Privacy declaration according to the GDPR

This data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our website.

I. Name and address of the person responsible

The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

pattydoo GmbH
Dernburgstr. 59
14057 Berlin

Managing Directors: Ina Fischer and Christian Jaehnel
Register: Charlottenburg Local Court, HRB 164410 B

Phone: 030 54 88 40 53
E-mail: service@pattydoo.de

II. General information on data processing

1. Scope of the processing of personal data

We only process personal data of our users if this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users takes place regularly only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.

We process inventory data (e.g., name, address and e-mail address) as well as contract data (e.g., services used, payment information) of our customers, interested parties and business partners for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 Para. 1 letter b. DSGVO and for marketing, advertising and market research purposes pursuant to Art. 6 para. 1 lit. f. DSGVO. The entries marked as mandatory in online forms are required for the conclusion of the contract. 

2. Legal basis for the processing of personal data

As we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Ordinance (GDPR) serves as the legal basis. In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. As the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, article 6(1) (d) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

3. Data erasure and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

4. Cooperation with contract processors and third parties, hosting 

If we transfer data to other persons and companies (contractors or third parties) within the scope of our processing or otherwise grant them access to the data, this is only on the basis of a legal permission, you have consented, a legal obligation this provides, the processing of contractual relationships with you or we have a legitimate interest in the data transmission (e.g. when using agents, web hosters, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of art. 28 GDPR.

The hosting services used by us serve the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services which we use for the purpose of operating this online service. Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 lit. f DSGVO in connection with Art. 28 DSGVO (conclusion of an order processing contract).*

5. Data security

We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

6. Company profiles in social media

We operate company profiles within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users who communicate with us within social networks and platforms, e.g. write articles on our websites or send us messages.

III. Provision of the website and creation of log files

When you visit our website https://www.pattydoo.de, the browser used on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:

  • Information about the browser type and version used
  • The user's operating system
  • The user's Internet service provider
  • The IP address of the user
  • Date and time of access
  • Websites from which the user's system reaches our website
  • Websites accessed by the user's system through our website
  • Protocol (GET or POST)
  • Status code (200 or 500)

The mentioned data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensure comfortable use of our website,
  • evaluation of system security and stability as well as
  • for other administrative purposes.

The legal basis for data processing is art. 6 Par. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the collected data for the purpose of attracting conclusions to your person. In addition, we use cookies and analysis services when you visit our website. You will find more detailed explanations under points V and VIII of this data protection declaration.

VI. User Account

Users can optionally create a user account. As part of the registration process, users will be provided with the required mandatory information. The data entered during registration is used for the purposes of using our web shop. Users can be informed by e-mail about information relevant to the offer or registration, such as changes to the scope of the offer or technical circumstances. If users have cancelled their user account, their data will be deleted with regard to the user account, subject to their retention is necessary for commercial or tax law reasons in accordance with Art. 6 para. 1 lit. c GDPR. It is the responsibility of users to back up their data before the end of the contract in the event of cancellation. We are authorised to irretrievably delete all user data stored during the term of the contract.

As part of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. This data is stored on the basis of our legitimate interests as well as those of the user in protection against misuse and other unauthorised use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR. The IP addresses are anonymised or deleted after 7 days at the latest.

IV. Payment Services

We use the PayPal Check-Out payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The purpose of data processing is to be able to offer you payment via the PayPal payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, the data required for payment processing will be transmitted to PayPal in order to fulfil the contract with you with the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

To integrate PayPal Checkout, it is necessary for PayPal to collect, store and analyse data (e.g. IP address, device type, operating system, browser type, location of your device) when you access the Pattydoo website. Cookies can also be used for this purpose. The cookies enable your browser to be recognised. Your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in a customer-oriented offer of various payment methods. You can object to the use of cookies at any time. 

Credit card via PayPal, direct debit via PayPal 

For individual payment methods such as credit card via PayPal or direct debit via PayPal, PayPal reserves the right to obtain credit information on the basis of mathematical-statistical procedures using credit agencies. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values), which are calculated on the basis of scientifically recognised mathematical-statistical procedures and whose calculation includes address data, among other things. Your legitimate interests are taken into account in accordance with the statutory provisions. You can also object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be authorised to process your personal data if this is necessary for contractual payment processing.

If you use the payment method of a local third-party provider, your payment data will first be forwarded to PayPal to prepare the payment in accordance with Art. 6 para. 1 lit. b GDPR. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the corresponding provider to process the payment in accordance with Art. 6 para. 1 lit. b GDPR. Local third-party providers can be, for example

- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany).

You can find more information on data processing when using PayPal in the corresponding privacy policy at https://www.paypal.com/us/webapps/mpp/ua/privacy-full

V. Use of Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

On the one hand, the use of cookies serves to make the use of our website more convenient for you. For example, we use session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it is automatically recognised that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you (see Section VIII). These cookies enable us to automatically recognise that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time.

Insofar as these cookies are technically necessary, our legitimate interest in data processing lies in the aforementioned purposes. The legal basis in these cases is Art. 6 para. 1 lit. f) GDPR. In all other cases, the legal basis is Art. 6 para. 1 lit. a) GDPR (your consent). You can change or revoke your consent at any time in the cookie settings.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

VII. Contact form

If you have any questions, we offer you the possibility to contact us via a form provided on the website. The following personal data must be provided: email address

So we know who sent the request and can answer it. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. The personal data collected by us for the use of the contact form will be automatically deleted after you have completed your request. 

VIII. Comments and contributions

If users leave comments or other contributions, their IP addresses will be used on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. of the German Data Protection Act. DSGVO for 7 days. This is done for our security if someone leaves illegal contents (insults, forbidden political propaganda, etc.) in comments and contributions. In this case we can be prosecuted ourselves for the comment or contribution and are therefore interested in the identity of the author.*

IX. Comment Subscriptions

Subsequent comments may be subscribed to by users with their consent pursuant to Art. 6 para. 1 lit. a DSGVO. Users receive a confirmation email to check whether they are the owner of the email address entered. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will contain information on the cancellation options.*

X. Newsletter

You can subscribe to a free newsletter on our website. When registering for the newsletter, the following data from the input mask is transmitted to us:

  • E-mail address (required)
  • First name (optional)
  • Last name (optional)

In the course of the registration process, your consent is obtained for the processing of the data and reference is made to this data protection declaration. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. The changes to your data stored with the shipping service provider are also logged.

The newsletter is sent via "Klaviyo", a newsletter mailing platform of the US provider Klaviyo, Inc. 225 Franklin St, Boston, MA 02110, USA ("shipping service provider"), to whom we pass on your data for the purpose of creating and sending the newsletter. You can read Klaviyo's privacy policy here: https://www.klaviyo.com/privacy/policy.

Klaviyo, Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level, information on this here.

Furthermore, Klaviyo can use this data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, Klaviyo does not use the data of our newsletter recipients to write them down or pass them on to third parties.

The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file which is retrieved from the server of the shipping service when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention, nor that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR. The collection of the user's e-mail address serves to send the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter. This also makes it possible to revoke the consent to the storage of personal data collected during the registration process. Alternatively, you are welcome to send your unsubscription request at any time to: service@pattydoo.de

XI. Advertising via e-mail

We also process personal data (e.g. name, address, e-mail address) for the purposes of advertising communication, which can take place via various channels, such as e-mail, in accordance with the legal requirements. You have the right to revoke any consent you have given us at any time or to object to promotional communication at any time.

As far as you have not objected to the use of your personal data for advertising purposes or have revoked a consent granted to us, our legitimate interest in data processing lies in the promotional communication with our customers. The legal basis in these cases is Art. 6 Para. 1 lit. f) GDPR. If you have given us consent, the legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.

XII. Amazon Affiliate Program

We are not liable on the basis of our legitimate interests (i.e. interest in the economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f.). DSGVO) Participant of the partner program of Amazon EU, which was designed to provide a medium for websites by means of which advertising costs can be reimbursed through the placement of advertisements and links to Amazon.de (so-called affiliate system). Amazon uses cookies to track the origin of orders. Among other things, Amazon can recognize that you have clicked the partner link on this website and then purchased a product from Amazon.

Further information on Amazon's use of data and possible objections can be found in the company's data protection declaration: http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?i….*

XIII. Tracking Tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 f GDPR. With the tracking measures used, we want to ensure that our website is designed to meet requirements and is continually optimised. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our website für These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

1. Google Analytics

For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymised user profiles are created and cookies (see point IV) are used. The information generated by the cookie about your use of this website such as

  • Browser type/version,
  • operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are sent to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports at the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. This information may also be passed on to third parties ü if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be shared with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking). You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). An opt-out cookie is set that prevents the collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For more information on data protection in connection with Google Analytics, please visit the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).

2. Nosto

The pattydoo website uses Nosto, a web analysis service of Nosto Solutions Ltd (Nosto), Bulevardi 21, 00180 Helsinki, Finland. The tracking of Nosto is done via Javascript and a cookie (2c.cld), which uniquely identifies the website visitor. The cookie is a first party cookie and can only be read from the customer's domain. Cookies are automatically stored by the browser on the user's computer and thus enable Nosto and pattydoo to analyse the use of the website. The information generated by the cookie about the use of the pattydoo website (including the IP address) and individual surfing behavior is transferred to a server of Amazon Webservices and stored there (USA East Coast). Nosto will use this information to evaluate the use of the website, to anonymously compare the surfing behaviour with other online users, to compile reports about the website activities for pattydoo and to provide further services connected with the use of the website and the internet. Nosto can use the collected data for its own business purposes, provided that this information was collected anonymously and in a way that excludes the possibility that it can be traced back to a person or an online shop. Nosto may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Nosto. Nosto will in no case connect the IP address with other data of Nosto. You may refuse the use of cookies by selecting the appropriate settings in your browser software; this does not affect the functionality of pattydoo-site.

XIV. Social Media Plug-ins

We use social plug-ins of the social networks Facebook on our website on the basis of Art. 6 Para. 1 S. 1 lit. f DSGVO in order to make pattydoo better known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the DSGVO. Responsibility for data protection-compliant operation is to be guaranteed by the respective provider. The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.

Facebook

Social media plugins from Facebook are used on our website to make their use more personal. For this we use the "LIKE" or "SHARE" button. This is an offer from Facebook. If you access a page of our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which integrates it into the website. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example by clicking the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends. Facebook may use this information for the purpose of advertising, market research and tailoring Facebook Pages to your needs. To this end, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. If you do not want Facebook to associate the information collected through our website with your Facebook account, you must log out of Facebook before visiting our website. Please refer to Facebook's Privacy Notice (https://www.facebook.com/about/privacy) for the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights and privacy settings in this regard.
 

XV. Integration of services and contents of third parties

Within the scope of our online offer, we act on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. of the German Civil Code). DSGVO) content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the user, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring web pages, visit times and other information about the use of our online services, as well as may be linked to such information from other sources.*

 

1. Youtube

We integrate the videos of the platform "YouTube" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.*

 

2. Google Fonts

We integrate the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.*

 

3. Google ReCaptcha

We integrate the function for recognition of bots, e.g. for entries in online forms ("ReCaptcha") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Statement: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.*

 

4. Pinterest

Within our online offer functions and contents of the service Pinterest can be integrated, offered by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. This may include, for example, content such as images, videos or text and buttons with which users can express their favor regarding the content, the authors of the content or subscribe to our contributions. If the users are members of the platform Pinterest, Pinterest can assign the call of the above-mentioned contents and functions to the profiles of the users there. Privacy policy of Pinterest: https://about.pinterest.com/de/privacy-policy.*

XVI. Rights of the data subject

If personal data are processed by you, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

1. Right of information

You can ask the person in charge to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you can request information from the person responsible about the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
  • the planned duration of the storage of personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  • the existence of a right to have your personal data concerning you corrected or deleted, a right to have the data controller restrict processing or to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information on the origin of the data if the personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

2. The right of correction

You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.

3. Right of limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

  1. if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
  2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  3. the controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
  4. if you have filed an objection against the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the limitation of the processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

4. Right of cancellation

a) Duty of Erasure

You can demand that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately, if one of the following reasons applies:

  • the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • you revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
  • you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
  • the personal data concerning you have been processed unlawfully.
  • the deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
  • the personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

b) Exceptions

The right to cancellation does not exist insofar as the processing is necessary

  • to exercise freedom of expression and information;
  • for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
  • for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
  • to assert, exercise or defend legal claims.

5. Right of information

If you have exercised your right to have the processing corrected, deleted or restricted, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis the person responsible to be informed about these recipients.

6. Right of objection

You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f GDPR for reasons arising from their particular situation; this also applies to profiling based on these provisions. The person responsible no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right of objection in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

7. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

8. right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of having infringed the GDPR, if you believe that the processing of personal data concerning you is contrary to it. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Version: 2024

This data protection declaration has been created in part with the help of the data protection generator of RA Dr. Thomas Schwenke (sections marked with *).