Privacy policy
Note: Only the German version of theis privacy policy is valid. Here only a computer-produced translation is provided without any guarantee of accuracy.
I. Responsible
The responsible person in the sense of the Basic Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG) is:
ServiceLobby RT GmbH
Stöffelburgstrasse 53
72770 Reutlingen
Germany
0049 151 614 355 09
Info@service-lobby.com
Represented by
Leon Tonat and Dr. Simon Tonat
Commercial register number
HRB 782261
II. General information on data processing
(1) Personal data is generally only processed to the extent necessary to provide a functional website including content and services. As a rule, processing only takes place with the consent of the data subject. Exceptionally, processing takes place without the consent of the data subject if this is not possible for actual reasons and the processing of the data is permitted by legal regulations.
(2) Art. 6 para. 1 lit. a DSGVO serves as the legal basis for the processing of personal data, insofar as consent of the data subject has been obtained for processing operations of personal data.
Art. 6 (1) lit. b DSGVO serves as the legal basis for the processing of personal data, insofar as this is necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Art. 6 para. 1 lit. c DSGVO serves as the legal basis for the processing of personal data, insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which the company is subject.
Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing of personal data, insofar as this is necessary for the processing to protect a legitimate interest of the company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest.
(3) The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by relevant national or European regulations. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
III. Use of the Internet presence
(1) Each time the website is accessed, the system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- Name of the retrieved website
- Date and time of the request
- Amount of data transferred
- Message about successful retrieval
- Browser type and version
- Operating system
- Internet presence from which you have reached the Internet presence
- IP address
- Provider of the user
The data is stored in the log files of the system. This data is not stored together with other personal data of the user.
(2) The legal basis for this is Art. 6 para. 1 lit. f DSGVO.
(3) The collection and temporary storage of the IP address is necessary to enable the display of the website on your terminal device. For this purpose, your IP address must be stored for the duration of your visit to the website. An evaluation of this data for marketing or analysis purposes does not take place.
(4) The data will be deleted when the respective session has ended. Insofar as this data is stored in log files, this is the case after one month at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
(5) The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the provision of the internet presence. Consequently, there is no possibility to object.
IV. Cookies use
(1) The website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the Internet presence is called up again. Cookies cannot transmit viruses to the end device or execute programs themselves.
Cookies are used to make a website more user-friendly. Some elements of the website require that the calling browser can be identified even after a page change.
If cookies are not technically necessary, they are only loaded with the user's consent. For this purpose, we use a plugin that does not collect any personal data itself.
Transient cookies are automatically deleted when the session is closed. These include session cookies, which store the so-called session ID, by means of which various requests of the web browser can be assigned to the common session. This makes it possible to recognize the end device during a new session.
Persistent cookies are automatically deleted after a specified storage period, which may differ depending on the cookie. The associated settings can be deleted at any time in the web browser settings.
The following data is stored in the cookies:
- Log-in information
- Consent to privacy settings in cookie banner
- Items in your shopping cart
- Use of individual functions of the website
(2) The legal basis for this is Art. 6 para. 1 lit. f DSGVO.
(3) The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of the website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
The user data collected through technically necessary cookies are not used to create user profiles.
(4) Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
V. Customer account
(1) The website offers users the opportunity to register by providing personal data. When ordering courses via our website, a customer account must also be created to access the booked courses.
The data is entered, transmitted and stored in an input mask. The data is not passed on to third parties. The following data is collected during the registration process:
In addition, the following data is collected during registration:
- Date and time of registration
- Name
- Billing address (incl. VAT ID or equivalent for customers outside Germany)
- E-mail address
- Account username
- Password (only hash value is stored)
As part of the registration process, the user's consent to the processing of this data is obtained with reference to the privacy policy.
(2) The legal basis for this is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.
(3) Registration of the user is required to set up a customer account. It thus serves to identify the user and fulfill the usage contract for the service.
(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to fulfill contractual or legal obligations.
(5) Data subjects have the option to modify user data in their user profile at any time. Insofar as the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
VI. contacting
(1) When contact is made by e-mail, the following data is collected when contact is made:
- E-mail address
- Contact content
- IP address of the calling computer
- Date and time of contact
In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the conversation.
(2) The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO.
If the e-mail contact aims at the conclusion or fulfillment of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.
(3) The processing of personal data serves solely to process the contact. This also constitutes the necessary legitimate interest in the processing of the data.
(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by e-mail, this is the case when the respective conversation with the data subject has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
(5) The data subject has the possibility to revoke his consent to the processing of personal data at any time. When contacting us by e-mail, the storage of personal data can be revoked at any time. In such a case, however, the conversation can then not be continued.
All personal data stored in the course of contacting us will be deleted in this case.
VII. applicant data
(1) If you send us an application by e-mail or via the contact form, we process the personal data you provide for the purpose of reviewing the application. The legal basis for this is Art. 6 (1) lit. b) DSGVO, as these are processing operations that are necessary for the implementation of pre-contractual measures. The transmission of your application documents also constitutes consent to their processing for the purpose of reviewing the application.
(2) As a rule, your data will be deleted by the provider three months after completion of the application process. In addition, you can ask us to delete your data at any time by e-mail to: hr@service-lobby.com request. Please note that in this case you will also withdraw from all current application processes.
VIII. Newsletter
(1) It is possible to subscribe to a free newsletter. When registering for the newsletter, the e-mail address from the input mask is transmitted.
In addition, the following data is collected during registration:
- IP address of the calling computer
- Date and time of registration
Consent is obtained for the processing of data as part of the registration process and reference is made to this privacy policy.
(2) The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.
(3) The collection of the user's e-mail address serves to deliver the newsletter.
The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Accordingly, the user's e-mail address will be stored as long as the subscription to the newsletter is active.
The other personal data collected during the registration process is usually deleted after a period of seven days.
(5) The subscription to the newsletter can be cancelled by the data subject at any time. For this purpose, a corresponding link can be found in each newsletter.
This also enables the revocation of consent to the storage of personal data collected during the registration process.
IX. Google Analytics
(1) If you have given your consent, the website uses "Google Analytics", a web analytics service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: "Google"). Google uses cookies, i.e. small text files that are stored on the end device and enable an analysis of the use of the website. The information generated by the cookie about the use of the website is usually transmitted to a Google server in the USA and stored there. If anonymization of the IP address to be transmitted by the cookie is activated on the website by the extension "_anonymizeIp()" (hereinafter referred to as: "IP anonymization"), the IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. In doing so, pseudonymous usage profiles can be created from the processed data. The IP address transmitted when using Google Analytics is not merged with other data from Google.
The website uses Google Analytics only with the activated IP anonymization described above. This means that your IP address is only processed by Google in abbreviated form. A personal reference can thus be excluded.
(2) The legal basis of the processing is the consent of the user according to Art. 6 para.1 lit. a. DSGVO.
(3) The website uses Google Analytics for the purpose of analyzing the use of the website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, the offer can be improved and made more interesting for the user. This is also the legitimate interest in the processing of the above data by Google.
(4) The storage of cookies generated by Google Analytics can be prevented by not granting consent or by making the appropriate settings in the web browser. Please note that in this case it may not be possible to use all functions of the website. If you wish to prevent the collection of data generated by the cookie and related to user behavior (including your IP address) as well as the processing of this data by Google, you can download and install the web browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
In order to oblige Google to process the transmitted data only in accordance with the instructions and to comply with the applicable data protection regulations, the controller has concluded a commission processing agreement with Google.
Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information on data use by Google, on setting and objection options and on data protection can be found on the following Google web pages:
- User conditions: http://www.google.com/analytics/terms/de.html
- Privacy Overview: http://www.google.com/intl/de/analytics/learn/privacy.html
- Privacy Policy: http://www.google.de/intl/de/policies/privacy
- Data use by Google when you use our partners' websites or apps: https://www.google.com/intl/de/policies/privacy/partners
- Data use for advertising purposes: http://www.google.com/policies/technologies/ads
- Settings for personalized advertising by Google: http://www.google.de/settings/ads
X. Hotjar
(1) If you have given your consent, the Website uses "Hotjar", a web analytics service provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta (hereinafter referred to as: "Hotjar"). Hotjar is a technology service that helps to better understand users' experiences (e.g., how much time you spend on which pages, which links you click, what users like and dislike, etc.) and allows the Service to be built and maintained based on user feedback. Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices. This includes a device's IP address (processed during your session and stored in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language in which our website is displayed. Hotjar stores this information on behalf of ServiceLobby RT GmbH in a pseudonymized user profile.
(2) The legal basis of the processing is the consent of the user according to Art. 6 para.1 lit. a. DSGVO.
(3) The website uses Hotjar for the purpose of better understanding the needs of our users and optimizing this service and experience. By evaluating user behavior and feedback, the offer can be improved and made more interesting for the user. This is also the legitimate interest in the processing of the above data by Hotjar.
(4) The storage of cookies generated by Hotjar can be prevented by not granting consent or by making the appropriate settings in the web browser. Please note that in this case it may not be possible to use all functions of the website.
In order to oblige Hotjar to process the transmitted data only in accordance with the instructions and to comply with the applicable data protection regulations, the Controller has concluded a commission processing agreement with Hotjar.
Hotjar is contractually prohibited from selling the data collected on our behalf.
For more details, see the 'About Hotjar' section on the Hotjar support page.
XI. LinkedIn
(1) We maintain a presence on LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: "LinkedIn"), on which we publish, among other things, offers and advertisements of our company. Via LinkedIn, you have the option of contacting us via a lead generation form. To do this, you can click on the corresponding form and send a request for a proposed appointment for a non-binding telephone call by clicking on "Send".
(2) The following data is collected:
- IP address of the calling computer
- Date and time of contact
- E-mail address
- First and last name
- Job title
- Company name
(3) The legal basis of the processing is the consent of the user according to Art. 6 para.1 lit. a. DSGVO. The transmission of your data via the form also constitutes consent to its processing for the purpose of contacting you and making an appointment. You can object to the use of your data at any time by informally revoking your consent.
(4) We use this form to enable you to contact us about our services and to arrange a no-obligation meeting with you to discuss which projects could use a boost in implementation.
(5) As a rule, your data will be deleted after contact has been established. In addition, you can ask us to delete your data at any time by e-mail to: info@service-lobby.com request. Please note that in this case you will no longer be able to contact us.
(6) Information of the third party provider through which the contact request is controlled: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Further information on data use by LinkedIn as well as on setting and objection options can be found on the following LinkedIn web pages:
- User conditions: https://de.linkedin.com/legal/user-agreement
- Privacy Policy: https://de.linkedin.com/legal/privacy-policy
- Cookie Policy: https://de.linkedin.com/legal/cookie-policy?
XII. Microsoft Forms & Microsoft Bookings
(1) We use Microsoft Forms for surveys. This is a service provided by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Forms allows us to create online forms to collect messages, requests and other input from our website visitors in a structured way.
(2) For calendar bookings we use Microsoft Bookings. This is a service provided by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bookings enables us to allow calendar bookings on the Website that are matched with calendars of the relevant employees.
(3) In addition to the respective personal data that you enter in the forms or during an appointment booking, information on your operating system, browser, date and time of your visit, referrer URL and your IP address are also collected, transmitted to Microsoft and stored on Microsoft servers.
(4) The storage of the information you enter in the forms or during the appointment booking is password-protected to ensure that third party access is excluded and only we can evaluate the information data for the purpose specified in the form.
(5) We have concluded an order processing agreement with Microsoft for the use of Microsoft Forms and Microsoft Bookings, which obliges Microsoft to protect the data of our site visitors and not to pass it on to third parties. Processing regularly takes place within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. However, data transfers to the USA cannot be ruled out.
(6) The use of Microsoft Forms and Microsoft Bookings is based on our legitimate interest in determining your request in the most user-friendly way possible (Art. 6 para. 1 lit. f DSGVO). If a corresponding consent is given, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO, insofar as the consent includes the storage of cookies. In addition, if you have given the corresponding consent, you allow us to contact you for the purpose of evaluating your answers given in the survey. Consent can be revoked at any time.
(7) For more information about the privacy practices of the third party provider: Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, Dublin, D18 P521, Ireland, Tel. +353 1 295 3826.
For more information about Microsoft's use of your data, your choices about opting out, and privacy practices, please visit the following Microsoft Web pages:
- User conditions: https://www.microsoft.com/de-de/rechtliche-hinweise/nutzungsbedingungen
- Privacy Overview: https://support.microsoft.com/de-de/office/sicherheit-und-datenschutz-in-microsoft-forms-7e57f9ba-4aeb-4b1b-9e21-b75318532cd9
- Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement
- Handling data: https://learn.microsoft.com/de-de/compliance/regulatory/gdpr-dsr-Office365?toc=%2Fmicrosoft-365%2Fenterprise%2Ftoc.json&view=o365-worldwide
XIII Integration of external content
We use external dynamic content to optimize the presentation and the offer of our website. When visiting the website, a request is automatically made to the server of the respective content provider via API, during which certain log data (e.g. the user's IP address) is transmitted. The dynamic content is then transmitted to our website and displayed there.
We use external content in connection with the following functionalities:
Google Web Fonts
(1) To make visiting our website attractive, we use external fonts from Google Fonts. When you visit the site, these are downloaded from servers of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google does not store any cookies in your browser. According to our information, however, the IP address of the user's terminal device is transmitted to Google and stored. This processing takes place due to our overriding legitimate interest in the optimal marketing of our offer according to Art. 6 para. 1 f) DSGVO.
(2) In order to oblige Google to process the transmitted data only in accordance with the instructions and to comply with the applicable data protection regulations, the controller has concluded a processing contract with Google.
Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information on data use by Google, on setting and objection options and on data protection can be found on the following Google web pages:
- General information: https://fonts.google.com/
- User conditions: https://policies.google.com/terms
- Privacy Policy: https://policies.google.com/privacy
- Data use by Google when you use our partners' websites or apps: https://www.google.com/intl/de/policies/privacy/partners
- Data use for advertising purposes: http://www.google.com/policies/technologies/ads
- Settings for personalized advertising by Google: http://www.google.de/settings/ads
XIV Integration of plugins
On our website, we have integrated social media buttons of the following providers via the Shariff tool of the computer magazine c't and heise online:
Plugins from the following providers are used on our website:
- WhatsApp plugin, the WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Further information at: https://www.whatsapp.com/legal/privacy-policy-eea - Facebook plugin, the Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Further information at: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 - Linked-In Plugin, the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: "LinkedIn").
Further information at: https://de.linkedin.com/legal/privacy-policy - Twitter plugin, the Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.
Further information at: https://twitter.com/de/privacy
By using Shariff, the respective social media buttons are integrated as mere graphics, so that no data exchange with the respective provider of the social network takes place. If the user wants to use the respective button, he will be redirected to the respective provider. A data exchange with the respective provider only takes place after the respective button has been clicked and the respective service has been accepted via cookie banner. How the respective providers process your data can be found in the above terms of use or privacy statements.
XV. Encrypted data transmission
All data is transferred via TLS technology over an encrypted connection. The certificate required for this, which is installed on the servers, was issued by an independent organization.
An encrypted connection can be recognized by the fact that the browser's address bar changes from http:// to https://.
Once the encrypted TLS connection is established, your input, which you submit to the website, can no longer be read by third parties.
XVI. rights of the data subject
If personal data are processed by , the users are "data subjects" within the meaning of the GDPR and they are entitled to the following rights against the controller:
1. right to information
The data subject may request confirmation from the controller as to whether personal data are being processed.
If there is such processing, information about the following may be requested from the controller:
- the purposes for which the personal data are processed;
- the categories of personal data which are processed;
- the recipients or categories of recipients to whom the personal data concerned have been or will be disclosed;
- the planned duration of the storage of the personal data or, if concrete information on this is not possible, criteria for determining the storage duration;
- the existence of a right to rectification or erasure of the personal data, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information on the origin of the data, if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
There is the right to request information on whether the personal data is transferred to a third country or to an international organization. In this context, it may be requested to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.
2. right to rectification
There is a right to rectification and/or completion vis-à-vis the controller if the personal data processed is incorrect or incomplete. The controller shall carry out the rectification without undue delay.
3. right to restriction of processing
Under the following conditions, the restriction of the processing of personal data may be requested:
- if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the erasure of the personal data is refused and the restriction of the use of the personal data is requested instead;
- the controller no longer needs the personal data for the purposes of processing, but they are needed for the assertion, exercise or defense of legal claims, or
- if an objection to the processing has been lodged in accordance with Article 21(1) of the GDPR and it has not yet been determined whether the legitimate grounds of the controller override the grounds of the data subject.
Where the processing of personal data has been restricted, those data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above-mentioned conditions, the data subject shall be informed by the controller before the restriction is lifted.
4. right to deletion
a) Obligation to delete
There is a right to request from the data controller that the personal data be erased without undue delay, and the data controller is obliged to erase such data without undue delay, if one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- The consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) DSGVO is revoked and there is no other legal basis for the processing.
- An objection to the processing is lodged pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or an objection to the processing is lodged pursuant to Art. 21 (2) DSGVO.
- The personal data have been processed unlawfully.
- The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO.
b) Information to third parties
If the controller has made the personal data public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall, taking into account the available technology and the cost of implementation, implement reasonable measures, including those of a technical nature, to inform data controllers which process the personal data that data subjects have requested from them the erasure of all links to, or copies or replications of, such personal data.
c) Exceptions
The right to erasure does not exist insofar as the processing is necessary to
- to exercise the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
- for the assertion, exercise or defense of legal claims.
5. right to information
If the right to rectification, erasure or restriction of processing has been asserted against the controller, the controller is obliged to notify all recipients to whom the personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
The data controller has the right to be informed about these recipients.
6. right to data portability
There is the right to receive the personal data provided to the controller in a structured, common and machine-readable format. In addition, there is the right to transfer this data to another controller without hindrance by the controller to whom the personal data was provided, provided that
- the processing is based on consent pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO or on a contract pursuant to Art. 6 (1) b DSGVO and
- the processing is carried out with the help of automated procedures.
In exercising this right, there is also the right to have the personal data transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. right of objection
There is the right to object at any time on grounds arising from the particular situation of the data subject to the processing of personal data carried out on the basis of Article 6 (1) (e) or (f) DSGVO; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
If the personal data is processed for the purpose of direct marketing, you have the right to object at any time to processing of the personal data for such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If processing for direct marketing purposes has been objected to, the personal data will no longer be processed for these purposes.
It is possible to exercise the right to object in connection with the use of information society services - notwithstanding Directive 2002/58/EC - by means of automated procedures using technical specifications.
8. right to revoke the declaration of consent under data protection law
There is the right to revoke the declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
9. automated decision in individual cases including profiling
There is a right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning the data subject or similarly significantly affects him or her. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between the data subject and the controller,
- is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
- takes place with the express consent of the data subject.
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which shall include, at least, the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.
10. right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, the data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the data subject's residence, place of work or place of the alleged infringement, if he or she considers that the processing of personal data infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.