Privacy policy
Note: Only the German version of this privacy policy is binding. A machine-generated translation is provided on the English page without guarantee of accuracy.
I. Person responsible
The controller within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) is
ServiceLobby RT GmbH
Stöffelburgstrasse 53
72770 Reutlingen
Germany
0049 151 614 355 09
Info@service-lobby.com
Represented by
Leon Tonat and Dr. Simon Tonat
Commercial register number
HRB 782261
II General information on data processing
(1) Personal data is only processed to the extent necessary to provide a functional website including content and services. As a rule, processing only takes place with the consent of the data subject. Exceptionally, processing is carried out without the consent of the data subject if this is not possible for factual reasons and the processing of the data is permitted by legal regulations.
(2) Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data, insofar as the consent of the data subject has been obtained for the processing of personal data.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data insofar as this is necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Art. 6 para. 1 lit. c GDPR serves as the legal basis for the processing of personal data insofar as the processing of personal data is necessary for compliance with a legal obligation to which the company is subject.
Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing of personal data, insofar as this is necessary for the processing to safeguard a legitimate interest of the company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest.
(3) The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this is provided for by relevant national or European regulations. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
III. Use of the website
(1) Each time the website is accessed, the system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- Name of the website accessed
- Date and time of the request
- Amount of data transferred
- Notification of successful retrieval
- Browser type and version
- Operating system
- Website from which you accessed the website
- IP address
- Provider of the user
The data is stored in the system's log files. This data is not stored together with other personal data of the user.
(2) The legal basis for this is Art. 6 para. 1 lit. f GDPR.
(3) The collection and temporary storage of the IP address is necessary to enable the website to be displayed on your end device. For this purpose, your IP address must be stored for the duration of your visit to the website. This data is not evaluated for marketing or analysis purposes.
(4) The data will be deleted when the respective session has ended. Insofar as this data is stored in log files, this is the case after one month at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.
(5) The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the provision of the website. Consequently, there is no possibility of objection.
IV. Use of cookies
(1) The website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies cannot transfer viruses to the end device or execute programs themselves.
Cookies are used to make a website more user-friendly. Some elements of the website require that the accessing browser can be identified even after a page change.
If cookies are not technically necessary, they are only loaded with the user's consent. For this purpose, we use a plugin that does not collect any personal data itself.
Transient cookies are automatically deleted when the session is closed. These include session cookies, which store the so-called session ID, which can be used to assign various requests from the web browser to the shared session. This makes it possible to recognize the end device during a new session.
Persistent cookies are automatically deleted after a specified storage period, which may vary depending on the cookie. The corresponding settings can be deleted at any time in the web browser settings.
The following data is stored in the cookies:
- Log-in information
- Consent to privacy settings in the cookie banner
- Items in your shopping cart
- Use of individual functions of the website
(2) The legal basis for this is Art. 6 para. 1 lit. f GDPR.
(3) The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of the website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.
The user data collected by technically necessary cookies is not used to create user profiles.
(4) Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
V. Customer account
(1) The website offers users the opportunity to register by providing personal data. When ordering courses via our website, a customer account must also be created to access the booked courses.
The data is entered into an input mask, transmitted and stored. The data will not be passed on to third parties. The following data is collected as part of the registration process:
The following data is also collected during registration:
- Date and time of registration
- Name
- Billing address (incl. VAT ID or equivalent for customers outside Germany)
- E-mail address
- Account username
- Password (only hash value is saved)
As part of the registration process, the user's consent to the processing of this data is obtained with reference to the privacy policy.
(2) The legal basis for this is Art. 6 para. 1 lit. a GDPR if the user has given consent. If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.
(3) User registration is required in order to set up a customer account. This serves to identify the user and to fulfill the contract of use for the service.
(4) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for data collected during the registration process to fulfill a contract or to carry out pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations.
(5) Data subjects have the option of modifying user data in their user profile at any time. Insofar as the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
VI Making contact
(1) The following data is collected when you contact us by e-mail:
- E-mail address
- Content of the contact
- IP address of the calling computer
- Date and time of contact
No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.
(2) The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR.
If the e-mail contact is aimed at the conclusion or fulfillment of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
(3) The processing of personal data serves solely to process the contact. This also constitutes the necessary legitimate interest in the processing of the data.
(4) The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the data subject has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
(5) The data subject has the option to withdraw their consent to the processing of personal data at any time. When contacting us by email, the storage of personal data can be revoked at any time. In such a case, however, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
VII Applicant data
(1) If you send us an application by email or via the contact form, we process the personal data you send us for the purpose of reviewing the application. The legal basis for this is Art. 6 para. 1 lit. b) GDPR, as these are processing operations that are necessary to carry out pre-contractual measures. The transmission of your application documents also constitutes consent to their processing for the purpose of reviewing the application.
(2) As a rule, your data will be deleted by the provider three months after completion of the application process. In addition, you can request the deletion of your data at any time by sending an e-mail to: hr@service-lobby.com request. Please note that in this case you also withdraw from all ongoing application procedures.
VIII. Newsletter
(1) It is possible to subscribe to a free newsletter. When registering for the newsletter, the e-mail address from the input mask is transmitted.
The following data is also collected during registration:
- IP address of the calling computer
- Date and time of registration
Consent is obtained for the processing of data as part of the registration process and reference is made to this privacy policy.
(2) The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent.
(3) The purpose of collecting the user's e-mail address is to deliver the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
(4) The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.
The other personal data collected during the registration process is generally deleted after a period of seven days.
(5) The subscription to the newsletter can be canceled by the data subject at any time. For this purpose, there is a corresponding link in every newsletter.
This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.
IX. Google Analytics
(1) If you have given your consent, the website uses "Google Analytics", a web analysis service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: "Google"). Google uses cookies, i.e. small text files that are stored on the end device and enable the use of the website to be analyzed. The information generated by the cookie about the use of the website is usually transferred to a Google server in the USA and stored there. If anonymization of the IP address to be transmitted by the cookie is activated on the website by the extension "_anonymizeIp()" (hereinafter referred to as: "IP anonymization"), the IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating the use of the website on behalf of the controller, compiling reports on website activity and providing other services relating to website activity and internet usage. Pseudonymous user profiles can be created from the processed data. The IP address transmitted when using Google Analytics is not merged with other Google data.
The website only uses Google Analytics with the previously described activated IP anonymization. This means that your IP address is only processed by Google in abbreviated form. This makes it impossible to identify you personally.
(2) The legal basis for processing is the user's consent pursuant to Art. 6 para. 1 lit. a. GDPR.
(3) The website uses Google Analytics for the purpose of analyzing the use of the website and continuously improving individual functions and offers as well as the user experience. By statistically evaluating user behavior, the offer can be improved and made more interesting for the user. This also constitutes the legitimate interest in the processing of the above data by Google.
(4) The storage of cookies generated by Google Analytics can be prevented by not giving consent or by making the appropriate settings in the web browser. It should be noted that in this case it may not be possible to use all functions of the website. If you wish to prevent the collection of data generated by the cookie and related to user behavior (including your IP address) and the processing of this data by Google, you can download and install the web browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
In order to oblige Google to process the transmitted data only in accordance with the instructions and to comply with the applicable data protection regulations, the controller has concluded a data processing agreement with Google.
Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information on the use of data by Google, on setting and objection options and on data protection can be found on the following Google websites:
- Terms of use: http://www.google.com/analytics/terms/de.html
- Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html
- Privacy policy: http://www.google.de/intl/de/policies/privacy
- Data use by Google when you use our partners' websites or apps: https://www.google.com/intl/de/policies/privacy/partners
- Use of data for advertising purposes: http://www.google.com/policies/technologies/ads
- Settings for personalized advertising by Google: http://www.google.de/settings/ads
X. Hotjar
(1) If you have given your consent, the website uses "Hotjar", a web analytics service provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta (hereinafter referred to as: "Hotjar"). Hotjar is a technology service that helps to better understand users' experiences (e.g. how much time you spend on which pages, which links you click on, what users like and dislike, etc.) and enables the service to be built and maintained based on user feedback. Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices. This includes a device's IP address (which is processed during your session and stored in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only) and the preferred language in which our website is displayed. Hotjar stores this information on behalf of ServiceLobby RT GmbH in a pseudonymized user profile.
(2) The legal basis for processing is the user's consent pursuant to Art. 6 para. 1 lit. a. GDPR.
(3) The website uses Hotjar for the purpose of better understanding the needs of our users and optimizing this service and experience. By evaluating user behavior and feedback, the offer can be improved and made more interesting for the user. This is also the legitimate interest in the processing of the above data by Hotjar.
(4) The storage of cookies generated by Hotjar can be prevented by not granting consent or by making the appropriate settings in the web browser. It should be noted that in this case it may not be possible to use all the functions of the website.
In order to oblige Hotjar to process the transmitted data only in accordance with the instructions and to comply with the applicable data protection regulations, the controller has concluded a data processing agreement with Hotjar.
Hotjar is contractually prohibited from selling the data collected on our behalf.
Further details can be found in the 'About Hotjar' section on the Hotjar support page.
XI. LinkedIn
(1) We maintain a presence on LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: "LinkedIn"), on which we publish, among other things, offers and advertising from our company. LinkedIn gives you the opportunity to contact us via a lead generation form. To do this, you can click on the relevant form and click "Send" to submit a request for a proposed appointment for a non-binding telephone call.
(2) The following data is collected:
- IP address of the calling computer
- Date and time of contact
- e-mail address
- First and last name
- Job title
- Company names
(3) The legal basis for processing is the user's consent pursuant to Art. 6 para. 1 lit. a. GDPR. By submitting your data via the form, you also consent to its processing for the purposes of contacting you and making appointments. You can object to the use of your data at any time by informally revoking your consent.
(4) We use this form to enable you to contact us about our services and to arrange a no-obligation meeting with you to discuss which projects could use a boost.
(5) As a rule, your data will be deleted after you have contacted us. In addition, you can request the deletion of your data at any time by e-mail to: info@service-lobby.com request. Please note that in this case you will no longer be able to contact us.
(6) Information from the third-party provider through which the contact request is managed: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Further information on the use of data by LinkedIn and on setting and objection options can be found on the following LinkedIn websites
- Terms of use: https://de.linkedin.com/legal/user-agreement
- Privacy policy: https://de.linkedin.com/legal/privacy-policy
- Cookie guidelines: https://de.linkedin.com/legal/cookie-policy?
XII. Microsoft Forms & Microsoft Bookings
(1) We use Microsoft Forms for surveys. This is a service provided by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Forms enables us to create online forms to collect messages, inquiries and other input from our website visitors in a structured manner.
(2) We use Microsoft Bookings for calendar bookings. This is a service provided by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bookings enables us to allow calendar bookings on the website that are coordinated with the calendars of the relevant employees.
(3) In addition to the respective personal data that you enter in the forms or during an appointment booking, information about your operating system, browser, date and time of your visit, referrer URL and your IP address is also collected, transmitted to Microsoft and stored on Microsoft servers.
(4) The information you enter in the forms or during the appointment booking process is stored under password protection to ensure that third party access is excluded and that only we can evaluate the information data for the purpose specified in the form.
(5) We have concluded an order processing contract with Microsoft for the use of Microsoft Forms and Microsoft Bookings, which obliges Microsoft to protect the data of our website visitors and not to pass it on to third parties. Processing regularly takes place within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. However, data transfers to the USA cannot be ruled out.
(6) The use of Microsoft Forms and Microsoft Bookings is based on our legitimate interest in determining your request in the most user-friendly way possible (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been given, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR, insofar as the consent includes the storage of cookies. If you have given your consent, you also allow us to contact you to evaluate the answers you provide in the survey. Consent can be revoked at any time.
(7) Further information on the data protection of the third-party provider: Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, Dublin, D18 P521, Ireland, Tel. +353 1 295 3826.
Further information on the use of data by Microsoft, on setting and objection options and on data protection can be found on the following Microsoft websites:
- Terms of use: https://www.microsoft.com/de-de/rechtliche-hinweise/nutzungsbedingungen
- Overview of data protection: https://support.microsoft.com/de-de/office/sicherheit-und-datenschutz-in-microsoft-forms-7e57f9ba-4aeb-4b1b-9e21-b75318532cd9
- Privacy policy: https://privacy.microsoft.com/de-de/privacystatement
- Handling of data: https://learn.microsoft.com/de-de/compliance/regulatory/gdpr-dsr-Office365?toc=%2Fmicrosoft-365%2Fenterprise%2Ftoc.json&view=o365-worldwide
XIII Integration of external content
We use external dynamic content to optimize the presentation and offer of our website. When the website is visited, a request is automatically sent to the server of the respective content provider via API, during which certain log data (e.g. the user's IP address) is transmitted. The dynamic content is then transmitted to our website and displayed there.
We use external content in connection with the following functionalities:
Google Web Fonts
(1) In order to make visiting our website attractive, we use external fonts from Google Fonts. When you visit the site, these are downloaded from servers of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google does not store any cookies in your browser. However, according to our information, the IP address of the user's device is transmitted to Google and stored. This processing is carried out on the basis of our overriding legitimate interest in the optimal marketing of our offer in accordance with Art. 6 para. 1 f) GDPR.
(2) In order to oblige Google to process the transmitted data only in accordance with the instructions and to comply with the applicable data protection regulations, the controller has concluded an order processing contract with Google.
Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information on the use of data by Google, on setting and objection options and on data protection can be found on the following Google websites:
- General information: https://fonts.google.com/
- Terms of use: https://policies.google.com/terms
- Privacy policy: https://policies.google.com/privacy
- Data use by Google when you use our partners' websites or apps: https://www.google.com/intl/de/policies/privacy/partners
- Use of data for advertising purposes: http://www.google.com/policies/technologies/ads
- Settings for personalized advertising by Google: http://www.google.de/settings/ads
XIV Integration of plugins
We have integrated social media buttons from the following providers on our website using the Shariff tool from the computer magazine c't and heise online:
Plugins from the following providers are used on our website:
- WhatsApp pluginWhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Further information can be found at: https://www.whatsapp.com/legal/privacy-policy-eea - Facebook pluginMeta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Further information can be found at: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 - Linked-In pluginLinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: "LinkedIn").
Further information can be found at: https://de.linkedin.com/legal/privacy-policy - Twitter pluginTwitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.
Further information can be found at: https://twitter.com/de/privacy
By using Shariff, the respective social media buttons are integrated as mere graphics so that no data is exchanged with the respective provider of the social network. If the user wishes to use the respective button, they are forwarded to the respective provider. Data is only exchanged with the respective provider after the respective button has been clicked and the respective service has been accepted via the cookie banner. You can find out how the respective providers process your data in the terms of use and privacy policies above.
XV Encrypted data transmission
All data is transmitted via TLS technology over an encrypted connection. The certificate required for this, which is installed on the servers, was issued by an independent organization.
You can recognize an encrypted connection by the fact that the address line of the browser changes from http:// to https://.
As soon as the encrypted TLS connection is established, the information you send to the website can no longer be read by third parties.
XVI Rights of the data subject
If personal data is processed by , the users are "data subjects" within the meaning of the GDPR and they have the following rights vis-à-vis the controller:
1. right to information
The data subject may request confirmation from the controller as to whether personal data is being processed.
If such processing has taken place, you can request the following information from the controller:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed;
- the planned duration of storage of the personal data or, if specific information on this is not possible, criteria for determining the duration of storage;
- the existence of a right to rectification or erasure of personal data, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information about the origin of the data if the personal data is not collected from the data subject;
- the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information about whether personal data is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
2. right to rectification
There is a right to rectification and/or completion vis-à-vis the controller if the processed personal data is incorrect or incomplete. The controller must make the correction without delay.
3. right to restriction of processing
The restriction of the processing of personal data may be requested under the following conditions:
- if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required for the establishment, exercise or defense of legal claims, or
- if an objection to the processing pursuant to Art. 21 (1) GDPR has been lodged and it has not yet been established whether the legitimate reasons of the controller outweigh those of the data subject.
Where processing of personal data has been restricted, such data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, the data subject shall be informed by the controller before the restriction is lifted.
4. right to erasure
a) Obligation to delete
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- The consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR is withdrawn and there is no other legal basis for the processing.
- An objection to the processing is lodged pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or an objection to the processing is lodged pursuant to Art. 21 (2) GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure does not exist if the processing is necessary
- to exercise the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the assertion, exercise or defense of legal claims.
5. right to information
If the right to rectification, erasure or restriction of processing has been asserted against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about these recipients by the controller.
6. right to data portability
You have the right to receive the personal data that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
- the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
- the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be impaired by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. right of objection
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where processing for direct marketing purposes has been objected to, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the right to object may be exercised by automated means using technical specifications.
8. right to revoke the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. automated decision-making in individual cases including profiling
The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects him or her. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between the data subject and the controller,
- is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- with the express consent of the data subject.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the data subject's habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.