1. Name and address of the party responsible
The party responsible in accordance with the Data Protection Regulation and other national privacy laws of the Member States as well as other data protection regulations is:
NETWAYS and affiliates
Tel .: +49 911 92885-0
2. Name and address of the data protection officer
The data protection officer of the party responsible is:
NETWAYS GmbH, NETWAYS Event Services GmbH, NETWAYS Professional Services GmbH
Tel .: +49 911 92885-0
NETWAYS Managed Services GmbH
Tel.: +49 911 92885-0
3. General information on data processing
3.1 Extent of the processing of personal data
In general, we process the personal data of our users only to the extent necessary for providing a functioning website as well as our content and services. The processing of the personal data of our users is done on a regular basis only after consent of the user. An exception applies in cases in which prior obtainment of consent is not possible for factual reasons and the processing of data is permitted by legal provisions.
3.2 Legal basis for the processing of personal data
If a person’s consent for the processing of personal data is obtained, article 6(1)(a) of the EU privacy regulation (GDPR) is applied as the legal basis. In the processing of personal data, which is necessary for the performance of a contract, of which the contracting party is the person concerned, article 6(1)(b) GDPR is applied as the legal basis. This also applies to processing measures that are required to perform pre-contractual measures. As far as the processing of personal data is required to fulfill a legal obligation our company is subject to, article 6(1)(c) GDPR is applied as the legal basis.
In the event that the essential interests of the person concerned or of another individual may require the processing of personal data, article 6(1)(d) GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or of a third party and if the interests, rights and freedoms of the person concerned do not outweigh the former interest, article 6(1)(f) GDPR serves as the legal basis for processing.
3.3 Data deletion and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage can be continued, if this has been provided by the European or national legislation in EU law regulations, laws or regulations that the person responsible is bound to. A blocking or deletion of data occurs even when a storage period stipulated by the standards mentioned expires, unless a necessity for continued storage of the data for conclusion or fulfillment of a contract exists.
This privacy statement informs users about the nature, extent and purpose of the collection and use of personal data by the responsible provider. The collection occurs in our online platforms such as website, blog, shop and event pages.
4. Website publishing and creation of log files
4.1 Description and extent of data processing
Whenever accessing our website, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
- information about the browser type and version used
- the operating system of the user
- the Internet service provider of the user
- the IP address of the user
- date and time of access
- websites that lead the user’s system to our website
- websites that are accessed from the user’s system via our website
4.2 Legal basis for data processing
The legal basis for the temporary storage of the data is article 6(1)(f) GDPR.
4.3 Purpose of data processing
The storage in log files is carried out in order to ensure the functionality of the website. Moreover, the data is used for optimizing the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes will not occur in this context.
4.4 Storage duration
The data is deleted as soon as it is no longer necessary for the attainment of its original purpose. In case of collection of the data for providing the website, this deletion is carried out when the current session ends.
In the case of storing the data in log files, deletion will take place within six months at the latest. A continued storage is possible. In this case, the IP addresses of users are deleted or distorted, so that an allocation of the calling client is no longer possible.
4.5 Possibility of objection and deletion
Data collection for providing the website and storing the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
5.1 Description and extent of data processing
When using cookies the following data is stored and transmitted:
- operating data of the software, such as language setting, time zone etc.
- products in a shopping cart
- login information
5.2 Legal basis for data processing
The legal basis for the processing of personal data using cookies is article 6(1)(f) GDPR.
5.3 Purpose of data processing
The user data collected by technically necessary cookies is not used to create user profiles.
5.4 Storage duration, possibility of objection and deletion
6.1 Description and extent of data processing
Our website offers the possibility of subscribing to a free newsletter. During registration for the newsletter, the data from the input form is sent to us.
If you purchase goods or services from our website and thereby deposit your email address, it can be subsequently used by us for sending a newsletter. In such case only direct marketing information about similar products or services will be sent via the newsletter.
6.2 Legal basis for data processing
Legal basis for the processing of data by registering for the newsletter by the user is article 6(1)(a) GDPR if user consent is present.
Additional legal basis for sending the newsletter due to the sale of goods or services is § 7 para. 3 UWG (UC).
6.3 Purpose of data processing
The collection of the email address of the user is used for sending the newsletter.
The collection of further personal data as part of the registration process is used to prevent misuse of the services or the email address used.
6.4 Storage duration
The data is deleted as soon as it is no longer necessary for the attainment of its original purpose. The email address of the user is thus stored for as long as the newsletter subscription is active.
The other personal data collected in the registration process is generally deleted after a period of six months.
6.5 Possibility of objection and deletion
The newsletter subscription may be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in every newsletter. In that process it is also possible to revoke the consent to the storage of the personal data collected in the registration process.
7.1 Description and extent of data processing
On our website we offer users the option to register by entering personal data. The data input form is sent to us and stored. In this process only relevant data is collected, including contact information (name, first name, email addresses etc.) or content data.
At the time of registration, the following data is stored:
- the IP address of the user
- date and time of registration
In the registration process a user consent to the processing of this data is obtained.
7.2 Legal basis for data processing
If the registration serves the fulfilment of a contract, of which the user is the contracting party, or the realization of pre-contractual measures, article 6(1)(b) GDPR is an additional legal basis for the processing of data. Otherwise an approval in accordance with article 6(1)(a) is obtained.
7.3 Purpose of data processing
Registration of the user is required for the performance of a contract with the user or to realize pre-contractual measures or to provide and test content in blog systems, mailing lists or discussion platforms.
7.4 Transfer of data to third parties
An order or a request by the user to create an offer or individual contact may result in forwarding data to a partner company. In this case, the possible transfer is explicitly pointed out and the consent is obtained. If necessary, data is transferred to:
- affiliated sales partners
- hotels or restaurants for events and trainings
- logistics partners
7.5 Storage duration
The data is deleted as soon as it is no longer necessary for the attainment of its original purpose.
This is the case for the data collected in the registration process for the performance of a contract or the realization of pre-contractual measures if the data is no longer necessary for the implementation of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contracting party in order to comply with contractual or legal obligations.
7.6 Possibility of objection and deletion
As a user you always have the option to revoke the registration. You can have the data concerning you modified at any time.
If the data is required for the performance of a contract or to implement precontractual measures, early deletion of data is only possible unless no contractual or legal obligations are in place.
8. Contact form and email contact
8.1 Description and extent of data processing
Our website provides a contact form for electronic contact. If a user enters data into the input form the data will be sent to us and stored. In that process only relevant data is collected, including contact information (name, first name, email addresses etc.) or content data.
At the point of sending the message, the following information is also stored:
- the IP address of the user
- date and time of registration
Alternatively, contact via the provided email address is possible. In this case, the personal user data transmitted with the email is stored.
In this context, no data is transferred to third parties. The data is exclusively used for the processing of the conversation.
8.2 Legal basis for data processing
If user consent is present, legal basis for the processing of the data is article 6(1)(a) GDPR.
The legal basis for the processing of the data received during the sending of an email is article 6(1)(f) GDPR. If the email contact aims at the conclusion of a contract, article 6(1)(b) GDPR is an additional basis for the processing of data.
8.3 Purpose of data processing
The processing of personal data from the input form serves us for processing the contact as well as for customer care and quality management. When contacting us by email there is also a required legitimate interest in the processing of the data. Otherwise, the user’s consent is required.
Other personal data processed during the transmission are used to prevent misuse of the contact form and to ensure the security of our information technology systems.
8.4 Transfer of data to third parties
An order or a request by the user to create an offer or for individual contact may result in the forwarding of data to a partner company. In this case, the possible transfer is explicitly stated and consent is obtained. If required, data is transferred to:
- affiliated sales partners
- hotels or restaurants for events and trainings
- logistics partners
8.5 Publication of data
When transferring success stories, the data collected is published on the websites including the names of the user. In this case, the possible transfer is explicitly indicated and the corresponding consent is obtained accordingly.
8.6 Storage duration
The data is deleted as soon as it is no longer necessary for the attainment of its purpose, the purpose expires or the user’s consent is revoked.
The personal data additionally collected during the transmission process will be deleted after a period of six months.
8.7 Possibility of objection and deletion
The user always has the possibility to withdraw his consent to the processing of personal data. If the user contacts us by email, he can object to the storage of personal data at any time. In such a case, the conversation can not be continued.
In such a case all personal data that has been stored in the course of the contact is deleted.
9. Publication of job advertisement / online job advertisements
9.1 Description and extent of data processing
The application data is collected for the purpose of the application process and processed by us. Thereby, different data is processed, such as name, phone number, email address etc. This data is basically used for contact and communication.
Any information not proccessible under the General Equal Treatment Act (race, gender, religion or belief, disability, age or sexual identity) is not processed. We also ask not to transmit information on diseases, pregnancy, ethnic origin, political opinion, philosophical or religious beliefs, trade union membership, physical or mental health or sexual life. This also applies to content that is likely to violate the rights of third parties (e.g. copyrights, press law or general rights of third parties).
If an application is followed by the conclusion of an employment contract, the data submitted can be stored – in compliance with relevant legal regulations – in a personnel file for the purpose of the usual organizational and management processes.
9.2 Legal basis for data processing
Legal basis for the processing of data which is transmitted in the course of sending an email is article 6(1)(f) and article 6(1)(a) GDPR. If the email contact aims at the conclusion of a contract, article 6(1)(b) GDPR is an additional legal basis for the processing.
9.3 Purpose of data processing
The processing of personal data from an email solely serves us for processing the application process and employee recruitment and also includes your required, legitimate interest in processing the data.
9.4 Storage duration
If an application is rejected, the transmitted data is deleted automatically three months later. This does not apply if (e.g. the obligation of proof under the General Equal Treatment Act) continued storage is necessary due to legal requirements or it has been explicitly agreed upon a longer storage period in our prospect database.
9.5 Possibility of objection and deletion
The user has the possibility to withdraw his/her consent to the processing of personal data at any time. The data is deleted immediately provided that this deletion is not offset by legitimate interests of the person responsible or the user. Instead of data deletion data can be blocked if stipulated by law.
10. Blog systems, mailing lists and discussion platforms
10.1 Description and extent of data processing
Within these systems, it is possible to make comments, to write guest articles or to participate in a discussion. Thereby only relevant data is collected, including contact information (name, first name, email addresses etc.) or content data.
At the time of registration, the following data is also stored:
- the IP address of the user
- date and time of registration
If comments are made, other users can subscribe to them. At the time of commenting, the other users are informed. No personal data allowing direct identification is transferred in the comments.
Furthermore, we reserve the right on the basis of our legitimate interests under article 6(1)(f) GDPR to process the information provided by the user for the purpose of spam detection or to delete posts that violate the personal rights of third parties.
The data entered in the context of the comments and posts is permanently stored by us until revocation by the users.
10.2 Legal basis for data processing
The legal basis for the processing of the data is obtained by personal consent under article 6(1)(a) or the interests of the party responsible under article 6(1)(f).
10.3 Purpose of data processing
We operate the above mentioned systems for marketing purposes, employee and customer acquisition and provisioning of general information. The main focus is for relevant user groups to receive general information on the business of the party responsible.
10.4 Storage duration
Content and communication data provided within the systems are permanently stored by us until revocation by the users. Log data is deleted after six months at the latest.
10.5 Possibility of objection and deletion
The user has the possibility to withdraw his consent to the processing of personal data at any time. On the basis of our legitimate interests, we are allowed to store the withdrawn email addresses for up to three years before deletion in order to prove a once given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that at the same time the former existence of a consent is being confirmed.
11. Order processing in the online shop and customer account
We process the data of our customers during the ordering process in our online shop to allow them to select and order products and services, and also to enable payment and delivery, or rather execution.
11.1 Processing data
The processed data includes inventory data, communication data, contract data, payment data and affected by the processing are our customers, potential customers and other business partners. The processing is done for the purpose of providing contractual services relating to the operation of an online shop, billing, delivery and customer service. Here, we use session cookies to store the cart content and permanent cookies to store the login status.
11.2 Legal basis for data processing
The processing is performed on the basis of article 6(1)(b) (execution of order processes) and (c) (legally required archiving) GDPR. The information marked as mandatory is required to initiate and execute a contract. The information is disclosed to third parties only in the context of delivery, payment, or in accordance with legal permits and duties to legal advisors and authorities. The data will only be processed in third countries if it is necessary for the performance of the contract (e.g. on customer demand upon delivery or payment).
11.3 Data storage
Users can optionally create a user account allowing them primarily to view their orders. During the registration, the required mandatory information will be indicated to the users. The user accounts are not public and can not be indexed by search engines. If users have cancelled their user account, related data will be deleted unless its storage is necessary for commercial or fiscal reasons in accordance with article 6(1)(c) GDPR. Information given in the account remains stored until its deletion with subsequent archiving in the case of a legal obligation. If a user cancels his/her account it is incumbent to backup their data before the end of the contract.
During the registration and re-registration as well as use of our online services, we store the IP address and the time of each user activity. The data is stored on the basis of our legitimate interests, as well as of the abuse protection of our users and other unauthorized use. The transfer of such data to third parties is principally not carried out, unless it is necessary for the pursuit of our claims or unless there is a legal obligation in accordance with article 6(1)(c) GDPR
11.4 Storage duration
The deletion is executed after expiration of legal warranty and similar obligations, the need for the retention of data is reviewed every three years; in the case of legal archiving obligations deletion takes place after their expiration (end of commercial law (6 years) and tax (10 years) retention obligations).
12. External payment service providers
We use external payment providers for payment transactions by us and our users.
As part of the performance of contracts we use the payment service provider on the basis of article 6(1)(b) GDPR. In addition, we use external payment providers on the basis of our legitimate interests in accordance with article 6(1)(b) GDPR
in order to offer an effective and secure payment option to our users.
12.1 Legal basis for data processing
13. Use of third-party providers
13.1 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. ( “Google”). It is used on the basis of the article 6(1)(1)(f) GDPR. Google Analytics uses so called “Cookies”, text files that are stored on your computer and allow an analysis of your use of the website.
13.1.1 Data storage
The following information generated by cookies about your use of the website is usually transferred to a Google server in the USA and stored there:
- browser type/version
- operating system used
- referrer URL (previously accessed website)
- hostname of the accessing computer (IP address)
- time of server request
The IP address sent as part of the Google Analytics process will not be merged with other Google data. We have also expanded Google Analytics on this website with the code “anonymizeIP”. This guarantees the masking of your IP address, so that all data is collected anonymously. Only in extraordinary cases, the full IP address is transmitted to a Google server in the USA and shortened there.
13.1.2 Data analysis
13.1.3 Prevention of processing
You can prevent the collection of data regarding your usage of the website generated by the cookie (incl. your IP address) by Google and also, the processing of this data by Google by downloading and installing the browser plugin available in the download link below:
As an alternative to the browser add-on, especially in browsers on mobile devices, you can avoid detection by Google Analytics by also clicking on this link. It will set an opt-out cookie, which prevents future collection of your information when accessing this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For information on the integration of the opt-out cookie, go to:
Furthermore, we use Google Analytics to analyze data from double-click cookies and AdWords for statistical purposes. If you do not want this, you can deactivate this in the Ads Preferences Manager
More information on privacy in the context of Google Analytics can be found in the Google Analytics Help Center:
13.2 Google Adwords
We also use the Google advertising tool “Google Adwords” on our website. In this context, we use the analytical service “Conversion Tracking” from the company Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, referred to as “Google”, on our website.
13.2.1 Data storage
If you have come to our website via a Google ad, a cookie is stored on your computer. Cookies are small text files that are downloaded and stored by your Internet browser on your computer. These so-called “conversion cookies” lose validity after 30 days and do not serve for your personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google can see that you as a user have clicked on one of our ads placed with Google and have thus been forwarded to our side.
13.2.2 Data processing
The information obtained by means of the “conversion cookie” is used by Google to create visitor statistics for our site. Through these statistics, we see the total number of users who clicked on our ad and also which pages of our website have been accessed by the respective user afterwards. However, we and other advertisers using “Google Adwords” will not receive any information by which users can be identified personally.
13.2.3 Prevention of processing
You can prevent the installation of “conversion cookies” by changing the browser settings so that the automatic setting of cookies is generally disabled or it specifically blocks cookies only from the domain “googleadservices.com “.
13.3 Google Maps
On our website we us the component “Google Maps” run by the company Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, referred to as “Google”.
In each request of the component “Google Maps”, a cookie is set by Google in order to process user settings and date when accessing the website where the component “Google Maps” is integrated.
13.3.1 Data processing
This cookie is normally not deleted when closing the browser, but will turn invalid after a specific amount of time, unless it is previously deleted manually by the user..
13.3.2 Prevention of processing
The use of “Google Maps” and the information obtained through “Google Maps” are in accordance with the Google Terms
and the additional terms for “Google Maps”
13.4 Google fonts
On our website we use the component “Google Fonts” from the company Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, referred to as “Google”.
13.4.1 Data processing
13.4.2 Prevention of processing
The use of “Google Maps” and of the information obtained through “Google Maps” is done in accordance with the Google Terms
and the additional terms for “Google Maps”
The party responsible has integrated components of Twitter on this website. Twitter is a multilingual, publicly accessible micro-blogging service on which users can publish and spread so-called tweets, short messages which are limited to 280 characters. These short messages are available for everyone, including people not registered on Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow the tweets of a user. Furthermore, Twitter allows to address a wide audience with the use of hashtags, links or retweets. Service provider of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
13.5.1 Data processing
Whenever accessing one of the pages of this website, which is operated by the person responsible for the processing and on which a Twitter component (Twitter button) has been integrated, the browser of the information technology system of the person concerned automatically causes the respective Twitter component to download a representation of the corresponding Twitter component. Further information on the Twitter buttons are available at:
As part of this technical process, Twitter receives knowledge about exactly which subpage of our website is accessed by the person concerned. Purpose of the integration of the Twitter component is to provide our users with a retransmission of the contents of this website in order to make this website popular in the digital world and to increase our number of visitors.
13.5.2 Data storage
If the user is logged in to Twitter while visiting our website, Twitter recognizes throughout every visit exactly which subpage of our website is visited by the user concerned. This information is collected by the Twitter component and allocated through Twitter to the corresponding Twitter account of the user concerned. If the user concerned presses a Twitter button integrated on our website, the data and information transmitted in this process is associated with the personal Twitter account of the user concerned and stored and processed by Twitter.
13.5.3 Data analysis
On our website we use components of the provider facebook.com. Facebook is a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
In each access to our website this component causes the browser you are using to download a corresponding representation of the component from Facebook. In this process, Facebook is informed about the exact page of our website you are visiting.
13.6.1 Data storage
If you access our website while being logged in to Facebook, Facebook recognizes which specific page you are visiting with the help of the information collected by the component, and associates this information with your personal Facebook account. For example, if you click the “Like” button or enter comments, this information is transmitted to your personal account on Facebook and stored there. Additionally , the information that you have visited our site is passed on to Facebook regardless of whether clicking on the component or not.
13.6.2 Prevention of processing
An overview of the Facebook plugin can be found at
13.7 Jetpack (WordPress)
On our website, we use the component Jetpack from Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, United States of America, by using the technology of Quantcast Corp., 201 Third Street, 2nd Floor, San Francisco, CA 94103, United States of America.
13.7.1 Data storage
13.7.2 Prevention of processing
The consent to collection and use of data by the component Jetpack can be revoked for the future if you set an opt-out cookie in your browser via the link
If you delete all your browser cookies, the process must be repeated.
13.8 Gravatar (Profile Pictures)
Within our online services and particularly in the blog services we use the service Gravatar of Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110, USA.
13.8.1 Data storage
Gravatar is a service that allows users to register and store profile pictures and their email addresses. When users with the respective email address leave posts or comments on other websites (especially blogs), their profile picture can be displayed next to the posts or comments. For this purpose, the email address indicated by the user is transmitted in encrypted mode to Gravatar in order to check whether a profile is associated with it. This is the only purpose of the transfer of the email address and it is not used for other purposes, but is deleted afterwards.
The use of Gravatar is made on the basis of our legitimate interests in accordance with article 6(1)(f) GDPR, as we allow the authors of articles and comments to personalize their posts with a profile picture using Gravatar.
By displaying the pictures, Gravatar makes the IP address of users known, as this is necessary for communication between a browser and an online service. More information on the collection and use of data by Gravatar can be found in the privacy policies of Automattic:
13.8.2 Prevention of processing
If users do not want their profile picture linked with their email address at Gravatar to appear in the comments, you should use an email address which is not deposited at Gravatar when commenting. We also point out that it is also possible to use no email address at all or an anonymous one if the users do not wish to have their own email address sent to Gravatar. Users can prevent the transmission of the data completely by not using our comment system.
13.9 Akismet (anti-spam check)
Our online offer uses the service Akismet which is offered by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110, USA. Use is at the basis of our legitimate interests in accordance with article 6(1)(f) GDPR.
13.9.1 Data storage
With the help of this service, comments of real people are distinguished from spam comments. For this, all information of a comment is sent to a server in the US, where it is analyzed and stored for purposes of comparison for the duration of four days. If a comment has been classified as spam, the data is stored beyond that time. This information contains the entered name, email address, IP address, the content of the comment, the referrer, information on the browser and the computer system used as well as the time of the entry.
More information on the collection and use of data by Akismet can be found in the privacy notices of Automattic:
13.9.2 Prevention of processing
Users are welcome to use pseudonyms or may refrain from entering their name or email address. You can completely prevent the transfer of data by not using our comment system.
The newsletter is distributed via CleverReach, a newsletters distribution platform owned by CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR.
13.10.1 Data Storage
13.11 CM.com Germany GmbH
The sending of SMS takes place via “CM.com Germany GmbH”, a messaging platform of the German provider CM.com Germany GmbH, Dr.-Eugen-Schön-Strasse 35, 97332 Volkach, Germany. The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR and due to the selection of features in our services (e.g. sending SMS or 2FA).
13.11.1 Data Storage
The mobile phone numbers of our customers, as well as their other data described in these notes, are stored on the servers of CM.com Germany GmbH exclusively in the EU. CM.com Germany GmbH uses this information to send SMS and messages and to evaluate the shipping metrics on our behalf. Furthermore, according to its own information, CM.com Germany GmbH can use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and the presentation of the messages or for economic purposes in order to determine from which countries the recipients come. However, CM.com Germany GmbH does not use our customers’ data to write them down or to pass them on to third parties. The data protection regulations of CM.com Germany GmbH can be found here: https://www.cm.com/de-de/app/legal/cm-com/privacy-policy/
14. Rights of the person concerned
If your personal data is processed, you are affected in accordance with the GDPR and you have the following rights towards the party responsible:
14.1 Right to disclosure
You may ask the party responsible to confirm whether personal data concerning you is being processed. If such processing has taken place, you can request the following information from the party responsible:
- the purposes for which the personal data is processed
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data concerning you have been disclosed or are still being disclosed
- the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period
- the existence of a right to have personal data concerning you rectified or deleted, a right to have the processed data restricted by the person responsible or a right to object to such processing
- the existence of a right to appeal to a supervisory authority
- any available information on the origin of the data if the personal data is not collected from the person concerned
- the existence of automated decision-making, including profiling in accordance with article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the person concerned
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance to article 46 GDPR concerning the transmission.
14.2 Right to correction
You have a right to correction and/or completion towards the party responsible if the processed personal data concerning you is incorrect or incomplete. The party responsible shall carry out the correction without delay.
14.3 Right to limitation of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
- if you dispute the accuracy of the personal data concerning you for a period of time that enables the party responsible to verify the accuracy of the personal data;
- the processing is unlawful and you reject the deletion of the personal data and instead demand that the use of the personal data be restricted;
- The party responsible no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
- if you have filed an objection to the processing in accordance to article 21(1) GDPR
- and it has not yet been determined whether the legitimate reasons of the party responsible outweigh your reasons.
Where the processing of personal data regarding you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
14.4 Right to deletion
14.4.1 Obligation to delete
You may request that the party responsible delete the personal data regarding you without delay and the person responsible is obliged to delete this data without delay if one of the following reasons applies:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing was based in accordance with article 6(1)(a) or article 9(2)(a) GDPR and there is no other legal basis for the processing.
- You file an objection against the processing in accordance with article 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing in accordance with article 21(2) GDPR.
- The personal data concerning you has been processed unlawfully.
- The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
- The personal data concerning you has been collected in relation to information society services offered in accordance with article 8(1) GDPR.
14.4.2 Information transfer to third parties
If the party responsible has made the personal data concerning you public and is obligated to delete it in accordance with article 17(1) GDPR, it takes adequate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the person concerned have requested the deletion of all links to this personal data or of copies or replications of this personal data.
The right to deletion does not exist if the processing is necessary for the following reasons:
- for the exercise of the right to freedom of expression and information
- for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the person responsible is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the party responsible
- for reasons of public interest in the field of public health in accordance with article 9(2)(h) and (i) as well as article 9(3) GDPR
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with article 89(1) GDPR
- , insofar as the right referred to in Section 14.4.1 is likely to render impossible or seriously impair the attainment of the objectives of such processing
- for asserting, exercising or defending legal claims
14.5 Right to information
If you have exercised your right to have the party responsible correct, delete or limit the processing, it is obligated to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of such recipients by the party responsible.
14.6 Right to data transferability
You have the right to receive the personal data concerning you that you have provided the party responsible with in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another party responsible without obstruction by the party responsible to whom the personal data was provided, as long as
- processing is based on consent in accordance with article 6(1)(a) GDPR or article 9(2)(a) GDPR or on a contract in accordance with article 6(1)(b) GDPR and
- processing is carried out using automated methods.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
14.7 Right to objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on article 6(1)(e) or (f) of the DSGVO; this also applies to profiling based on these regulations.
The data controller no longer processes the personal data regarding you, unless he can prove compelling reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right to objection in connection with the use of Information Society services by means of automated procedures using technical specifications, regardless of Directive 2002/58/EC.
14.9 Automated decision in individual cases including profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the party responsible,
- is admissible by law of the Union or of the Member States to which the party responsible is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
- is based on explicit consent.
However, these decisions must not be based on special categories of personal data in accordance with article 9(1) GDPR, unless article 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
In the above cases, the person responsible takes appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person by the party responsible, to state his own position and to challenge the decision.
14.10 Right to appeal to a supervisory authority
Regardless of any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect the place of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.
The supervisory authority to which the complaint has been lodged informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy based on article 78 GDPR.
15. Legal age and legal competence
If you are not of legal age or legally competent, we do not want to lose you as an applicant. For this reason, we look forward to welcoming you in our office to receive your application personally.
16. Security measures
We use the most common SSL (Secure Socket Layer) method in combination with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.