case, the user’s personal data that is sent with the email is stored.
No data is forwarded to third parties in conjunction with this. The data is exclusively used to process the conversation.
2. The legal basis for processing the data
Article 6 Para. 1 a) of the GDPR forms the legal basis for processing the data, provided that the user has given consent for this.
Article 6 Para. 1 f) of the GDPR forms the legal basis for processing the data that is transmitted when an email is sent. If the email contact is aimed at signing an agreement, Article 6 Para. 1 b) of the GDPR forms an additional legal basis for processing the data.
3. The purpose of processing the data
Any processing of the personal data from the input form is solely for the purpose of processing the first contact. If contact is made in the form of an email, there is also a legitimate and necessary interest in processing the data.
The other personal data processed when the email is sent is used to prevent any misuse of the contact form and guarantee the security of our IT systems.
4. The length of time that data is stored
The data is deleted as soon as it is no longer required to achieve the purpose for which it was gathered. This is the case for any personal data from the input form in the contact form and the data that is sent by email when the relevant conversation with the user has been concluded. The conversation has been ended when the circumstances suggest that the facts of the case in question have been finally resolved.
The personal data, which is also gathered during the sending procedure, is deleted after a period of seven days, at the very latest.
5. Opportunity to object and to have the data removed
Users have the opportunity of cancelling their consent for the personal data to be processed at any time. If users make contact with us by email, they can object to any storage of their personal data at any time. If this is the case, the conversation cannot be continued.
All the personal data, which is stored as part of the contact making procedure, is then deleted in this case.
IX. Google Analytics
This website makes use of functions provided by the web analysis service known as Google Analytics. The provider of this is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics makes use of so-called “cookies”. They are text files that are stored on your computer and enable an analysis of the use of the website. The information generated by the cookie about your use of this website is normally sent to a server operated by Google in the USA and stored there.
a.) IP pseudonymisation
We have activated the IP pseudonymisation function on this website. This means that your IP address is abbreviated by Google within the member states of the European Union or in other signatory countries to the Agreement on the European Economic Area before being sent to the USA. The complete IP address is only sent to a Google server in the USA in exceptional cases before being abbreviated there. Google will use this information on behalf of the operator of this website in order to assess your usage of the website, to compile reports about the website activities and to enable the website operator to provide other services associated with the use of the website and the Internet. The IP address sent from your browser by Google Analytics is not combined with any other data held by Google.
b.) Browser plug-ins
You can prevent the cookies from being stored by making the appropriate setting in your browser software; however, we would point out that you may not be able to fully make use of all the functions of this website, if you do so. You can also prevent the logging of the data generated by the cookie and related to your use of the website (including your IP address) being sent to Google or Google’s ability to process this data by downloading and installing the browser plug-in that is available at this link: tools.google.com/dlpage/gaoptout
c.) Objecting to the logging of data
You can prevent the logging of your data by Google by clicking on the following link. This generates an opt-out cookie, which will prevent any of your data being logged during future visits to this website: tools.google.com/dlpage/gaoptout
You can obtain more information about how user data is handled at Google Analytics in Google’s data privacy declaration: https://support.google.com/analytics/answer/6004245?hl=de
d.) Contract data processing
We have signed an agreement with Google to cover contract data processing and fully implement the strict stipulations of the German data protection authorities when using Google Analytics.
e.) Demographic features with Google Analytics
This website uses the “demographic features” function within Google Analytics. This means that it is possible to generate reports that contain statements about the age, gender and interests of the visitors to the site. This data comes from Google’s advertising that is related to interests and from visitor data from third-party providers. This data cannot be assigned to any particular person. You can deactivate this function by using the advertising settings in your Google account at any time or generally prohibit the logging of your data by Google Analytics, as demonstrated in the paragraph on “Objecting to the logging of data”.
X. Facebook plug-ins
Plug-ins from the Facebook social network are integrated on our websites; they are provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognise the Facebook plug-ins by the Facebook logo or the “Like” button (“I like”) on our website. You can obtain an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/
If you visit our sites, a direct connection between your browser and the Facebook server is established via the plug-in. Facebook therefore obtains the information that you have visited our site with your IP address. If you click on the Facebook “I like” button while you are logged into your Facebook account, you can link the content of our sites to your Facebook profile. Facebook is then able to assign your visit to our sites to your user account. We would point out that we as the provider of the sites do not obtain any knowledge about the content of the data that is transmitted or how Facebook makes use of it. You can find more information on this in Facebook’s data privacy declaration at: https://de-de.facebook.com/policy.php
If you do not want Facebook to be able to assign your visit to our sites to your Facebook user account, please log out of your Facebook user account.
XI. LinkedIn
Our website makes use of functions from the LinkedIn network. The provider here is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time that you access one of our sites, which contains the LinkedIn functions, a connection is established with the LinkedIn servers. LinkedIn is informed that you have visited our Internet sites with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our Internet site to you and your user account. We would point out that we as the provider of the sites do not know the content of the data that is transmitted or how LinkedIn uses this.
You can find more information on this in LinkedIn’s data privacy declaration at: https://www.linkedin.com/legal/privacy-policy
LinkedIn Insight Tag
The Insight Tag provided by the social network LinkedIn is used on our website. This is provided by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter “LinkedIn”). LinkedIn Insight Tag is a small piece of JavaScript code that we have added to our website.
The LinkedIn Insight Tag allows us to gather data about visits to our website, including the URL, referrer URL, IP address, device and browser properties, time stamp and pages viewed. This data is encrypted and then anonymised within seven days, and the anonymised data is deleted within 90 days. LinkedIn does not share personal data with us, it only provides summary reports about the website target group and ad performance. LinkedIn also provides a retargeting service for website visitors that allows us to use this data to show targeted adverts outside our website without identifying the member. LinkedIn members can manage the use of their personal data for advertising purposes in their account settings.
a) Purpose of data processing
The LinkedIn Insight Tag is used for the purpose of compiling detailed campaign reports and gathering information about visitors to our website, and thereby for the purpose of our advertising and marketing interests. As a customer of LinkedIn marketing solutions, we use the LinkedIn Insight Tag in order to track conversions, to carry out retargeting of our website visitors and to gather additional information about the LinkedIn members who see our adverts.
You’ll find details on data gathering (purpose, scope, additional processing, use) and information about your rights and settings options in LinkedIn’s privacy policy on the LinkedIn website: https://www.linkedin.com/legal/privacy-policy.
b) Legal basis for data processing
The legal basis for the processing of personal data is Article 6 Paragraph 1 Point f GDPR, that is a legitimate interest on our part. Our legitimate interest in this regard rests on the purposes outlined above.
c) Duration of storage
The data is encrypted, and then anonymised within seven days, and the anonymised data is deleted within 90 days.
However, as a user, you can also choose the settings for the execution of the JavaScript code necessary for the tool via your browser settings yourself at any time. By changing the settings in your internet browser you can deactivate or limit the execution of JavaScript, and thereby also prevent the storage of data. Please note: if the execution of JavaScript is deactivated, you may not be able to use all the functions of the website.
d) Objection and deletion options / Opt-out
If you are a LinkedIn member and do not want LinkedIn to gather data about you via our website and link that data to LinkedIn data relating to your membership, you will need to log out of LinkedIn before you visit our website.
Additionala you can deactivate the cookie completely, regardless of being a LinkedIn member. To do so, please click here:
Opt-Out
XII. YouTube
Our website makes use of plug-ins from the YouTube site that is operated by Google. The operator of the sites is YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, USA. If you visit one of our sites that is provided with a YouTube plug-in, a connection is established with the YouTube servers. Information is communicated to the YouTube server about which of our sites you have visited.
If you are logged into your YouTube account, you enable YouTube to directly assign your surfing behaviour to your personal profile. You can prevent this by logging out of your YouTube account.
You can find more information on how user data is handled in YouTube’s data privacy declaration at: https://www.google.de/intl/de/policies/privacy
XIII. Twitter
Plug-ins of the service Twitter are integrated on our websites. They are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit will be linked to your Twitter account and shared with other users. This data is also transmitted to Twitter. We would point out that we as the provider of the sites do not obtain any knowledge about the content of the data that is transmitted or how Twitter makes use of it. For more information, see the privacy policy of Twitter at: https://twitter.com/privacy.
You can change your Twitter privacy settings in the account settings at https://twitter.com/account/settings.
XIV. Instagram
We include functions of the online service Instagram on our website. Provider of these features is the Instagram Inc., 1601 Willow, Menlo Park, CA 94025, USA. The Instagram button allows you to visit our pages linked to your Instagram account, if you are logged in to Instagram. Instagram receives the information about your visit on our website and can assign this visit to your Instagram profile. We would point out that we as the provider of the sites do not obtain any knowledge about the content of the data that is transmitted or how Instagram makes use of it. You can find more information about Instagram data collection and use in the http://instagram.com/about/legal/privacy/.
XV. XING
Plugins of the social network XING are integrated on our websites, which are operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. The XING-Button is visible on one letter X on a light background. If you click this button while you are logged in with your Xing account, you can recommend the content of our website on XING. XING can assign the visit of our website to your account. We would point out that we as the provider of the sites do not obtain any knowledge about the content of the data that is transmitted or how XING makes use of it. To prevent that XING collects the abovementioned data, log off with XING.
The purpose and scope of the data collection and the further processing and use of the data by Xing as well as your rights and setting possibilities for the protection of your privacy can be read in the privacy policy of XING: https://www.xing.com/privacy.
XING and kununu
The “XING share button” and „kununu“ is in use on this website. Kununu is an application of the service XING. By accessing this website, your browser connects for a short time to the XING SE (“XING”) servers which provide the “XING share button” features (including the visitor counter). XING does not save any of your Personal Data if you access this website. XING does not store IP addresses, nor does it use cookies to monitor your behaviour with regard to the “XING share button”.
Please visit the following website to view the latest privacy policy for the “XING share button” and other information https://dev.xing.com/plugins/share_button/privacy_policy and the privacy policy for „Kununu“ https://www.kununu.com/de/info/datenschutz.
XVI. Google reCAPTCHA
On our website we use Google reCAPTCHA to check and avoid interactions on our website through automated access, for example through so-called bots. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.
Through the certification according to the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection requirements of the EU will also be complied with when processing data in the USA.
This service enables Google to determine which website is sending a request and from which IP address you are using the so-called reCAPTCHA input box. In addition to your IP address, Google may also collect other information that is necessary to provide and guarantee this service.
The legal basis is Art. 6 Para. 1 lit. f) DSGVO. Our legitimate interest lies in the security of our Internet presence and in the defence against unwanted, automated access in the form of spam or similar.
Google offers
https://policies.google.com/privacy
to provide further information on the general handling of your user data.
XVII. Data collection, storage and processing using pixel-code technology
Rhenus SE & Co. KG uses products and services for analysis and marketing purposes, which are provided by Visable GmbH (www.visable.com) in cooperation with them. To that end, pixel-code technology is used to collect, process and store data in order to create at least pseudonymised, but where possible and meaningful, completely anonymous user profiles. Data collected, which may initially still include personal data, is transmitted to Visable or is collected directly by Visable and is used to create the aforementioned user profiles there. Visitors to this website are not personally identified and no other personal data is merged with the user profiles. If IP addresses are identified as personal, they are immediately deleted. You can object to the processing operations described with future effect at any time: Exclude from Tracking (Note: Link sets a 1st-party cookie for an opt-out)
XVIII. The rights of people concerned
1. The right to information
You may request confirmation from the controller about whether we are processing any personal data related to you.
If this kind of processing is taking place, you can request information about the following details from the controller:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data that are being processed;
(3) the recipients or the categories of recipients to whom the personal data related to you has been disclosed or is still being disclosed;
(4) the planned time span for storing the personal data related to you or, if specific details on this are not possible, the criteria for determining the time span for storage;
(5) the existence of any right to correct or delete the personal data related to you, a right to restrict the processing of the data by the controller or a right to object to this processing of data;
(6) the existence of a right to make a complaint to a supervisory authority;
(7) all the information that is available about the origin of the data, if the personal data is not being gathered from the person involved;
(8) the existence of an automated individual decision-making facility, including profiling, according to Article 22 Para. 1 and 4 of the GDPR and – at least in these cases – clear information about the logics involved as well as the scope and the envisaged effects of this kind of processing for the person concerned.
You have the right to request information about whether the personal data related to you is being sent to a third country or to an international organisation. In this connection, you can demand that you are informed about the suitable guarantees according to Article 46 of the GDPR in connection with any transfer of data.
2. The right to correction
You have the right to have the controller correct and/or complete any data, if the personal data that is being processed and concerns you is incorrect or incomplete. The controller must make the correction immediately.
3. The right to restrict the data processing
You may demand restrictions on the processing of the personal data related to you in the following situations:
(1) if you dispute the correctness of the personal data related to you for a period that enables the controller to check the correctness of the personal data;
(2) if the processing of the data is illegal and you reject any deletion of your personal data and demand that restrictions are placed on the use of your personal data instead;
(3) if the controller no longer requires the personal data for the purposes of processing it, but you require it to assert, exercise or defend legal claims; or
(4) if you have lodged an objection to the processing according to Article 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons presented by the controller override your reasons.
If any restrictions have been imposed on processing the personal data related to you, this data may only be processed with your consent – apart from storing it – or to assert, exercise or defend legal claims or to protect the rights of a different natural person or legal entity or for reasons justifying an important public interest for the Union or a member state.
If the restriction for processing the data has been limited in line with the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
4. The right to deletion
a) The obligation to delete data
You may demand from the controller that the personal data related to you is deleted immediately and the controller shall be obliged to delete this data immediately if one of the following reasons applies:
(1) the personal data related to you is no longer required for the purposes for which it was gathered or processed in some other way;
(2) you withdraw your consent, on which the processing of the data was based according to Article 6 Para. 1 a) or Article 9 Para. 2 a) of the GDPR, and there is no other legal basis for processing the data;
(3) you lodge an objection against any processing of the data according to Article 21 Para. 1 of the GDPR and there are no overriding legitimate reasons for the processing of the data or you lodge an objection to the processing of the data according to Article 21 Para. 2 of the GDPR;
(4) the personal data related to you has been processed illegally;
(5) the deletion of the personal data related to you is necessary to fulfil a legal obligation according to the laws of the Union or the law of the member states, to which the controller is subject;
(6) the personal data related to you was gathered in relation to information society services according to Article 8 Para. 1 of the GDPR.
b) Information forwarded to third parties
If the controller has published the personal data related to you and if it is obliged to delete it according to Article 17 Para. 1 of the GDPR, it shall adopt suitable measures, taking into account the available technology and the implementation costs, including those of a technical nature, to inform those responsible for processing the personal data that you, as the person concerned, have requested the deletion of all the links to this personal data or copies or replicas of this personal data.
c) Exceptions
There is no right to have the data deleted if the processing of the data is required:
(1) to exercise the right of free expression and information;
(2) to meet a legal obligation, which requires the processing of the data according to the laws of the Union or the member states, to which the controller is subject, or to perform a task that is of public interest or takes place in connection with exercising any state authority that has been transferred to the controller;
(3) for reasons of public interest in the field of public health according to Article 9 Para. 2 h) and i) as well as Article 9 Para. 3 of the GDPR;
(4) for archiving purposes that are in the public interest, scientific or historical research purposes or for statistical purposes according to Article 89 Para. 1 of the GDPR, if the right cited in paragraph a) will probably make the achievement of the goals of this processing of data impossible or will serious impair it; or
(5) to assert, exercise or defend legal claims.
5. The right to information
If you have asserted the right to have the processing of the data corrected, deleted or restricted by the controller, the latter is obliged to inform all the recipients, to which the personal data related to you has been disclosed, to have the data corrected or deleted or the processing of it restricted, unless this proves to be impossible or is associated with a disproportionate amount of effort and expense.
You also have the right to be informed about these recipients by the controller.
6. The right to data portability
You have the right to receive the personal data related to you, which you have made available to the controller, in a structured, conventional and machine-readable format. You also have the right to transfer this data to a different controller without any obstruction by the first controller, to which the personal data was made available, if
(1) the processing of the data is based on consent in line with Article 6 Para. 1 a) of the GDPR or Article 9 Para. 2 a) of the GDPR or on a contract according to Article 6 Para. 1 b) of the GDPR and
(2) the processing of the data takes place using automated procedures.
When exercising this right, you also have the right to ensure that the personal data related to you is directly transferred from one controller to a different controller, if this is technically feasible. The freedoms and rights of other persons may not be impaired by this process.
The right to data portability shall not apply to any processing of personal data that is necessary to perform a task that is in the public interest or takes place in connection with exercising any state authority that has been transferred to the controller.
7. The right to object
You have the right to lodge an objection at any time to the processing of the personal data related to you, if this takes place according to Article 6 Para. 1 e) or f) of the GDPR, for reasons arising from your particular situation; this shall also apply to any profiling supported by these stipulations.
The controller shall no longer process the personal data related to you, unless it can prove that there are compelling reasons needing to be protected for the processing of the data, which override your interests, rights and freedoms, or if the processing of the data is used to assert, exercise or defend legal claims.
If the personal data related to you is processed to provide direct marketing, you have the right to lodge an objection to the processing of the personal data related to you for the purpose of this kind of advertising at any time; this shall also apply to profiling, if it is connected to this kind of direct marketing.
If you object to the processing of the data for the purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.
You have the opportunity of exercising your right to object by means of automated procedures where technical specifications are used in conjunction with the use of information society services – regardless of Directive 2002/58/EC.
8. The right to cancel the declaration of consent under data protection law
You have the right to cancel your declaration of consent provided under data protection law at any time. By cancelling your consent, the legitimacy of the processing of the data that was performed on the basis of your consent until your cancellation shall not be affected.
9. Automated decision-making in an individual case, including profiling
You have the right not to be subjected to a decision exclusively based on automated processing – including profiling – which takes legal effect with regard to you or significantly impairs you in a similar manner. This shall not apply if the decision
(1) is required to conclude or perform a contract between you and the controller,
(2) is permissible on the basis of legal stipulations in the Union or the member states, to which the controller is subject, and these legal stipulations contain appropriate measures to maintain your rights and freedoms and your legitimate interests or
(3) is made with your explicit consent.
However, these decisions may not be based on special categories of personal data in line with Article 9 Para. 1 of the GDPR, if Article 9 Para. 2 a) or g) of the GDPR does not apply and appropriate measures to protect the rights and freedoms and your legitimate interests have been adopted.
As regards the cases cited in paragraphs (1) and (3), the controller shall adopt appropriate measures in order to maintain the rights and freedoms as well as your legitimate interests, which must at least include the right to enable the intervention of a person with the controller to outline your own point of view and to contest the decision.
10. The right to lodge a complaint to a supervisory authority
Regardless of any different administrative law or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, your place of work or the place of the alleged breach, if you believe that the processing of the personal data related to you breaches the GDPR.
The supervisory authority, to which the complaint was lodged, shall inform the person lodging the complaint about the status and the results of the complaint, including the possibility of judicial remedies in line with Article 78 of the GDPR.