Responsible party

Oliver Merkle
Interim Manager & Consultant
+49 173 / 99 75 190

mail@olivermerkle.de
www.olivermerkle.com

Friedrich-Ebert-Str. 30
31137 Hildesheim

Managing Director:
Oliver Merkle

Telephone number:
+49 173 / 99 75 190

E-mail address:
www.olivermerkle.com

As of 2025-12-01

Content

  1. Basic information on data processing and legal bases
  2. Types of data processed / Categories of data subjects
  3. Safety measures
  4. Disclosure of data to third parties and third-party providers
  5. Provision of contractual services
  6. Contacting us
  7. Web hosting
  8. Cookies & reach measurement
  9. Google Analytics
  10. Facebook Social Plugins
  11. Reach analysis with Matomo
  12. Newsletter
  13. Integration of videos
  14. Integration of services and content from third parties
  15. Rights of the data subject
  16. Deletion of data
  17. Right of objection
  18. Changes to the privacy policy

1. Basic information on data processing and legal bases

1.1. This privacy policy clarifies the nature, scope and purpose of the processing of personal data within our online offer and the websites, functions and content associated with it (hereinafter jointly referred to as “online offer” or “website”). The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) used on which the online offer is executed.

1.2. The terms used, such as “personal data” or its “processing”, refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

2. Types of data processed / Categories of data subjects

2.1. The personal data of users processed within the scope of this online offer includes:

  • Inventory data (e.g. names and addresses of customers),
  • Contact data (e.g. e-mail, telephone numbers),
  • Communication data,
  • Contract data (e.g. services used, names of clerks, payment information),
  • Usage data (e.g. the websites visited of our online offer, interest in our products)
  • Meta/communication data (e.g. device information, IP addresses) and
  • Content data (e.g. entries in the contact form).

2.2. The term “user” includes all categories of persons affected by data processing. These include our business partners, customers, interested parties and other visitors to our online offer. The terms used are to be understood as gender-neutral.

2.3. We process personal data of users only in compliance with the relevant data protection regulations. This means that user data is processed only if there is a legal permission, in particular if the data processing is necessary for the provision of our contractual services (e.g. processing of orders) and online services, or is required by law, the user has given consent, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR, in particular in reach measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of the services of third-party providers.

2.4. We would like to point out that the legal basis for consents is Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for the processing for the fulfillment of our services and implementation of contractual measures Art. 6 para. 1 lit. b. GDPR, the legal basis for the processing for the fulfillment of our legal obligations Art. 6 para. 1 lit. c. GDPR, and the legal basis for the processing for the protection of our legitimate interests Art. 6 para. 1 lit. f. GDPR.

2.5. The following persons are affected by data processing:

  • Contractual and business partners,
  • Users of our online offer,
  • Interested parties who are interested in our online offer or contact us for other reasons and
  • Customers.

3. Safety measures

Within the meaning of Art. 32 GDPR, we take appropriate organizational, contractual and technical security measures in accordance with the state of the art, taking into account the implementation costs and the nature, scope, circumstances and purposes of the data processing as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms, in order to ensure an appropriate level of protection for your data. In doing so, we ensure compliance with the provisions of data protection laws and protect this data against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

3.1. The security measures include in particular the encrypted transmission of data between your browser and our server. You can recognize such encrypted connections by the fact that the URL in the address bar of your browser starts with “https://”. This is a communication protocol with which data can be transmitted tap-proof within the framework of transport encryption.

4. Disclosure of data to third parties and third-party providers

4.1. Data will only be disclosed to third parties within the scope of legal requirements. We only pass on user data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 lit. b GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR to economic and effective operation of our business.

4.2. We only use subcontractors to provide our services if we have taken suitable legal precautions and appropriate technical and organizational measures to ensure the protection of personal data processed in accordance with the relevant legal provisions.

4.3. If, within the scope of this privacy policy, content, tools or other means from other providers (hereinafter jointly referred to as “third-party providers”) are used, we observe the legal requirements and in particular conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

4.4. If we use a third-party provider whose registered office is located in a third country (outside the European Union (EU) or the European Economic Area), it must be assumed that a data transfer to the registered offices of the third-party provider takes place. The transfer of data to third countries only takes place if there is an adequate level of data protection, the user has given consent or there is otherwise a legal permission.

5. Provision of contractual services

5.1. We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. GDPR. We inform the contractual partners which data is required for the aforementioned purposes before or in the context of the data collection, e.g. in online forms, by means of special labeling (e.g. colors) or symbols (e.g. asterisks or similar), or personally. Within the framework of applicable law, we only pass on this data to third parties to the extent that this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or with your consent (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities).

5.2. We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after the expiry of 4 years, unless the data is stored in a customer account, e.g. as long as it must be kept for legal reasons of archiving (e.g. for tax purposes as a rule 10 years). Data that has been disclosed to us by the contractual partner within the framework of a contractual relationship will be deleted by us in accordance with the provisions of the contract, generally after fulfillment of the contractual services.

6. Contacting us

6.1. When contacting us (via contact form or e-mail), the user’s details are processed for the purpose of processing the contact request and its handling in accordance with Art. 6 para. 1 lit. b GDPR. In this case, we only process the data that we need to process your request.

6.2. The user’s details may be stored in our Customer-Relationship-Management System (“CRM System”) or comparable request organization.

7. Web hosting

7.1. In order to be able to provide our online offer securely and efficiently, we make use of the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may make use of infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

7.2. On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

7.3. Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

7.4. The web hosting services also include the sending, receiving and storage of e-mails. For these purposes, the addresses of the recipients and senders, but also further information on the e-mail dispatch (e.g. the participating providers), including the contents of the respective e-mails are processed. Even if our e-mail communication has transport route encryption, these are not encrypted on the servers from which they are sent and received. The content of e-mail communication is therefore fundamentally susceptible to manipulation.

8. Cookies & reach measurement

8.1. When you visit our website, information may be stored on your computer in the form of a cookie. Cookies are information that is transferred from our web server or third-party web servers to the web browsers of users and stored there for later retrieval. Most browsers are set to automatically accept cookies. We would like to point out that the use of our online offer is only possible to a limited extent without cookies. In particular, the use of your customer account is generally not possible, as the use of cookies is technically mandatory for this. However, you can also prevent the setting of certain cookies via your browser (e.g. cookies from third-party providers), for example if you want to prevent web tracking. You can find more information on this in the help function of your browser. Further information on cookies from third-party providers that are set or processed when you visit our website can be found in the following privacy policy, if we make use of this. We also include other technologies that perform the same functions as cookies in the term cookies (e.g. when user data is stored using pseudonymous online identifiers, also referred to as “user ID”).

  • A distinction must be made between cookies that are set by the operator of the website when visiting a website (also “first-party cookies”) and cookies that are set by third-party providers (also “third-party cookies”). We only have technical control over the former cookies. We further differentiate between the following cookies.
  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes his browser.
  • Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users, which are used for reach measurement or for marketing purposes, can be stored in such a cookie.
  • Necessary (also: essential or absolutely necessary) cookies: Cookies can on the one hand be absolutely necessary for the operation of a website (e.g. to save logins or other user input or for security reasons).
  • Statistics, marketing and personalization cookies: Furthermore, cookies are usually also used in the context of reach measurement and when the interests of a user or his behavior (e.g. viewing certain content, using functions, etc.) are stored in a user profile on individual websites. Such profiles serve, for example, to display content to users that corresponds to their potential interests. This procedure is also referred to as “tracking”, i.e. tracking the potential interests of users. We will inform you separately about the use of “tracking” technologies in our privacy policy or in the context of obtaining consent.

8.2. We use “session cookies”, which are only stored for the duration of the current visit to our online presence (e.g. to be able to store your login status or the shopping cart function and thus enable the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close the browser, for example.

8.3. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser.

8.4. The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the economic operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

Depending on whether the processing is based on consent or legal permission, you have the possibility at any time to revoke a given consent or to object to the processing of your data by cookie technologies (“opt-out”). You can first declare your opt-out by means of the settings of your browser by objecting to the setting of cookies in the system settings of your browser. An objection to the use of cookies for online marketing purposes can also be made by means of a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further objection notices in the context of the information on the service providers and cookies used.

Before we process or have data processed in the context of the use of cookies, we ask users for consent that can be revoked at any time. Before consent has been given, at most cookies are used that are necessary for the operation of our online offer. Their use is based on our interest and the interest of users in the expected functionality of our online offer. This includes usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses). Users of our online offer are affected by this processing. The processing takes place on the legal basis of consent (Art. 6 para. 1 sentence 1 lit. a GDPR) or legitimate interests within the meaning of Art. 6 para. 1 sentence 1 lit. f. GDPR.

9. Google Analytics

9.1. On the basis of your consent, we use Google Analytics, a web analytics service provided by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland (“Google”) for the analysis, optimization and economic operation of our online offer. Google uses permanent third-party cookies. The resulting information is processed exclusively in our interest.

9.2. The information generated by the cookie about the use of the online offer by the users is usually transferred to a Google server in the USA and stored there.

9.3. We have agreed so-called standard contractual clauses with Google in order to be able to guarantee an adequate level of data protection. Google thereby offers a guarantee to comply with European data protection law.

9.4. Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on the activities within these online services, and to provide us with other services associated with the use of these online services and internet usage. Pseudonymous user profiles may be created from the processed data.

9.5. We use Google Analytics only with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

9.6. The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online services to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

9.7. Further information on data usage by Google, settings and objection options can be found on the Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Data usage by Google when you use websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Data usage for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising”).

10. Facebook Social Plugins

10.1. Based on your consent and in the interest of optimizing and economically operating our online services, we use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can represent interaction elements or content (e.g., videos, graphics, or text contributions) and are recognizable by one of the Facebook logos or are marked with the addition “Facebook Social Plugin”.

10.2. When a user accesses a function of this online service that contains such a plugin, a direct connection to the Facebook servers is only established when the user interacts with the plugins. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated by the device into the online service. User profiles may be created from the processed data. We therefore have no influence on the extent of the data that Facebook collects with the help of this plugin and inform the users accordingly to the best of our knowledge.

10.3. By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online service. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plugins, for example, press the Like button or leave a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

10.4. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and setting options to protect the privacy of users, can be found in the privacy policy of Facebook: https://www.facebook.com/about/privacy/.

10.5. If a user is a Facebook member and does not want Facebook to collect data about them via this online service and link it to their member data stored on Facebook, they must log out of Facebook before using our online service and delete their cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US-American page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e., they are applied to all devices, such as desktop computers or mobile devices.

11. Reach analysis with Matomo

11.1. Based on your consent, we use Matomo, an open-source software for statistical evaluation of user access, to analyze, optimize and economically operate our online services. The IP address of the users is shortened before it is stored. However, Matomo uses first-party cookies that are stored on the user’s computer and enable an analysis of the use of this online service by the users. Pseudonymous user profiles may be created from the processed data.

11.2. The information generated by the cookie about your use of this online service is stored on our server and not passed on to third parties.

12. Newsletter

12.1. With the following information, we will inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to the receipt and the described procedures.

12.2. We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described within the scope of a registration for the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and our company.

12.3. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, the changes to your data stored with the dispatch service provider are logged.

12.4. The newsletters are sent by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, hereinafter referred to as “dispatch service provider”. The data protection regulations of the dispatch service provider can be viewed here: https://www.cleverreach.com/de/datenschutz/.

12.5. The newsletters are sent via “MailChimp”, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the dispatch service provider can be viewed here: https://mailchimp.com/legal/privacy/. So-called standard contractual clauses have been agreed to ensure an adequate level of data protection.

12.6. Furthermore, the dispatch service provider can use this data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletters or for statistical purposes, to determine from which countries the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to write to them themselves or to pass them on to third parties.

12.7. Registration data: To register for the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to provide a name for the purpose of personal address in the newsletter.

12.8. The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, are initially collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. Although this information can be assigned to the individual newsletter recipients for technical reasons. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

12.9. The use of the dispatch service provider, the implementation of statistical surveys and analyses as well as the logging of the registration procedure are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of the users.

12.10. You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent to its dispatch by the dispatch service provider and the statistical analyses expires. A separate revocation of the dispatch by the dispatch service provider or the statistical evaluation is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter. If the users have only registered for the newsletter and have cancelled this registration, their personal data will be deleted.

13. Integration of videos

13.1. We use videos to display the submitted contributions. Since local hosting of videos is not powerful enough, we use external video providers. We use the services of Vimeo, Inc., West 18th Street, New York 10011, USA (“Vimeo”).

13.2. By integrating the videos, the servers of the provider are called up. For the associated use of data, we refer to the respective data protection notices of the provider. The data protection notices of Vimeo can be accessed under the following link: https://vimeo.com/privacy.

13.3. The legal basis for the integration of the videos and the associated transmission of personal data is Art. 6 para. 1 lit. b GDPR for registered users of our offer. The integration is necessary because currently no comparable video solution is available to provide protected videos.

13.4. For non-registered users, the legal basis for the transmission of personal data is Art. 6 para. 1 lit f. GDPR.

13.5. In order to guarantee an adequate level of data protection when transmitting data to the USA, we have concluded the so-called standard contractual clauses with the provider of Vimeo. As a further protective measure, we generally integrate videos in the “Do Not Track” variant, so that the scope of the transmitted personal data is reduced to a minimum.

13.6. Alternatively, we can also use the service provider YouTube. Videos of the platform “YouTube” of the third-party provider Google. Here, the video is embedded in our website, but still hosted on the platform of Youtube. When the video is played, a connection is established with YouTube. The privacy policy can be accessed here: https://www.google.com/policies/privacy/ and an opt-out can be found here: https://www.google.com/settings/ads/. We have with Google

14. Integration of services and contents of third parties

14.1. Within our online services, we use content or service offers from third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 para. 1 lit. f. GDPR) or on the basis of your consent (Art. 6 para. 1 lit. a GDPR) in order to integrate their contents and services, such as videos or fonts (hereinafter uniformly referred to as “contents”). This is done to provide our online services and to create a user-friendliness of our online services. This always presupposes that the third-party providers of these contents perceive the IP address of the users, because without the IP address they could not send the contents to their browser. The IP address is therefore required for the presentation of these contents. We endeavor to use only such contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers can also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in third-party cookies on the user’s device and contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information on the use of our online services, as well as be linked to such information from other sources.

14.2. The following presentation provides an overview of third-party providers and their contents, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, objection options (so-called opt-out):

  • If our customers use the payment services of third parties (e.g. PayPal or Sofortüberweisung), the terms and conditions and the data protection notices of the respective third-party providers apply, which can be accessed within the respective websites or transaction applications.
  • External fonts from Google Ireland., https://www.google.com/fonts (“Google Fonts”). The integration of Google Fonts takes place through a server call at Google (usually in the USA). Privacy policy: https://www.google.com/policies/privacy/. An opt-out: can be found here https://www.google.com/settings/ads/.
  • Maps of the service “Google Maps” of the third-party provider Google. The privacy policy can be accessed here: https://www.google.com/policies/privacy/, An opt-out option can be found here: https://www.google.com/settings/ads/
  • Our online services use functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click the “Recommend-Button” from LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data and its use by LinkedIn. The privacy policy can be accessed here: https://www.linkedin.com/legal/privacy-policy and an opt-out is offered here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Within our online services, functions of the Twitter service can be integrated. These functions are offered by Twitter International Company, One Cumberland Place, Fenian Street,Dublin 2, D02 AX07, Ireland. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data and its use by Twitter. Twitter’s privacy policy at http://twitter.com/privacy. You can change your privacy settings on Twitter in the account settings at http://twitter.com/account/settins.
  • We use functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing Xing functions is accessed, a connection to Xing servers is established. To our knowledge, personal data is not stored. In particular, no IP addresses are stored or the usage behavior is evaluated. Privacy policy: https://www.xing.com/app/share?op=data_protection.

15. Rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

15.1. Right to information
You can request confirmation from the controller as to whether personal data concerning you is processed by us.

If such processing is taking place, you can request information from the controller about the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration for which the personal data concerning you will be stored or, if specific details are not possible, criteria for determining the storage duration;
  • the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • all available information on the origin of the data if the personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and 4 GDPR and—at least in these cases—meaningful information about the logic involved, as well as the scope and intended effects of such processing for the data subject.

You have the right to request information about whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

15.2. Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are incorrect or incomplete. The controller must carry out the rectification without undue delay.

15.3. Right to restriction of processing
Under the following conditions, you may request the restriction of processing of personal data concerning you:

  • if you dispute the accuracy of the personal data concerning you for a period that enables the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you object to the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise, or defence of legal claims, or
  • if you have objected to processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

If the processing of personal data concerning you has been restricted, such data may be processed—apart from being stored—only with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above-mentioned requirements, you will be informed by the controller before the restriction is lifted.

15.4. Right to erasure
a) Obligation to erase
You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay if one of the following grounds applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
  • The personal data concerning you have been processed unlawfully.
  • The erasure of the personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • The personal data concerning you have been collected in relation to services offered by the information society pursuant to Art. 8 para. 1 GDPR.

b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Art. 17 para. 1 GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions
The right to erasure does not apply to the extent that processing is necessary

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR, in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  • for the establishment, exercise, or defence of legal claims.

15.5. Right to notification
If you have asserted the right to rectification, erasure, or restriction of processing vis-à-vis the controller, the controller is obliged to communicate any rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about those recipients.

15.6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

  • the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR, and
  • the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected thereby.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

15.7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

15.8. Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

15.9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for entering into, or performance of, a contract between you and the controller,
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
  • is based on your explicit consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

15.10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

16. Erasure of data

16.1. The data stored by us will be erased as soon as they are no longer required for their intended purpose and there are no legal retention obligations to prevent the erasure. Erasure also takes place in particular when other grounds for permission cease to apply. If the users’ data are not erased because they are required for other and legally permissible purposes, their processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data of users that must be retained for commercial or tax law reasons.

16.2. In accordance with legal requirements, retention is for 6 years pursuant to § 257 para. 1 HGB (German Commercial Code) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years pursuant to § 147 para. 1 AO (German Tax Code) (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).

17. Right to object

Users may object to the future processing of their personal data at any time in accordance with legal requirements. The objection may be lodged in particular against processing for direct marketing purposes.

18. Amendments to the privacy policy

18.1. We reserve the right to amend the privacy policy in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. If users’ consent is required or components of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the users’ consent.

18.2. Users are requested to inform themselves regularly about the content of the privacy policy.

Scroll to Top