We, Organisemee UG (limited) develop and run the service "Organiseme" (www.organiseme.com) for online organization and management of tasks. This service can be used both by individual computer users as well for the online-collaboration between computer users. In this respect, the following preliminary remarks apply.
Sharing Data Between Users
Collaboration in Organiseme takes place within interactive workspaces (the “task lists” or “task boards”). Users can transfer data to these lists and boards. Once the user shares a list or board with other users, also some of this data (e.g. users’ names, their profile pictures, the content they contributed, information about when they contributed) is also shared to enable the collaboration.
We have no influence on data sharing between users.
The responsible person within the meaning of the General Data Protection Regulation law and other national data protection laws within Germany's federal states, as well as any other provisions on data protection, is:
Organisemee UG
Hohenstaufenweg 15
76337 Waldbronn
Germany
Email: info@organisemee.com
Websites:
www.organiseme.com
www.organisemee.com
Data Protection Officer
Organisemee UG (haftungsbeschränkt)
Hohenstaufenweg 15
76337 Waldbronn
Germany
Email: dataprotectionofficer@organisemee.com
1. Scope of processing of personal data
Personal data is requested and collected while registering for Organiseme, using the services and apps, and visiting the web sites. The personal information is used to operate the services, to improve the services, for anonymous statistics, and for communication with the users.
We generally only process our users' personal data if we require this data to offer you the full functionality of our website and services, or if the information is required for access to our content and services. Users' personal data is usually only processed once the user provides their consent. The exception to this rule applies in cases in which it is not possible to obtain prior consent for practical reasons and the processing of this data without permission is permitted by law.
Transmission and Disclosure of Personal Data
In the context of our processing of personal data, it may happen that the data is transferred to other places, companies or persons or that it is disclosed to them. Recipients of this data may include, for example, payment institutions within the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are embedded in a website. In such a case, the legal requirements will be respected and in particular corresponding contracts or agreements, which serve the protection of your data, will be concluded with the recipients of your data.
2. Legal basis for processing personal data
Article 6, section 1, item a) of the EU General Data Processing Regulation (GDPR) serves as the legal basis for processing personal data in cases where the user has provided permission for us to do so. In cases where processing personal data is necessary for the performance of a contract that the user in question has signed, article 6, section 1, item b) of the GDPR applies. This also applies for processing procedures that are required for the performance of pre-contractual measures. If the processing of personal data is required for the fulfilment of legal obligations that our company is subject to, article 6, section 1, item c) of the GDPR applies. For cases in which the vital interests of the person concerned, or those of another natural person, make it necessary to process personal data, article 6, section 1, item d) of the GDPR applies. If the processing of personal data is necessary to safeguard the interests of our company or a third party, and the interest, fundamental rights and freedoms of the data subject do not outweigh these interests, article 6, section 1, item f) of the GDPR applies as the legal basis for processing data.
3. Erasure of data and duration of data storage
The personal data of the person concerned is deleted or blocked as soon as the data has served its purpose. Data may be stored beyond this period if provisions are made to this effect by European and national legislators in regulations, laws or other legal texts in accordance with the union law that the data controller is subject to. The data will also be deleted or blocked if the storage period specified in these regulations expires, unless the storage of this data for a longer period is required for the conclusion of a contract or the fulfilment of contractual obligations.
1. Description and scope of data processing
In order to provide our apps and online services as well as the integration with third party applications (i.e. integration with Google Workspace applications) securely and efficiently, we use the services of several web hosting and service providers with whose servers (or servers they manage) data can is exchanged. For these purposes, we use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.
The data processed within the framework of the provision of the online services, the smart phone apps as well as the integration with third party applications may include all information relating to the users of our apps and online services that is collected in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of apps and online services to browsers and devices, and all entries made within our apps and online services or from websites.
Collection of Access Data and Log Files
We, ourselves or our web hosting provider, collect data on the basis of each access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a general rule, IP addresses and the requesting provider.
The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers.
Each time our website or services are accessed, our system automatically collects data and information from the computer system of the user accessing the site or service. The following data is collected as part of this process:
1.1. Informationen über den Browsertyp und die verwendete Version
1.2. The user's operating system
1.3. The user's internet service provider
1.4. The user's IP address
1.5. The date and time of website and service access
1.6. Website from which the user's system directs the user to our website or service
1.7. Any websites the user's system accesses via our website or service
Data is also stored in log files on our system. Neither this data nor any other personal data about the user is stored.
2. Legal basis for processing data
The legal basis for temporary storage of data and log files can be found in article 6, section 1, item f) of the GDPR.
3. Purpose of processing personal data
Temporary storage of IP addresses on the system is necessary in order to make the website and services available on the user's computer. The user's IP address must be stored for the duration of the session. IP addresses are stored in log files to ensure the functionality of the website and services. This data also helps us to optimise our website and services and ensure the security of our IT systems. Data stored in this way is not evaluated for marketing purposes. These purposes also constitute legitimate interest for processing data within the meaning of article 6, section 1, item f) of the GDPR.
4. Duration of storage
Data is deleted as soon as the purposes it has been collected for have been fulfilled. If the collection of data is necessary for the provision of the website and services, data is deleted as soon as the respective session is complete.
If data is stored in log files, data will be deleted no more than 14 days after the website or service is accessed. It is possible that data will be stored for a longer period. In this case, the user's IP address is deleted or distorted, to ensure that the customer accessing the site can no longer be identified.
5. Revocation and deletion
The collection of data for the provision of the website and services, and the storage of data in log files is essential to the operation of the website and services. There is therefore no possibility for the user to opt out.
1. Description and scope of data processing
Our website and services use cookies. Cookies are small text files stored in your website browser/in the website browser of the user's computer system. When a user accesses a website or service, a cookie may be stored on the user's operating system. This cookie contains a unique string of characters that make it possible to identify the browser if the user accesses the website or the service again. We use cookies to make our website and services more user-friendly. Certain elements on our website and services require us to be able to identify the browser of the user accessing the website or service even if the user comes back to the site after leaving.
The following data is stored and transmitted in the cookies:
a) cookie policy: to see whether the user has agreed that Organiseme may use cookies. If so, the user session ID explained below can be set in a cookie.
b) user session ID: in order to recognize the user again, and then to automatically log the user back into the Organiseme online application without the user having to re-enter his access data or log in again using a Google account. This user session ID is renewed after a certain time interval, so that the user must then log in again the next time the online application is called up.
Our website and services also use cookies that enable us to analyse the browsing behaviours of users. As a result, the data contained in the list may be transmitted: The data collected can be found in the list above. User data collected in this way is pseudonymised by means of technical procedures where possible. This means it is no longer possible to attribute the data to the user accessing the website or the services. The data is not stored together with the user's other personal data. When our website or our services are accessed and in the registration process for our product, the user is informed of the use of cookies on the website or on the services for the purposes of analysis and a link to this data protection declaration is provided. Information is also provided on how the storage of cookies can be prevented in their browser settings. Each time a user accesses our website or our services, they are informed of the use of cookies for the purpose of analysis and are requested to provide permission for their personal data to be processed in this way. They are also provided with a link to this data protection declaration.
2. Legal basis for processing data
The legal basis for processing personal data using technical cookies can be found in article 6, section 1, item f) of the GDPR. The legal basis for processing personal data using cookies for the purposes of analysis is the users consent, which can be found in article 6, section 1, item a) of the GDPR.
3. Purpose of processing personal data
The purpose of using technical cookies is to make the website and services easier for the user to navigate. Certain functions on our website and services cannot be provided without the use of cookies. For these functions, it is necessary for the website to be able to recognise the browser even after the user navigates away from the website.
User data collected using technical cookies is not used to create user profiles. The purpose of analytical cookies is to improve the quality and content of our website and services. Using analytical cookies, we can learn about how our website and services are used in order to continuously improve it. These purposes also constitute legitimate interest for processing of personal data within the meaning of article 6, section 1, item f) of the GDPR.
4. Duration of storage/revocation and deletion options
Cookies are stored on the user's computer before being transferred to our website or our services. Users therefore have full control over how cookies are used. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. Stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website or our services, it is possible that certain functions will no longer be available.
1. Description and scope of data processing
We provide users with the option to register on our website or on our smartphone apps by entering their personal data. This data is entered into an online registration form before being transferred to us and stored on our system. This data is not shared with any third parties. The following data is collected as part of the registration process:
1.1. Name
1.2. Email address
1.3. Chosen password
1.4. Language
1.5. Country
1.6. Time Zone
Furthermore, for the same purposes we also process the data that the user voluntarily provides when registering. The data will be used by us for providing the respective user account of our services. Data is stored in a central user account where it can be viewed, changed and updated by the user at any time there. We use qualified payment providers for billing purposes and process payment data in the case of certain payment methods for the purpose of collecting the claims. This applies in particular if legal requirements or internationally agreed financial security standards such as PCI DSS (Payment Card Industry Data Security Standard) make this necessary. At the time of registration, the following additional data is collected:
1.7. The user's IP address
1.8. The date and time of subscription
1.9. Country of user
Users are asked to provide their consent for this data to be processed as part of the registration process.
2. Legal basis for processing data
The legal basis for processing data once consent has been provided can be found in article 6, section 1, item a) of the GDPR. If registration is required for the fulfilment of a contract the user is party to, or for the implementation of pre-contractual measures, an additional legal basis for the processing of this data can be found in article 6, section 1, item b) of the GDPR.
3. Purpose of processing personal data
Users are required to register on our website or our services for the purposes of concluding contracts or for the implementation of pre-contractual measures.
4. Duration of storage
Data is deleted as soon as the purposes it has been collected for have been fulfilled. This applies to data collected during the registration process in order to conclude a contract or for the implementation of pre-contractual measures, if the data is no longer required for the fulfilment of the contract. Even once the contract has been concluded, it may be necessary to store the contractual partner's personal data in order to meet contractual or statutory obligations. Your data will be deleted after the end of the contract, unless statutory provisions (e.g. from tax law) provide for longer storage.
5. Revocation and deletion options
As a user, you have the option to cancel your registration at any time. You also have the option to modify the data you have provided at any time. If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, data can only be deleted if there are no legal requirements preventing the deletion of this data.
You can sign up for our service with your Google account. You are forwarded by a link to the website from Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), where you can log in with your Google login credentials.
1. Scope of processing of personal data
When you sign in using your Google account, your Google profile will be linked to our service. Please note that we have no influence on the processing of data by Google. Please note that you may need to log out of your Google account after the transfer process. We receive the following information from Google: Name, surname, email address The only information that we use from Google is the following: Name, surname, email address and profile photo. This information is mandatory for the registration and the login to be able to identify the user. The profile photo is not needed for registration or login yet improved the usability of the application for the user. For more information about Google, please see Google Privacy Policy and Terms of Service.
2. Legal basis for processing personal data
The legal basis for processing personal data in the subscription or registration process can be found in article 6, section 1, item f) of the GDPR.
3. Purpose of processing personal data
Registration and login via Google is used to make your registration and login to our product as convenient as possible.
4. Duration of storage
Data provided to us from Google is deleted as soon as the purposes it has been collected for have been fulfilled. Collected data is for the provision of our product, data is deleted as soon as the respective session is complete. If data is stored in log files, data will be deleted no more than 14 days after the website or service is accessed. It is possible that data will be stored for a longer period. In this case, the user's IP address is deleted or distorted, to ensure that the customer accessing the site can no longer be identified.
5. Revocation and deletion
Users have the possibility to cancel the registration at any time. You can change or delete the data stored about you at any time.
1. Description and scope of data processing
To communicate new features, changes (e.g. new functionalities or new integrations with other online applications) or, if necessary, current problems ,Organiseme sends newsletters to registered users. The following data transmitted to us during registration will be used:
1.1. Name and Surname
1.2. Email address
1.3. Language
During the subscription process, the user is asked to provide their consent for their data to be processed. A link to this data protection declaration is also provided.
We analyse the distribution and reception of our newsletter in order to continuously optimise its content. For example, we record how many users open our newsletters and which articles are clicked on most frequently by subscribers. The newsletters contain a small file that is retrieved from the sending server when the newsletter is opened. Technical information such as IP address and a time stamp are also transmitted.
1.4. Email address
1.5. IP address
1.6. Time stamp
A third party provider is used to send and monitor the success of the newsletter. Therefore, the name, email address and language are transferred to the third party provider. The service provider is listed in the data protection declaration as Pabbly.
2. Legal basis for processing data
The legal basis for processing data as part of our newsletter subscription process can be found in article 6, section 1, item a) of the GDPR. The legal basis for sending a newsletter to users who have purchased goods or services can be found in article 7, section 3 of the German Fair Trade Practices Act (UWG).
3. Purpose of processing personal data
The newsletter is sent out to communicate new features or changes as well as upcoming maintenance work or current problems with access to the online application. The sending of newsletters thus serves the user-friendliness and, if necessary, security measures.
The performance analysis of the newsletter delivery serves to continuously optimize our products and articles.
4. Duration of storage
The above-mentioned data, in particular the user's email address, is therefore stored by the third-party provider used to send newsletters as long as the business relationship with the user exists. As soon as the user deletes his account with Organiseme, the data from the third-party provider for sending the newsletter is also deleted with a delay of max. 1 month.
5. Revocation and deletion options
Users can unsubscribe from our newsletter at any time. A link is provided in each newsletter that users can click on to unsubscribe Users can also unsubscribe by using the privacy dashboard of our products. The option is also provided to revoke permission for the storage of any personal data collected during the subscription process.
1. Description and scope of data processing
A contact form is available on our website that can be used to get in touch with us online. If a user takes advantage of this service, the data entered into the contact form is transferred to us and stored on our system. This data includes: At the time at which the message is sent, the following additional data is collected:
1.1. Name
1.2. Email
1.3. Type of query (e.g. technical issue, handling issue)
1.4. Application the query refers to (e.g. web application, mobile app)
During the subscription process, the user is asked to provide their consent for their data to be processed. A link to this data protection declaration is also provided. Alternatively, it is possible to contact us using the email address provided. In this case, the personal data transferred when the email was sent is stored on our system. None of the data collected for these purposes is shared with third parties. The data is used exclusively for the purpose of processing the conversation.
2. Legal basis for processing data
The legal basis for processing data once consent has been provided can be found in article 6, section 1, item a) of the GDPR. The legal basis for processing data transferred when a user sends an email can be found in article 6, section 1, item a) of the GDPR. If the email is sent for the purposes of concluding a contract, the legal basis for processing this data can also be found in article 6, section 1, item b) of the GDPR.
3. Purpose of processing personal data
The sole purpose of processing personal data provided in our on-line form is to process any communication between our company and the respective user. If a user contacts us by email, this also constitutes a legitimate interest for processing data. Any other data processed when a user sends an email is used to prevent the misuse of our contact form and ensure the security of our IT systems.
4. Duration of storage
Data is deleted as soon as the purposes it has been collected for has been fulfilled. In the case of personal data entered into the contact form, as well as any data sent to us by email, data is deleted once the respective conversation with the user is terminated. The conversation is deemed as terminated once the respective situation is resolved. Any additional personal data collected when an email is sent is generally deleted no later than 14 days after being stored.
5. Revocation and deletion options
The user has the option to revoke their consent for their data to be processed at any time. If the user contacts us by email, they can revoke their consent for their data to be stored at any time. In this case, the conversation cannot be carried on any further. In this case, all personal data provided during the contact procedure is deleted.
1. Scope of processing of personal data
As part of contractual and other legal relationships, we offer efficient and secure payment options through payment service providers who process your credit card information and account data in accordance with the PCI-DSS regulations (“Payment Card Industry Data Security Standard”). Among other things, this means that we ourselves have no access to this data, that the data is only exchanged directly with the payment service provider in encrypted form, and is only stored there in a database to which only authorized personnel have access. After successfully entering the credit card information, we will only receive such data from the payment service provider that we must be informed of in order to process transactions correctly and to defend ourselves against possible claims (e.g. a transaction number, the type of credit card, the expiry date, the last 4 digits of the credit card number).
For easy payment, we have selected the international payment service provider “Paypal”, which is particularly popular among consumers, and technically linked it with Organiseme via a standard interface. With PayPal, both computer users who are already registered with PayPal and computer users who do not have a PayPal account can process payments for Organiseme.
For corporate customers, payment on invoice and with bank transfer is also possible.
2. Legal basis for processing data
The legal basis for processing data once consent has been provided can be found in article 6, section 1, item a) of the GDPR. The legal basis for processing data transferred when a user sends an email can be found in article 6, section 1, item a) of the GDPR. If the email is sent for the purposes of concluding a contract, the legal basis for processing this data can also be found in article 6, section 1, item b) of the GDPR.
3. Purpose of processing personal data
The payment of Organiseme with the involvement of a payment service provider serves to be able to use Organiseme after the end of the free trial phase. With the exception of the trial phase, the use of Organiseme is chargeable.
4. Duration of storage
The data transmitted to us by the payment service provider, with which the payment is confirmed, will be deleted immediately if it is entered in the profile of the user which version of Organism was paid for by the user according to the usage period (usually 12 months).
5. Revocation and deletion options
The user has the option to revoke their consent for their data to be processed at any time. If the user contacts us by email, they can revoke their consent for their data to be stored at any time. In this case, the conversation cannot be carried on any further. In this case, all personal data provided during the contact procedure is deleted.
1. Scope of processing of personal data
1.1 Google Analytics
This website and services uses Google Analytics with Google Tag Manager, a web analytics tool provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files saved on your computer, to help the website or service to analyze how you use the site. The information generated by the cookie and regarding your behavior when using the website or service (including your IP address) will be transmitted to and stored by Google on servers in the United States. If the the IP anonymization is activated, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area before transferring data. Only in exceptional cases, the full IP address is sent to Google servers in the USA and then shortened. On behalf of the website or service provider, Google will use this information for the purpose of analyzing your behavior when you are using the website or service, compiling reports on website activity and providing other services relating to website activity and internet usage to the website or service provider. Google will not link your IP address to any other data stored by Google. You may disable cookies by selecting the appropriate settings in your browser. However, please note that if you do this, you may not be able to use the full functionality of this website and services. Furthermore, you can object to forwarding the data collected with cookies when you visit this website (including the IP address) to Google and prevent Google from processing of data by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en-GB. Google Analytics cookies are stored on the basis of Article 6, section 1, item a) GDPR. The storage is unlimited in time, unless you make use of your possibilities to opt out. In exceptional cases, Google Analytics transfers personal data into the USA, which is subjected to the EU-US-Privacy-Shield https://www.privacyshield.gov/EU-US-Framework . (Legal basis for the use of Google Analytics is Article 6, section 1, item f) GDPR) Information on Google: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Terms of service: https://www.google.com/analytics/terms/us.html, Overview of Privacy Policy: http://www.google.com/intl/en/analytics/learn/privacy.html, Privacy Policy declaration: http://www.google.de/intl/en/policies/privacy.
1.2 Google Analytics Remarketing
Our websites and our services use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behaviour on one device (e.g. your mobile phone), on other devices (such as a tablet or computer). Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging. To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion. You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/. The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Article 6, section 1, item a) GDPR. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Article 6, section 1, item f) GDPR. The website or service operator has a legitimate interest in analysing anonymous user behaviour for promotional purposes. For more information and the Google Privacy Policy, go to: https://www.google.com/policies/technologies/ads/
1.3 Google AdWords und Google Conversion-Tracking
We use Google AdWords. AdWords is an online advertising program of Google Inc, 1600 Amphi- theatre Parkway, Mountain View, CA 94043, United States ("Google"). In the context of Google AdWords we use the so-called conversion tracking. When you click on an ad placed by Google, a cookie will be set for the conversion tracking. Cookies are small text files that the Internet browser places on the user's computer. These cookies lose their validity after 30 days and are not used to identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user has clicked on the ad and has been redirected to this page. Each Google AdWords customer gets a different cookie. The cookies can not be tracked over websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have chosen für Conversion Tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to identify users. If you do not participate in tracking, you obcan opt out by deactivating the Google Conversion Tracking cookie in your Internet browser. Users are then not included in the conversion tracking statistics. Conversion cookies are stored on the basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in analysing user behaviour in order to optimise both our website and our advertising. You can configurate your browser in a way that you will be informed about the setting of cookies or that your browser only allow cookies in certain cases. You can exclude the acceptance of cookies certain cases or generally and activate the automatic deletion of the cookies when closing the browser. If cookies are disabled, the functionality of this website may be reduced. For more information about Google AdWords and Google Conversion Tracking, please see Google's privacy policy: https://www.google.de/policies/privacy/.
The following list comprises all the rights of the data subject under the GDPR. You should not include any rights in your declaration that do not apply to your specific website. The list should be modified appropriately. If your personal data is processed, you are deemed a 'data subject' within the meaning of the GDPR and have the following rights.
1. Right to information
You may ask the data controller to confirm whether any personal data concerning you is processed by us. If this is the case, you can request the following information from the data controller:
1.1. the purposes for which the personal data is processed;
1.2. the categories of personal data processed;
1.3. the recipient or categories of recipients the respective personal data has been shared with or continues to be shared with;
1.4. the planned storage duration of the respective personal data or, if no specific information is available, the criteria for determining storage duration
1.5. whether you have the right to rectification or erasure with regard to the respective personal data, the right to restriction of processing carried out by the data controller or the right to object to processing;
1.6. whether you have the right to appeal to a supervisory authority;
1.7. all available information regarding the origin of the data, if the personal data has not been collected from the data subject;
1.8.whether an automated individual decision-making process including profiling exists in accordance with article 22, sections 1 and 4 of the GDPR and, in this case, what authoritative information is available on the logic involved, as well as the scope and intended effects of this type of processing on the data subject.
You have the right to request information regarding whether your personal data is shared with another country or state, or to an international organisation. In this regard, you may request information on the appropriate guarantees in accordance with article 46 of the GDPR in relation to transfer of data.
2. Right to rectification
You have the right to obtain from the data controller rectification and/or completion of your data if the processed data concerning you is inaccurate or incomplete. The data controller is required to make the correction without undue delay.
3.Right to restriction of processing
Under the following circumstances, you may request the restriction of processing of any of your personal data:
3.1. if you contest the accuracy of your personal data for a period of time that enables the data controller to verify the accuracy of your personal information;
3.2. if the processing is unlawful and you refuse the erasure of the personal data in favour of restricted use of the personal data;
3.3. the data controller no longer requires the personal data for processing purposes, but you require it for the establishment, exercise, or defence of legal claims;
3.4. You have objected to processing pursuant to article 21, section 1 of the GDPR pending verification of whether the legitimate grounds of the controller override your own.
If the processing of your data is restricted, this data will – with the exception of storage – only be processed with your consent or for the establishment, exercise of defence of legal claims or for the protection of the rights of another natural person or for reasons of important public interest of the Union or of a member state. If you have obtained restriction of processing pursuant to the aforementioned provisions, you will be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Erasure obligation
You may request from the data controller that your personal data be deleted without undue delay. The data controller is under obligation to delete the data without undue delay if any of the following points apply:
a.1. the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
a.2. the data subject withdraws consent on which the processing is based according to article 6, section 1, item a), or article 9, section 2 GDPR, and where there is no other legal ground for the processing;
a.3. the data subject objects to the processing pursuant to article 21, section 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21, section 2 GDPR;
a.4. the personal data has been unlawfully processed;
a.5. the personal data has to be deleted for compliance with a legal obligation in the Union or Member State law to which the controller is subject;
a.6. the personal data has been collected in relation to the offer of information society services referred to in article 8, section 1.
b) Information for third parties
Where the data controller has made the personal data public and is obliged pursuant to article 17, section 1 GDPR to delete the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
c) Exceptions
Right to erasure does not apply to the extent that processing is necessary
c.1. for exercising the right of freedom of expression and information;
c.2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c.3. afor reasons of public interest in the area of public health in accordance with article 9, section 2, items h), and i), and article 9, section 3 of the GDPR.
c.4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89, section 1 of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
c.5. for the establishment, exercise or defence of legal claims.
5. Right to notification
If you have the right to notification, erasure or restriction of processing, the data controller is required to communicate this rectification, erasure or restriction to all recipients to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the data controller about these recipients.
6. Right to data portability
You have the right to receive any personal data you have provided to the data controller in a structured, commonly used, machine-readable format. You also have the right to transmit this data to another data controller without hindrance from the controller to which you have provided your data, if
6.1 the processing is based on consent pursuant to article 6, section 1, item a) of the GDPR or article 9, section 2, item a) of the GDPR or on a contract pursuant to article 6, section 1, item b) of the GDPR; and
6.2. the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others. The right to portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on article 6 section 1 item e) or f) of the GDPR, including profiling based on those provisions. The data controller will no longer process the personal data unless they demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes. In the context of the use of information society services and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to object by automated means using technical specifications.
8. Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. Revocation of consent does not affect the legality of any processing carried out on the basis of consent prior to revocation. In the event of revocation of your consent, we are currently no longer able to make our products available to you for technical reasons.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or affects you in a similarly significant way. This does not apply if the decision
9.1. is necessary for entering into, or performance of, a contract between you and the data controller;
9.2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your own rights and freedoms and legitimate interests or
9.3. is based on your explicit consent
These decisions must be not be based on special categories of personal data referred to in Article 9, section 1 of the GDPR, unless article 9, section 2, item a) or g) of the GDPR apply and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state you are a resident of, your place of work, or place of alleged infringement if you believe that the processing of your personal data violates the provisions of the GDPR. The supervisory authority to which the complaint has been submitted must inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to article 78 of the GDPR.
We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
Last modified: 01st June 2021