Privacy Notice of Big Pictury

General information regarding the handling of your data

The following notes provide you with information on the type, scope and purposes of the collection, use and processing of personal data on our website:

www.big-pictury.com/

1. Responsible Office – contact

1.1. Responsible body within the meaning of the Data Protection Act

The responsible body within the meaning of Article 4 (7) of the EU General Data Protection Regulation (GDPR) is:

Big Pictury GmbH

c/o Dialogbild GmbH

An der Alster 47

20099 Hamburg

Contact person: Tom Becker, Wolf Wienecke

Tel.:  040 30 70 261-0

E-Mail:   contact@big-pictury.com    

1.2. Contact

a) If you have any questions regarding data protection, or if you wish to exercise any rights or claims regarding your personal data, you can contact us using the contact details given above (under section 1.1.).

b) In our contact form, you must provide mandatory information (e.g. your e-mail address, your name) in order to answer your request. We need this information in order to process your inquiry and to be able to contact you. You can fill in the other fields voluntarily.

c) When you contact us (e.g. by telephone, e-mail), your details will be stored in accordance with Art. 6 para. 1 lit. b) GDPR for the purpose of processing your enquiry and in the event that follow-up questions arise. We delete the data arising in this connection after storage is no longer required or restrict processing if there are legal obligations to retain data (see section 14).

2. Data processed by us

2.1. Legal grounds

a) Personal data may be processed during each visit to our website. Your personal data will only be processed if this is legally permitted (legal basis). This is the case in accordance with Art. 6 para. 1 GDPR, if

– you have given us your consent, or

– the processing is necessary for the performance of our contract with you, or

– pre-contractual measures are required in the event of a request by you, or

– the processing is necessary in order to protect your vital interests, or

– to protect that of another natural person, or

– the processing is necessary for the protection of our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, outweigh the processing (balancing of interests)

b) The personal data collected from you will be deleted as soon as the purpose of the collection no longer applies (see section 14).

2.2. What are personal data?

a) The meaning of “personal data” can be derived from Article 4 of the General Data Protection Regulation (GDPR). According to this, personal data is information that can be assigned to your person using proportionate means. Personal data are divided into four groups. These include inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the websites visited by our online offer, interest in our products) and content data (e.g. entries in the contact form). Information that cannot be attributed to a specific or determinable person, or only with a disproportionately large expenditure of time, cost and labour, are called anonymous data and are therefore not personalized.

b) In addition, when visiting our website, certain data is also processed for technical reasons. These are mainly technical information such as the IP address that your Internet access provider assigns to your computer when you connect to the Internet, or information about the Internet page from which you accessed our website or about the type and version of the Internet browser you are using. However, this also includes login data, your operating system, download errors, the length of visits to certain pages, and all telephone numbers from which you call our customer service number. This technical information may be personal data in individual cases. That technical information will only be used by us if this is necessary for technical reasons concerning the operation and protection of our website against attacks and misuse in accordance with Art. 6 para. 1 (f) GDPR.

2.3. What does “processing” mean?

“Processing”, as defined by Article 4 of the GDPR, includes all operations that are part of the handling of data. The term “processing” covers not only the collection or registration of data, but also its organisation, classification, storage, adaptation or modification. However, the term also covers other actions, such as actual use, or transmission or distribution. Ultimately, however, this also includes the restriction, deletion or destruction of data.

3. Data Security

The security of your personal data has a very high priority for us. Therefore, we protect your stored data by technical and organisational measures. This ensures compliance with data protection laws and effectively prevents loss or abuse by third parties. In particular, our employees who process personal data are obliged to maintain data secrecy and must comply with it.

4. SSL-encryption

Our website uses secure SSL encryption when transmitting personal data or personal content of our users. Please make sure that SSL encryption is activated for corresponding activities from your side. You can recognise an encrypted connection by your browser’s address bar changing from “http://” to “https://”. Data encrypted via SSL cannot be read by third parties. Therefore, please transmit your confidential information only if SSL encryption is activated and contact us if in doubt.

5. Collection of personal data when visiting our website

a) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security [legal basis is Art. 6 para. 1 (f) GDPR]:

– the IP address of the requesting device (i.e. your computer or smartphone)

– Date and time of access to our website,

– Search words you used to find our site,

– Time zone difference to Greenwich Mean Time (GMT),

– Content of the request ( specific page),

– Access status/ http status code,

– the amount of data transmitted,

– the website from which access is made (referrer URL),

– Operating system and its interface,

– as well as the browser used and, if applicable, the operating system of your computer and the name of your access provider.  

b) For security reasons (e.g. for the investigation of potential cases of abuse or fraud), the above-mentioned data will be stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes are excluded from deletion until the respective incident has been conclusively clarified.

c) In addition to the data mentioned above, cookies are stored on your computer when you use our website. You will find more detailed information on cookies under section 10.

d) The data are collected by us on the basis of our legitimate interests as defined in Art. 6 para. 1 (f) GDPR. We do not use the collected data for the purpose of drawing conclusions about your person. The purposes pursued by us include in particular:

– ensuring a smooth connection to the website,

– ensuring a comfortable use of our website,

– the investigation of cases of abuse or fraud,

– the evaluation of system safety and stability, and

– other administrative purposes.

6. Transfer of data to third parties and third party providers

a) Data will only be passed on to third parties within the scope of the legal requirements. We therefore only pass on user data to third parties if:

– you have given your explicit consent in accordance with Art. 6 para. 1 (a) GDPR,

– the passing on is necessary in accordance with Art. 6 para. 1 (f) GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have a serious, great interest in your data not being passed on,

– if there is a legal obligation to pass on the data in accordance with Art. 6 para. 1 © GDPR, and

– this is legally permitted and is required under Art. 6 para.1 (b) GDPR for the handling of contractual relationships with you.

b) When passing on your personal data, we always ensure the highest possible level of security. For this reason, your data will only be passed on to service providers and partner companies that have been carefully selected and contractually obliged to ensure that personal data is protected in accordance with the relevant legal regulations.

c) We would like to point out to you that in addition to this data protection declaration, the data protection guidelines and declarations of the locally responsible partners and their authorised institutions may also apply.

7.  Registration function

b) If we offer a registration function, you can create a user account with us. As part of the registration process, you will be provided with the required mandatory information. These are marked with an asterisk “*”. Voluntary information is not marked with an asterisk “*”.

b) Your user account is not public and cannot be indexed by search engines. If you have cancelled your user account, your user account data will be deleted. Something else only applies if the storage is necessary for reasons of commercial or tax law according to Art. 6 Para. 1 lit. c DSGVO (See Clause 16).

c) Within the scope of registration and repeated logins as well as the use of our online services, we will save your IP address and the time of your respective use. The storage is based on our legitimate interests, in particular to protect against abuse and other unauthorized use (Art. 6 para. 1 p. 1 lit. f GDPR). In principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c GDPR.

8. Conclusion of contracts / orders

In accordance with Art. 6 Para. 1 lit. b DSGVO, personal data will also be collected and processed if you provide us with this data for the purpose of carrying out a user relationship, contract or in the context of initiating a contractual or user relationship. The data that is collected can be seen from the respective input forms or is communicated within the scope of the enquiry. We store and use the data you provide for the purpose of processing the contract. After the contract or usage relationship has been fully processed, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to legally permitted further use of data, about which we inform you accordingly below.

9. Newsletter

a) We send newsletters, e-mails and other electronic notifications containing promotional information (hereinafter referred to as “newsletters”) only with your consent or with a legal permission. If, in the process of registering for the newsletter, its contents are described specifically , these contents are decisive for the user’s consent. Our newsletters also contain information about our products, offers, promotions and our company.

b) For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP address as well as the time of registration and confirmation. The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify any possible misuse of your personal data. We are interested in the use of a user-friendly and secure newsletter that serves our business interests and meets the expectations of the users. The legal basis is. Art. 6 para. 1 lit. f DS-GVO.

c) Your e-mail address is the only mandatory information for the newsletter. The supply of further, separately marked data is voluntary and will be used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a DS-GVO.

d) If you have subscribed to the newsletter and cancelled this subscription, your personal data will be deleted.

e) You can revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail or by sending an e-mail to dialog@dialogbild.de

f) The newsletter is sent using the dispatch service provider “MailChimp”, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the mailing service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp has submitted to the EU-US Privacy Shield and thereby offers a guarantee of compliance with European data protection law https://www.privacyshield.gov/EU-US-Framework.

g) Our newsletters also contain a so-called “web beacon”. These are pixel-sized files that are retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information (e.g. information on the browser and your system, IP address, time of retrieval) is initially collected. This information is used to identify the reading habits of users and to adapt our content to them or to send different content according to the interests of our users. As part of the statistical surveys, information such as time and date when the newsletter was opened and which links were clicked is recorded.

10. Where is your personal data stored?

a) The personal data we collect is generally stored within the European Union (“EU”). However, it may happen in exceptional cases that personal data is transferred to non-European countries. In these so-called “third countries” the GDPR is not a directly applicable law. In such countries, the data protection law may be less strict.

b) Such transfer of data to countries outside the European Economic Area may occur, for example, when processing a request for services or providing support services by electronic means.

c) However, in the event of such a transfer of data to a third country, we will ensure that it takes place in accordance with this Privacy Policy. In addition, we will ensure that the recipient in the third country ensures an adequate level of data protection for you and other parties concerned or that a legal permission exists. This is done, for example, by concluding a contract with the recipient in the third country on the basis of the so-called standard contractual clauses of the European Commission. These standard contractual clauses guarantee a similar level of data protection as the one provided by the European Data Protection Regulation.

11. Cookies

a) We use so-called “cookies” to recognise multiple use of our offer by the same user or Internet connection holder. Cookies are small text files that are stored by the web browser on the user’s terminal device to store certain information.

b) If the user consents to the use of cookies, the legality of the data processing is governed by Art. 6 para. 1 (a) GDPR. If consent is not requested, our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of this website and services) within the meaning of Art. 6 para. 1 (f) GDPR constitutes the legal basis for the use of cookies.

c) The cookies used by the website are divided into the following categories according to their purpose and function: Necessary cookies; functional cookies; performance cookies; marketing / third party cookies; cooking requiring consent.

Necessary cookies ensure that this website and the service functions properly. Functional cookies enable this website to store information such as the user name or language selection and to offer the user improved and personalised functions based on this information. These cookies collect and store only anonymous information. Performance cookies collect information on how our website is used in order to improve its attractiveness, content and functionality. Marketing / third party / consent cookies originate from external advertising companies and are used to collect information about the websites last visited by the user.

d) Necessary cookies cannot be deactivated or activated individually. The user has the possibility to adjust his cookie settings at any time or to deactivate cookies generally in his browser. The user can object to the use of functional cookies, performance cookies or marketing cookies at any time by adjusting his cookie settings accordingly. However, the exclusion of cookies may lead to functional restrictions of this online service. Information on how to deactivate cookies in the most common browsers can be found under the following links:

12. External payment providers

a) Within the scope of fulfilling contracts (Art. 6 para. 1 lit. b. GDPR) we use external payment service providers through whose platforms the users and we can carry out payment transactions. Furthermore, the external payment service providers are selected on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR in order to offer our users effective and secure payment options.

b) The data processed by the payment service providers include basic data, such as name and address, bank data, such as account or credit card numbers, passwords, TANs and checksums, as well as contract sums and recipient related data. These details are required to complete the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the payment service providers may transfer the data to credit agencies. The purpose of this transmission is to check the buyers identity and credit rating.

c) In addition, the data protection notices of the respective payment service providers apply to the processing:

13. Integration of third party content

13.1. Google Analytics

a) For the purpose of a demand-oriented design and continuous optimisation, we use Google Analytics, a web analysis service of Google Inc. (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

b) The use of Google Analytics is based on our legitimate interests within the meaning of Art. 6 para. 1 (f) GDPR. We use Google Analytics to analyse and thus regularly improve the use of our website. We can use the statistics obtained to optimise our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has committed itself to the EU-US Privacy Shield and thus offers a guarantee of compliance with European data protection law https://www.privacyshield.gov/EU-US-Framework.

c) We also use Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.

d) We use Google Analytics with the addition “_anonymizeIp()”. This allows IP addresses to be processed in a shortened form, thus excluding the possibility of identifying a person. If the data collected about you contains a personal reference, it will immediately be excluded. The personal data will therefore be deleted immediately.

e) We use the “demographic characteristics” function of Google Analytics. This allows us to create reports that contain statements about the age, gender and interests of the site visitors. This data comes from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.

f) Google Analytics uses so-called “cookies”, text files which are stored on your computer and allow an analysis of your use of the website (see section 10). The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other states which are party to the Agreement of the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating the use of the website by users, compiling reports on website activity and providing other services to the website operator relating to website activity and internet usage.

g) The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

h) You may refuse the use of cookies by selecting the appropriate settings on your browser; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as Google from processing this data by downloading and installing the browser plug-in available under the following link. The current link is: https://tools.google.com/dlpage/gaoptout?hl=en.

i) You can find further information on the use of data for advertising purposes by Google, as well as setting and objection options, on their websites:

– Use of data by Google https://marketingplatform.google.com/about/analytics/terms/us/

– Use of data for advertising purposes http://www.google.com/policies/technologies/ads

– About data protection https://marketingplatform.google.com/about/analytics/terms/us/

– To the privacy policy http://www.google.de/intl/de/policies/privacy

13.2. Leadfeeder

a) Together with the use of Google Analytics, we use the service Leadfeeder, which is operated by Liidio Oy, Mikonkatu 17, 0100 Helsinki, Finland.

b) Leadfeeder is used on the basis of our legitimate interests within the meaning of Art. 6 (1) lit. f. DSGVO. We use the service to be able to analyse and regularly improve the use of our website.

c) Leadfeeder accesses the list of IP addresses of website visitors provided by Google Analytics in the evaluation and links the list of IP addresses with information about the companies that can be found on the internet under these IP addresses. A direct personal reference is not established during this process.

d) For more information on Leadfeeder’s use of data, please see the service’s privacy policy at https://www.leadfeeder.com/privacy. Further information about Leadfeeder and the service’s compliance with the GDPR can be found at https://www.leadfeeder.com/leadfeeder-and-gdpr/. You can also prevent Leadfeeder from storing a user profile or data about your use of our site by means of an “opt-out”. The option and information on this can be found at: https://yourdata.leadfeeder.com/

13.3. Facebook-Pixel, Custom Audiences and Facebook-Conversion

a) For the purpose of demand-oriented content design and ongoing optimisation and economic operation, we use the service “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

b) The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO. We use the service to display ads on our website and to receive remuneration for this. For these purposes, user data, such as the click on an advertisement and the IP address of the users are processed, whereby the IP address is shortened by the last two digits. Therefore, the processing of the users’ data is pseudonymised. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield and thereby offers a guarantee of compliance with European data protection law https://www.privacyshield.gov/EU-US-Framework

c) We use Facebook Pixel to display the Facebook or Instagram Ads placed by us only to users who have shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook or Instagram ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

d) For further information on data processing by Facebook and the display of Facebook ads, please refer to Facebook’s data usage policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616

e) You can object to the collection by the Facebook pixel and the use of your data for the display of Facebook ads. You can also determine yourself which types of advertisements should be displayed to you within Facebook using the following link: https://www.facebook.com/settings?tab=ads

13.4. LinkedIn Analytics and LinkedIn Ads

a) We use the conversion tracking technology and the retargeting function of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2 on our website.

b) The use of LinkedIn Analytics and LinkedIn Ads is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO. We use LinkedIn Analytics and LinkedIn Ads to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.

c) LinkedIn Analytics and LinkedIn Ads can be used to display personalised ads on LinkedIn to website visitors. In addition, anonymous reports on the performance of the advertisements and information on website interaction can be created. LinkedIn Ads uses cookies for this purpose (see section 11). You can also prevent the collection of the aforementioned information by LinkedIn by setting an opt-out cookie on one of the websites linked below: https://www.linkedin.com/psettings/guest-controls

d) In the privacy policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy you will find further information on data collection and data use as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate the data collection at any time using the following link: https://www.linkedin.com/psettings/enhanced-advertising

13.5. Google Maps

a) On our website we use the services of Google Maps, a web service of Google Inc. (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

b) The use of Google Maps is based on our legitimate interests within the meaning of Art. 6 para. 1 (f) GDPR. We use Google Maps to display interactive maps directly on the website and provide you with the convenient use of the map function. This enables us to make our offer more interesting for you as a user.

c) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under section 5 will be transmitted. This will occur regardless of whether Google provides a user account which you are logged in to or whether no user account exists. If you are logged in to your Google account, your data will be directly associated with your account. If you do not want your profile to be associated with your profile on Google, you must log out before activating the button.

Google stores your data in user profiles and uses them for the purposes of advertising, market research and/or the demand-oriented design of its website. Such an analysis is carried out in particular (even for users who are not logged in) to offer demand-oriented and tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You must contact Google to exercise this right.

d) Further information on the purpose and scope of data collection and processing done by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

13.6. Integration of YouTube

a) Components (videos) of the company YouTube are used on our website. The legal basis for the use of YouTube is Art. 6 para. 1 (f) GDPR. We use it in order to make our website more appealing to the respective user and thereby make it better known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the GDPR.

(b) YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, is a company belonging to Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA.

c) The YouTube videos on our website are all embedded in “enhanced privacy mode”, which means that no data about you as a user is transferred to YouTube if you do not watch the videos. Only when you do start playing the videos, the following data will be transmitted. We have no influence on this data transmission.

d) By visiting the website, YouTube is informed that you have visited the relevant subpage of our website. In addition, the data referred to under section 5 will be transmitted. This occurs regardless of whether YouTube provides a user account which you are logged into or whether no user account exists.

e) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under section 5 will be transmitted. This will occur regardless of whether YouTube provides a user account which you are logged in to or whether no user account exists. If you are logged in to your Google account, your data will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button.

YouTube stores your data in user profiles and uses them for the purposes of advertising, market research and/or the demand-oriented design of its website. Such an analysis is carried out in particular (even for users who are not logged in) to offer demand-oriented and tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You must contact YouTube to exercise this right.

f) For more information on the purpose and scope of data collection and processing by YouTube, please see their privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

14. Your rights regarding your data

You have the following rights regarding the processed data:

– in accordance with art. 15 of the GDPR, you can request information about your personal data processed by us. In particular, you may request information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be transmitted, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details of the data;

– in accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or incomplete personal data stored by us;

– in accordance with Art. 17 GDPR, you can request the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or if the data is necessary for the assertion, exercise or defence of legal claims

– in accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR

– in accordance with Art. 20 GDPR, you have the right to data transmission, i.e. to receive your personal data that you have provided us with in a structured, common and machine-readable format or may request the transfer to another responsible party, provided that the processing is based on your consent or on a contract with us and that the processing was carried out by using automated procedures. However, in the case of a transfer of data to another party, you can only request the transfer if it is technically feasible;

– In accordance with Art. 7 Para. 3 GDPR, you can withdraw your consent to us at any time. As a result, we may no longer continue to process the data that was based on this consent in the future; and

– Under Art. 77 GDPR, you have the right to file a complaint to a supervisory authority. To do so, you may contact the supervisory authority at your usual place of residence or work or at our head office.

In order to exercise your rights to correct or delete personal data, to request information, to revoke a consent or to object, only a simple message to us is required. There are no costs for you to exercise your rights. You can contact us using the contact information provided in section 1.1. of this data protection declaration.

15.  Right of objection

a) If you have given your consent to the processing of your data, you can withdraw this consent at any time. After you have expressed it to us, such a withdrawal will affect the permissibility of the processing of your personal data.

b) If we base the processing of your personal data on the balancing of interests, you may object to the processing. If you do so, please explain the reasons why we should not process your personal data as we have done. If your objection is well-founded, we will examine the situation and either stop or adapt the data processing or outline our compelling reasons for continuing the processing. We will inform you of such compelling reasons. You have the right to file a complaint at any time to a supervisory authority (e.g. the supervisory authority at your place of residence or at the registered office of our company).

c) You can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us about your objection to advertising by using the contact details given in section 1.1.

d) If you wish to make use of your right of withdrawal or objection, it is sufficient to send an e-mail to the person named in section 1.1.

16.  Deletion and retention periods of your data

a) The data stored with us will be deleted as soon as they are no longer required for the intended purpose. For details, please refer to the sections of this notice which explain the nature and purpose of the processing of personal data in question.

b) Data which we are required to be stored by law, statutes or contractual obligations (e.g. for tax reasons) will be blocked instead of deleted to prevent use for other purposes. This includes storage for 6 years in accordance with § 257 (1) German HGB (for trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) or storage for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

17.  Updates to our Privacy Notice

a) This Privacy Notice is currently valid and was updated in 11/2021.

b) Due to changes in the law or adjustments in data processing, it may be necessary to update this data protection declaration. We therefore recommend that you check this page regularly for changes. If the change affects your consent or the provisions of the contractual relationship, these will only be made with your consent. You will be contacted separately by us for this purpose.