DATA PROTECTION INFORMATION ACCORDING TO ART. 12, 13, 14 AND 21 GDPR
Thank you for visiting our website and for your interest in our company. The protection of your personal data is important to us. Below we inform you in accordance with Art. 12, 13 and 21 of the General Data Protection Regulation (GDPR) about the handling of your personal data when using our website https://inprotec.de/ (hereinafter: “website”).
Personal data is individual information about personal or factual circumstances of an identified or identifiable natural person. This includes information such as civil name, address, telephone number and date of birth.
A. RESPONSIBLE ENTITY
inprotec GmbH
innovative production technologies
Neuer Weg 1
D-79423 Heitersheim
Phone: +49 (0) 7634 / 50 99-0
E-mail: info@inprotec.de
B. DATA PROTECTION OFFICER
Sebastian Wendler
inprotec GmbH
innovative production technologies
Neuer Weg 1
D-79423 Heitersheim
Phone: +49 (0) 7634 / 50 99-114
E-mail: sebastian.wendler@inprotec.de
C. DESCRIPTION OF THE PROCESSING OF THE DATA
I. INFORMATIONAL USE OF THE WEBSITE
You can visit our website without providing any personal data. If you only use our website for information purposes or otherwise provide us with information about yourself, we do not process any personal data, with the exception of the data that your browser transmits in order to enable you to visit the website.
1. TECHNICAL PROVISION OF THE WEBSITE
a) LOG FILES/PROVISION OF THE WEBSITE
For the purpose of the technical provision of the website, it is necessary for us to process certain automatically transmitted information from you so that your browser can display our website and you can use the website. This information is automatically collected each time you visit our website and stored in our server log files. This information relates to the computer system of the accessing computer. The following information will be collected:
• IP address;
• Browser type/version (e.g.: Firefox 59.0.2 (64 bit));
• Browser language (e.g.: German);
• Operating system used (e.g.: Windows 10);
• Internal resolution of the browser window;
• Screen resolution;
• Javascript activation;
• Java on / off;
• Cookies on / off;
• Color depth;
• Referrer;
• Time of access.
We process your personal data for the technical provision of our website on the basis of the following legal bases:
• in order to make our website technically available in accordance with Section 25 para. 2 no. 2 of the Telecommunications Telemedia Data Protection Act (TTDSG), as it is absolutely necessary to process the above-mentioned data so that we can ensure the use of our website as expressly requested by you (i.e. both with or without cookies);
• in order to fulfil a contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR, insofar as you visit our website to obtain information about us; and
• in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in order to be able to technically and securely deliver the website to you. Our legitimate interest is to be able to provide you with an appealing, technically functioning and user-friendly website and to take measures to protect our website from cyber risks and to prevent our website from posing cyber risks to third parties.
b) CONSENT MANAGEMENT
We use a Consent Manager on our website to obtain your consent to certain data processing requiring consent (e.g. analysis, tracking, etc.). By using the Consent Manager, we can inform you about the individual cookies and tools we use. You can use the Consent Manager to choose which cookies and tools you want to categorically allow or reject. In our cookie policy, we also provide an overview of the cookies used and the option to change or revoke your consent. This allows you to make an informed decision about the transfer of your data and allows us to use cookies and tools in a data protection-compliant, transparent and documented manner.
The Consent Manager processes your personal data in order to record your decision on the approval of cookies and other tools and to store them for your next visit to our website.
We process your personal data for the technical provision of our website on the basis of the following legal bases:
• in order to technically provide our consent management in accordance with Section 25 para. 2 no. 2 TTDSG, as it is essential to process the above-mentioned data to enable us to make it possible to use our website as expressly requested by you (i.e. also without or with cookies);
• for the use of cookie management to fulfil a legal obligation to which we as the controller are subject pursuant to Art. 6 para. 1 lit. c GDPR. The legal obligation lies in informing you about the cookies we use and obtaining and documenting your consent to data processing; and
• in order to safeguard our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in order to be able to provide you with technical cookie management. Our legitimate interest is to be able to provide you with an appealing, technically functioning and user-friendly cookie management system, as well as to take measures to protect cookie management against cyber risks and to prevent cookie management from posing cyber risks to third parties.
c) GOOGLE TAG MANAGER
We use Google Tag Manager on our website. Google Tag Manager is a solution that allows marketers to manage web page tags through an interface. The Google Tag Manager service itself (which implements the tags) is a cookie-less domain and only records your IP for the technically necessary playout of the cookies and similar tools you have selected. Otherwise, no personal data is processed via the Google Tag Manager. The Google Tag Manager service triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
We process your personal data on the following legal basis:
• in order to technically provide the tag management and the cookies you have expressly selected in accordance with Section 25 para. 2 no. 2 TTDSG.
d) LOCAL INTEGRATION OF GOOGLE WEB FONTS
This site uses so-called web fonts provided by Google (Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for the uniform display of fonts. We have integrated the Google fonts locally, i.e. only via our web servers and not via Google’s servers. Therefore, when users access our website, no IP addresses are transmitted to Google, so there is no connection to the Google servers and therefore no data transmission to or storage by Google. If your browser does not support web fonts, a standard font will be used by your computer.
We process your personal data on the following legal framework:
• For the technically necessary, proper provision of the integrated fonts in accordance with Section 25 para. 2 no. 2 TTDSG;
• Our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the uniform and appealing, proper presentation of our online offers.
2. COOKIES
For the purpose of analyzing and tracking the use of our website, we or the service providers working for us use cookies that enable an evaluation of your surfing behavior. This enables us to improve the quality of our website and its content. We learn how the website is used and can thus constantly optimize our offer.
For more information about the cookies and tools we use, their purposes and functions, the data processed in each case, the data recipients, the place of processing or transfer to so-called third countries (outside the EU/EEA), as well as the storage periods, please refer to the Consent Manager or our Cookie Policy.
We process your personal data on the following legal bases:
• with your consent, in accordance with Section 25 para. 1 TTDSG with regard to the initial storage and retrieval of data and
• with your consent in accordance with Art. 6 para. 1 lit. a GDPR for subsequent data processing (e.g. providing functionalities, analysis, tracking, optimization, etc.).
Your consent via consent management includes both consent under the TTDSG and the GDPR. You can withdraw your consent at any time with effect for the future through the Consent Manager (accessible at the bottom of the website) or our Cookie Policy.
a) GOOGLE ANALYTICS
On our website we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, that enable an analysis of your of the website. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. On our website, we use Google Analytics with the extension “_anonymizeIP()”. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. A direct personal reference can thus be excluded. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
b) GOOGLE ADWORDS
We use the online advertising program “Google AdWords/Google Ads” (hereinafter collectively referred to as “Adwords”). Adwords includes analysis and tracking services from Google. When you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer. These cookies generally lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification.
If you visit certain web pages before our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this website. Each Google AdWords customer receives a different cookie. It is therefore not possible for cookies to be tracked via the websites of AdWords customers.
The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Here, customers learn the total number of users who clicked on their ad, were redirected to a page with a conversion tracking tag and [… e.g. bought a product or signed up for a newsletter]. However, they do not receive any information with which users can be personally identified. The remarketing function, on the other hand, is used to retarget users on other web pages or other content who have previously visited our website, for example. Through the remarketing cookie, Google recognizes the user on other web pages as a previous visitor to our website and can thus display advertising optimized for the user.
II. ACTIVE USE OF THE WEBSITE
In addition to the purely informative use of our website, you can also actively use our website, e.g. to contact us. In addition to the processing of your personal data described above for purely informative use, we will then also process other personal data from you that we require to process your order or to process and respond to your inquiry.
1. USER INQUIRIES
In order to be able to process and answer your inquiries to us, e.g. via the contact form or to our e-mail address, we process the personal data you provide in this context. This always includes your name and e-mail address in order to send you a reply, as well as any other information that you send us as part of your message.
We process your personal data to respond to user inquiries on the basis of the following legal bases:
• if your contact is made in the context of a contract to which you are a party or for the implementation of pre-contractual measures, the legal basis is Art. 6 para. 1 lit. b GDPR;
• in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in responding appropriately to customer inquiries and other website visitors.
2. SENDING AN APPLICATION
We process your personal data as part of your application if you provide it to us. The application documents may contain special categories of personal data.
a) PROCESSING OF PERSONAL DATA
As a rule, the applicant data includes the following data: First and last name, your academic degree if applicable, date and place of birth, contact details (address, e-mail address, telephone and/or cell phone number), application documents (in particular letter of motivation, CV, certificates), language skills, skills. We also process the data that you send us when you contact us by e-mail or upload via our website.
We base our decisions in the application process on the personal data provided by you within the framework of the legal requirements. For example, we use your professional qualifications to decide whether to consider you in the shortlisting process or a personal impression in a job interview to decide whether to offer you the position for which you have applied.
We process your personal data on the basis of the following legal bases:
• data processing for the decision on the establishment of an employment relationship, Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 sentence 1 of the Federal Data Protection Act (BDSG).
b) PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA
According to Art. 9 GDPR, special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious (e.g. information on religious affiliation/denomination) or philosophical beliefs or trade union membership, as well as the processing of biometric data for unique identification (e.g. photographs), health data (e.g. information on the degree of severe disability) or data concerning sex life or sexual orientation. If your CV contains special categories of personal data, we do not intentionally collect these. We expressly ask you not to send us such data.
If you voluntarily provide us with special categories of personal data as part of your application documents (e.g. your photo or details of your religious affiliation/denomination), contrary to our express request, we will generally delete this data immediately after becoming aware of it. If we do store this data, we will do so on the basis of your consent in accordance with Art. 88 para. 1 GDPR in conjunction with Section 26 para. 2, 3 sentence 2 BDSG. This also applies if you provide us with further special personal data in the further course of the application process. By voluntarily submitting this data, you consent to the storage of this special personal data as part of the application process.
As a matter of principle, we do not take this special personal data into account when making a selection decision, unless it is necessary to take this special personal data into account due to legal obligations. For example, in some job advertisements, people with disabilities may be given preferential treatment in accordance with the applicable laws. In these cases, the information is always voluntary and is provided with your express consent, which you declare by voluntarily submitting this data.
We process your special personal data on the basis of the following legal bases:
• in accordance with Art. 9 para. 1 GDPR on the basis of your consent in accordance with Art. 88 para. 1 GDPR in conjunction with Section 26 para. 2, 3 sentence 2 BDSG.
3. CONTRACT INQUIRIES, CONCLUSION, EXECUTION AND TERMINATION
If you use the contact options on our website to send inquiries about a contractual or business relationship, to conclude such relationships or to communicate with us about their implementation and termination, we process the personal data you provide in the context of the respective inquiry.
We process your data for the above purposes on the basis of the following legal basis:
• for the performance of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.
4. CUSTOMER SURVEY
You have the opportunity to take part in our customer surveys. We will contact you by e-mail for this purpose. We use the “Crowdsignal” tool from Aut O’Mattic A8C Ireland Ltd (25 Herbert Pl, Dublin, D02 AY86, Ireland; subsidiary of Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA) for the customer surveys. We process data for technical provision (in particular IP address, browser information, referrer) as well as your responses and ratings. This serves to further improve our products and services based on your feedback.
We process your data for the above purposes on the basis of the following legal bases:
• with your consent in accordance with Art. 6 para. 1 lit. a GDPR for further data processing (e.g. provision of functionalities, analyses, tracking, optimization, etc.);
• Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG for the implementation of marketing measures (direct advertising).
III. SOCIAL MEDIA PRESENCES
To present our company and communicate directly with you, we use social media platforms from providers such as Facebook or LinkedIn (“providers”), through which we maintain our presence (e.g. in the context of company and employee profiles) and may also process your data.
1. JOINT RESPONSIBILITY
If data is collected on our presence that both the provider and we process and use for joint purposes (e.g. in the context of analysis or advertising), the provider and we are joint controllers. It is often not possible for us to deactivate this function. You can therefore contact both the respective provider and us with your request, but for platform-related data processing, the provider can usually handle your request better. We currently use the following providers:
• LinkedIn (inclusive LinkedIn Sales Navigator) der LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland;
• Facebook Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland;
• Instagram der Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland;
• TikTok Technology Limited, 10 Earlsfort Terrace, Saint Kevin’s, Dublin, D02 T380, Irland.
Further information on the providers’ data processing can be found in the following links to the providers’ privacy policies and information:
• LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE;
• Facebook and Instagram: https://www.facebook.com/privacy/policy/?entry_point=facebook_page_footer and https://de-de.facebook.com/help/instagram/155833707900388;
• TikTok: https://www.tiktok.com/legal/privacy-policy-eea?lang=de.
2. DATA PROTECTION OFFICERS OF THE PROVIDERS
In addition to our data protection officer, you can also contact the following data protection officers of the respective providers:
• LinkedIn: https://www.linkedin.com/help/linkedin/ask/TSO-DPO;
• Facebook and Instagram: https://www.facebook.com/help/contact/540977946302970;
• TikTok: Submit a request – Data protection (zendesk.com).
3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING
a) INFORMATIONAL USE OF OUR PRESENCE
i) TECHNICAL PROVISION
As a rule, you can visit our presence without providing any personal data (i.e. without a profile on the platform). If you only use our presence for information purposes, i.e. if you do not register or otherwise provide us with information about yourself, we do not process any personal data, with the exception of the data that the provider collects and transmits to us as part of the cookies/tools it uses.
The processing of the data technically required for the operation of the platform is generally based on the following legal bases:
• in order to technically provide the platform in accordance with Section 25 para. 2 No. 2 TTDSG, as it is essential to process the above-mentioned data to enable the use of the platform as expressly requested by you;
• in order to fulfil a contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR; and
• in order to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in order to be able to technically and securely deliver the platform to you. The legitimate interest here is to be able to provide you with an appealing, technically functioning and user-friendly platform and to take measures to protect it, our website / presence from cyber risks and to prevent the platform from posing cyber risks to third parties.
ii) ANALYSIS AND TRACKING
For the purpose of analysing and tracking the use of its social media platform and our presence, the provider uses cookies/tools that enable an evaluation of your surfing behaviour. This allows the quality of the platform and the presence and their content to be improved. We learn how the platform and the presence are used and can thus constantly optimize our offering.
However, we have no influence on the data collected and data processing procedures, nor are we aware of the full extent of the data collection, the exact purposes of the processing or the storage periods. We also have no information on the deletion of the data collected by the platform provider. It may also happen that the information obtained as part of the analysis and tracking of our presence is merged with your other data collected as part of the use of the presence and the platform. If you register or are registered on the platform or are logged in, the provider may link data relating to your platform activities with your personal details (including name/email address) on the basis of your consent, thus collecting personal data and informing you individually and in a targeted manner about your preferred topics, among other things.
The processing of your personal data is generally based on the following legal basis:
• Your consent in accordance with Section 25 para. 1 TTDSG and/or Art. 6 para. 1 lit. a GDPR, which you have given to the provider when registering for the respective social media platform.
b) ACTIVE USE OF THE PRESENCE
In addition to the purely informational use of our presence, you can also actively use our presence to contact us. In addition to the processing of your personal data described above for purely informational use, we will then also process other personal data from you that we need, for example, to process your request.
i) SHARING, PUBLISHING AND INTERACTING WITH POSTS/USERS
You can comment on, share or otherwise interact with (like, recommend, review, etc.) posts, photos, videos, etc. created by us on the provider’s platform and on our presence. We may share your content on our presence and communicate with you via the platform. Public messages etc. may be published by the provider, but will not be used or processed by us for any other purpose at any time.
In the case of reviews or expressions of opinion, we may publish a response (e.g. to clarify a problem, goodwill actions, etc.) to your message and ask you to contact us again. The personal data you voluntarily publish in the review/opinion may be processed in the process.
We also reserve the right to delete content if necessary.
We process your personal data on the following legal basis:
• in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Data processing is carried out in the interests of our public relations work and communication.
ii) USER INQUIRIES
In order to process your inquiries to us, e.g. via direct messages or our e-mail address, to answer them specifically and to provide you with the requested information, we process the personal data you provide in this context. This includes your contact details in order to send you an answer or to make any necessary queries, as well as any other information that you send us in this context.
If you send us an inquiry throught the platform, we may also refer you to other, secure communication channels that guarantee confidentiality, depending on the required response. You always have the option of sending us confidential inquiries to the address given in our legal notice or in this privacy policy. We may contact you electronically, by telephone or by post, depending on the subject of the inquiry, the necessity and our possibilities.
We process your personal data to respond to user inquiries, requests for materials, etc. on the basis of the following legal grounds:
• in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR; our legitimate interest lies in the proper response to or execution of user inquiries;
• if the request concerns our contractual relationship or its initiation, the additional legal basis is Art. 6 para. 1 lit. b GDPR.
IV. COMPLIANCE WITH LEGAL REGULATIONS
We also process your personal data in order to comply with other legal obligations or obligations imposed on us by authorities in connection with the processing of your visit to our website and our business relationship. These include, in particular, retention periods under commercial, trade or tax law as well as legal and criminal prosecution.
We process your personal data on the following legal bases:
• in order to fulfil a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. c GDPR in connection with commercial, trade or tax law, insofar as we are obliged to record and store your data and in connection with other relevant regulations or official orders (e.g. in criminal law).
V. LEGAL ENFORCEMENT
We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to defend against or prosecute criminal offenses.
We process your data for the above purposes on the basis of the following legal bases:
• to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offenses.
VI. COMPANY SALE/MERGERS, ETC.
We may process your personal data in order to complete a (partial) sale of business or merger (or similar transaction such as a takeover in the context of liquidation, insolvency, dissolution, etc.) with another company. In the event that another company acquires or intends to acquire the assets from us, which may include your personal data, or we carry out or seek to carry out a merger with another company, we may have to grant this company access to your personal data stored by us or transfer it for the purpose of examining and carrying out the company sale/merger (e.g. to determine the value of the company or business risks, to transfer the data/assets, etc.).
We process your personal data on the following legal basis:
• in order to safeguard our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in order to be able to organize and carry out a planned company sale or merger.
D. LINKS
Some sections of our website contain links to third-party websites. These websites are subject to their own data protection principles. We are not responsible for their operation, including data handling. If you send information to or via such third-party websites, you should check the data protection declarations of these websites before you send them information that can be assigned to you personally.
E. CATEGORIES OF RECIPIENTS
Initially, only our employees receive knowledge of your personal data. In addition, to the extent permitted or required by law, we share your personal data with other recipients who provide services to us in connection with our website and our business activities. We limit the disclosure of your personal data to what is necessary, in particular to process your request or order. In some cases, our service providers receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently with your data that we transmit to them.
The categories of recipients of your personal data are listed below:
• IT service providers in the administration and hosting of our website,
• Agencies regarding the website, marketing campaigns, etc.,
• Service providers who support us, for example, in asserting our rights,
• public bodies and institutions insofar as we are legally obliged to do so.
F. TRANSFER TO THIRD COUNTRIES
Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary in the context of processing our contractual relationships or is required by law (e.g. reporting obligations under tax law), if you have given us your consent, or in the context of order processing. If service providers are used in a third country and there is no so-called “adequacy decision” of the EU Commission for this country, these service providers are obliged to comply with the level of data protection in Europe in addition to written instructions by agreeing the EU standard contractual clauses. For further information, please contact our data protection officer.
G. DURATION OF STORAGE
I. INFORMATIONAL USE OF THE WEBSITE
When you use our website purely for information purposes, we store your personal data on our servers exclusively for the duration of your visit to our website. After you have left our website, your personal data will be deleted immediately. Cookies installed by us are usually also deleted after you leave our website. You also have the option of deleting installed cookies yourself at any time. Some cookies have a longer storage period (Google, for example, between one and two years); you can find more information on this in our cookie policy.
II. ACTIVE USE OF THE WEBSITE
When you actively use our website, we initially store your personal data for the duration of the response to your inquiry or for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
In addition, we then store your personal data until any legal claims arising from the relationship with you become time-barred in order to use it as evidence if necessary. The limitation period is usually between one and three years, but can also be up to 30 years.
We delete your personal data when the limitation period expires, unless there is a statutory retention obligation, for example under the German Commercial Code (Sections 238, 257 para. 4 HGB) or the German Fiscal Code (Section 147 para. 3, 4 AO). These retention obligations can last from two to ten years.
III. APPLICATIONS
We initially store your personal data for the duration of the application process.
If we do not fill the vacancy with you, we will delete your data six (6) months after rejection, unless you have consented to further storage.
Longer storage periods may also result from the fact that the data is necessary for the assertion, exercise or defense of legal claims or statutory retention obligations exist. The data will be stored for as long as is necessary to fulfil these purposes.
H. YOUR RIGHTS AS A DATA SUBJECT
You are entitled to the following rights as a data subject under the legal requirements, which you can assert against us:
• Right of access: You are entitled to request confirmation from us at any time under Art. 15 GDPR as to whether we are processing personal data concerning you; if this is the case, you are also entitled under Art. 15 GDPR to receive information about this personal data and certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of transfer to a third country, the appropriate guarantees) and a copy of your data.
• Right to rectification: In accordance with Art. 16 GDPR, you are entitled to demand that we rectify the personal data stored about you if they are inaccurate or incorrect.
• Right to erasure: You are entitled, under the conditions of Art. 17 GDPR, to demand that we erase personal data concerning you without undue delay. The right to erasure does not exist, among other things, if the processing of personal data is necessary for (i) the exercise of the right to freedom of expression and information, (ii) for compliance with a legal obligation to which we are subject (e.g. statutory retention obligations) or (iii) for the assertion, exercise or defence of legal claims.
• Right to restriction of processing: You are entitled to request that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.
• Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to demand that we provide you with the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.
• Right of withdrawal: In accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
• Right to object: You are entitled to object to the processing of your personal data under the conditions of Art. 21 GDPR, so that we must stop processing your personal data. The right to object exists only within the limits provided for in Art. 21 GDPR. In addition, our interests may conflict with the termination of processing, so that we are entitled to process your personal data despite your objection.
• Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR, subject to the requirements of Art. 77 GDPR. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.
The supervisory authority responsible for us is
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
P.O. Box 10 29 32, D-70025 Stuttgart
Königstraße 10a, D-70173 Stuttgart
Phone: + 49 (0) 711/61 55 41 – 0
Fax: +49 (0) 711/61 55 41 – 15
E-mail: poststelle@lfdi.bwl.de
Internet: https://www.baden-wuerttemberg.datenschutz.de
However, we recommend that you always address a complaint to our data protection officer first.
If possible, your requests to exercise your rights should be addressed in writing to the address given above under point A or directly to our data protection officer.
I. SCOPE OF YOUR OBLIGATIONS TO PROVIDE DATA
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to make our website available to you or answer your inquiries to us, for example. Personal data that we absolutely need for the above-mentioned processing purposes is marked with an “*.” or another symbol as mandatory information.
J. AUTOMATED DECISION-MAKING / PROFILING
We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).
K. INFORMATION ABOUT YOUR RIGHT TO OBJECT ART. 21 GDPR
You have the right to object at any time to the processing of your data on the basis of Art. 6 para. 1 lit. f GDPR (data processing on the basis of a balancing of interests) or Art. 6 para. 1 lit. e GDPR (data processing in the public interest) if there are reasons for this arising from your particular situation.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
The objection can be made informally and should be addressed to the address given above under point A. or to our data protection officer.
L. CHANGES
We amend this data protection information from time to time, e.g. in the event of changes to data processing or legal requirements. Please therefore check this data protection information regularly to see the latest version.
Last updated in April 2023
