Privacy Statement

A. Controller

Controller within the meaning of the General Data Protection Regulation, other data protection laws that apply in the EU Member States and other provisions relating to data protection is:

BITO Lagertechnik Bittmann GmbH
Obertor 29
55590 Meisenheim
Telephone: 06753 122 0
Telefax: 06753 122 399
E-mail: info@bito.com
Internet: www.bito.com
Managing Director: Winfried Schmuck

B. Data protection officer

tekit Consult Bonn GmbH
Andreas Schmidt
TÜV Saarland Gruppe
Alexanderstraße 10, 53111 Bonn

C. General information on data processing

The operator of these web pages is committed to the safety of your personal data. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy statement.

We categorically collect and use personal data of our users only insofar as this is required for the provision of a functional and operative website as well as of our contents and services.

We routinely collect and use the personal data of our users only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.

D. Legal basis for the processing of personal data

The legal basis for the processing of personal data is Article 6 of the EU General Data Protection Regulation (hereinafter referred to as GDPR). In particular:

Article 6 para. 1 lit. a GDPR is the legal basis for the processing of personal data with the prior consent of the data subject.

Article 6 para. 1 lit. b GDPR is the legal basis where the processing of personal data is necessary for the performance of a contract or in order to take steps prior to entering into a contract to which the data subject is party.

Article 6 para. 1 lit. c GDPR is the legal basis where the processing of personal data is necessary for the compliance with a legal obligation to which our company is subject. Article 6 para. 1 lit. d GDPR is the legal basis if the processing of personal data is required in order to protect the vital interests of the data subject or of another natural person.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not prevail over the first-mentioned interest, Article 6 para. 1 lit. f GDPR serves as legal basis for processing.

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, personal data may be stored if provided for by the European or national legislator in EU regulations, laws, or other regulations to which the controller is subject. Blocking or deletion of the data also takes place if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion or fulfilment of a contract.

1. Server log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The provider of the web pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

The following data is collected here:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request

The data is stored in the log files of our system.

This does not apply to the IP addresses of the user or other data enabling the assignment of the data to a user. This data cannot be assigned to specific persons. This data will not be merged with other data sources. Storage of this data will not be stored with other personal data of the user.

  1. Legal basis

    The legal basis for the temporary storage of data is Article 6 para. 1 lit. f GDPR.

  2. Purpose of storage

    Log files are used for storage to ensure the functionality of the website. In addition, the data is used by the company to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

    Our legitimate interest in the processing of the data also lies in these purposes, in accordance with Art. 6 para. 1 lit. f GDPR.

  3. Deletion

    The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Where data is collected for the provision of the website, the data is deleted when the respective session is completed. Data stored in log files will be deleted after a maximum of seven days.

  4. Right of objection

    The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. For this reason, there is no right of objection on the part of the user in this case.

2. Cookies

This website uses cookies. Cookies are small text files, which are placed on the user’s computer and stored in the user’s browser. Cookies do not cause any damage to the user’s computer and they do not contain viruses. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is revisited. These cookies enable us to identify the user’s browser during the next visit.

When accessing our website, the user is informed about the use of cookies for analytical purposes and his or her consent to the processing of personal data used in this context is obtained. In this context, reference is also made to this privacy statement.

  1. Legal basis

    The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR. The legal basis for the processing of personal data while using cookies for analysis purpose is Article 6 para. 1 lit. a GDPR. if the user’s consent to this effect has been obtained.

  2. Purpose

    The purpose of the use of cookies is to simplify utilisation of websites for the user. Our legitimate interest in the processing of the personal data also lies in these purposes, in accordance with Art. 6 para. 1 lit. f GDPR.

  3. Deletion and deactivation

    Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until you delete them.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

3. Third-party cookies

This website also uses third-party cookies. These are cookies, which are set by third-party providers. When our website is accessed, the user is notified about the use of third-party cookies for analysis purposes, and his consent for the processing of the personal data used in this connection is obtained. In this context, reference is also made to this privacy statement.

The following services used by this website contain third-party cookies:

  1. Google Analytics
  2. Google Maps

  1. Google Analytics

    This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses “cookies”. These are text files stored on your computer that enable an analysis of your activity on the website. The information generated by the cookie about how you use this website, such as

    1. browser type / version,
    2. operating system used,
    3. referrer URL (the web page which directed you to our website),
    4. host name of the accessing computer (IP address),
    5. the time of the server request,

    are usually transmitted to a Google server in the USA, where they are stored.

    The legal basis of the use of third-party cookies is Article 6 para. 1 lit. f GDPR.

    Google Analytics uses “cookies”, which are text files stored on your computer that thus enable an analysis of your use of the website. Google will not associate your IP address with any other data held by Google. We also have extended Google Analytics by the code “anonymizeIP” on this website. This guarantees that your IP address is masked, so that all data is anonymously collected. Only in exceptional situations will your full IP address be transmitted to a Google server in the US and truncated there.

    The purpose of the use is as follows: On behalf of the website operator Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website operator. This website uses the “demographics feature” function of Google Analytics. As a result, reports can be produced that contain statements on the age, gender and interests of the web page visitors. This data originates from interest-based advertising by Google and visitor data by third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account, or generally prohibit the collection of your data by Google Analytics as outlined in the section “Objection to data collection”.

    You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website.

    You can also prevent Google from collecting the data generated by the cookie and relating to your use of the Internet pages (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. Alternatively to the browser add-on, in particular with browsers on mobile terminal devices, you can also prevent the collection by Google Analytics by clicking on this link. This sets an opt-out cookie, which prevents the future collection of your data when you visit this website. The opt-out cookie only applies to this browser and only to our website, and it is placed on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. [Note: information on how to embed the opt-out cookie are available at: https://developers.google.com/analytics/devguides/collection/gajs/?hl=en#disable].

    We also use Google Analytics to evaluate data from double-click cookies and also AdWords for statistical purposes. If you do not want this, you can deactivate it via the ads preferences manager (http://www.google.com/settings/ads/onweb/?hl=en).

    Further information on data protection in connection with Google Analytics is available in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

    Google Maps

    Our website uses “Google Maps” provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”. Each time “Google Maps” is accessed, a cookie is placed by Google, in order to process user settings and user data when the web page which contains “Google Maps” is accessed.

    This cookie is usually not deleted when the browser is closed, but expires after a certain time, unless you manually delete it beforehand.

    If you do not agree to the processing of your data, you have the option to deactivate the “Google Maps” service and thus prevent the transfer of data to Google. For this purpose, you must deactivate the Java script function in your browser. Please note, that you cannot use “Google Maps” at all or only to a limited extent in this case. The use of “Google Maps” and the information obtained via “Google Maps” is subject to the Google terms of use http://www.google.de/intl/en/policies/terms/regional.html as well as the additional terms and conditions for “Google Maps” https://www.google.com/intl/en_gb/help/terms_maps.html.

4. Web analysis services

Google Analytics

This website uses the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The information generated by Google Analytics about how you use this website, such as

  1. browser type / version,
  2. operating system used,
  3. referrer URL (the web page which directed you to our website),
  4. host name of the accessing computer (IP address),
  5. the time of the server request,

are usually transmitted to a Google server in the USA, where they are stored. Google Analytics is a third-party provider. The use of web analysis services requires the disclosure of the data on the users to the third-party provider Google Analytics.

  1. Legal basis

    The legal basis of the use of web analysis services is Article 6 para. 1 lit. f GDPR.

  2. Purpose

    The purpose of the use is to increase the efficiency of our website. On behalf of the website operator Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website operator. This website uses the “demographics feature” function of Google Analytics. As a result, reports can be produced that contain statements on the age, gender and interests of the web page visitors. This data originates from interest-based advertising by Google and visitor data by third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account, or generally prohibit the collection of your data by Google Analytics as outlined in the section “Objection to data collection”.

    The data will be passed on pseudonymised.

  3. Prevention

    Google Analytics generates cookies. You can prevent this as follows:

    You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website.

    You can also prevent Google from collecting the data generated by the cookie and relating to your use of the Internet pages (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. Alternatively to the browser add-on, in particular with browsers on mobile terminal devices, you can also prevent the collection by Google Analytics by clicking on this link. This sets an opt-out cookie, which prevents the future collection of your data when you visit this website. The opt-out cookie only applies to this browser and only to our website, and it is placed on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. [Note: information on how to embed the opt-out cookie are available at: https://developers.google.com/analytics/devguides/collection/gajs/?hl=en#disable].

    We also use Google Analytics to evaluate data from double-click cookies and also AdWords for statistical purposes. If you do not want this, you can deactivate it via the ads preferences manager (http://www.google.com/settings/ads/onweb/?hl=en).

    Further information on data protection in connection with Google Analytics is available in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

Lead Forensics

This website also uses tracking codes of the company Lead Forensics, which facilitate analysis of the use of the website.

This only stores the IP address of the requesting device, other personal data is not collected. In particular, no data is collected for the purpose of identifying a particular user.

This information is freely available in the public domain.

The data is not shared with third parties.

  1. Legal basis

    The legal basis of the use of web analysis services is Article 6 para. 1 lit. f GDPR.

  2. Purpose

    The purpose of the use is to increase the efficiency of our website. As operator of the website, we will use this information

  3. Prevention
Deactivate Lead Forensics

5. Contact form and e-mail contact

Our website contains a contact form, which can be used to establish contact by electronic means. If a user chooses this option, the data entered in the input screen will be transmitted to us and stored. This data includes the following:

  1. Title
  2. Name
  3. Company
  4. Email
  5. Address
  6. Subject

At the time the message is sent, the IP address of the user and the date and time of registration are also stored.

For the processing of the data, your consent is obtained, and reference is made to this privacy policy as part of the registration process. The user can also contact the company at the e-mail address given in the legal notice. In this case, the user’s personal data transmitted with the e-mail will be stored.

Data will not be passed on to third parties in this context. The data will be used exclusively for processing the conversation.

  1. Legal basis

    The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user’s consent has been obtained. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

  2. Purpose

    The processing of the personal data from the contact form serves the company only to process the contact. In the case of contact via e-mail, this is also the basis of the required legitimate interest in the processing of the data.

    The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

  3. Deletion

    The data of the contact form will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input screen of the contact form and the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

    The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

  4. Revocation

    The user has the right to revoke their consent to the processing of the personal data at any time.

    If the user contacts the company by e-mail, he may object to the storage of their personal data at any time. In such a case the conversation and possible further contract initiation cannot be continued.

    The user can also revoke his consent by other means, for example orally by telephone, or in writing.

    Then all personal data stored in the course of contacting us will be deleted in this case.

6. Newsletter

On our website it is possible to subscribe to a free newsletter. The user must register for this. When registering for the newsletter, the data entered in the input mask is transmitted to our company. This data includes:

  1. Title
  2. Name
  3. Company
  4. Email
  5. Address

In addition, the IP address of the calling computer and the date and time of registration are collected when registering. For the processing of the data, your consent is obtained, and reference is made to this privacy policy as part of the registration process.

If you purchase goods or services on our website and provide us with your e-mail address, we may subsequently use it to send you a newsletter. In such a case, the newsletter will only contain direct advertising for similar goods or services of our own.

Data will not be passed on to third parties in the context of data processing for the sending of newsletters. The data will be used exclusively for sending the newsletter.

  1. Legal basis

    If the newsletter is sent on the basis of the user's registration on the website, the legal basis for processing the data after registration for the newsletter by the user and with the user's consent is Art. 6 para. 1 lit. a GDPR.

    The legal basis for sending the newsletter as a result of the sale of goods or services is Article 7 para. 3 of the German Act Against Unfair Competition UWG.

  2. Purpose

    The data collected from the user for the purpose of the newsletter serve to deliver the newsletter. The collection of other personal data as part of the registration procedure serves to prevent misuse of the services or the e-mail address used.

  3. Deletion

    The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The e-mail address of the user will therefore be stored for as long as the subscription to the newsletter is active.

    The other personal data collected during the registration procedure will generally be deleted after a period of seven days.

  4. Cancellation and termination of the newsletter

    The user concerned may cancel the subscription to the newsletter at any time. A corresponding link for this purpose is provided in every newsletter.

    This also enables a withdrawal of the consent to the storage of the personal data collected during the registration process.

7. Register with BITO

On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask, transmitted to us and stored. The data will not be shared with third parties. The following data is collected during the registration procedure:

  1. IP address of the user
  2. Date and time of registration
  3. E-mail address of the user

In the course of the registration process, the user's consent to the processing of this data is obtained.

When placing an order, the address data relating to the delivery address is also collected.

  1. Legal basis for data processing

    The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user’s consent has been obtained.

    If registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

  2. Purpose of data processing

    A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.

    The e-mail is used to confirm the order after completion of the order process, the address is necessary to coordinate the delivery.

  3. Duration of storage

    The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

    This is the case during the registration process to fulfil a contract or to carry out pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

  4. Right to object and removal

    As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time.

    You can do this on our website/by e-mail to shop@bito.com

    If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

8. Disclosure of data

Your personal data is not disclosed to third parties for purposes other than those listed below.

We only disclose your personal data to third parties, if:

  • you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data, in particular we will have an audit carried out by Creditreforn to verify your address data and your creditworthiness.
  • a legal obligation exists for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, or
  • this is legally permissible and is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

  1. PayPal

    The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of contract processing, insofar as this is necessary for the delivery of the goods. Only data required for the delivery of the goods will be passed on.

    Legal basis for this is Article 6 para. 1 sentence 1 lit. b GDPR.

    When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "Purchase on account" via PayPal, we pass your payment data on to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). PayPal reserves the right to carry out credit checks for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - “purchase on account” via PayPal. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit check can contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of score values includes, among other factors, address data. For further information on data protection law, including the credit agencies used, please refer to PayPal’s privacy statement: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

  2. Trusted Shops

    The Trusted Shops trust badge is included on this website to display our Trusted Shops seal of approval and any collected evaluations as well as to offer Trusted Shops products to buyers after an order.

    This serves the protection of our legitimate interests in an optimal marketing of our offer, within the scope of balancing interests. The trust badge and the services advertised with this are an offering of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.

    When the trust badge is called, the web server automatically saves a so-called server log file, which contains e.g. your IP address, date and time of the call, transferred data volume and the requesting provider (access data) and documents the call. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your page visit.

    Further personal data is only transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for use. In this case the contractual agreement between you and Trusted Shops applies.

    The following data is collected here:

    • Browser type and browser version
    • Operating system used
    • Referrer URL
    • Host name of the accessing computer
    • Time of the server request

     

    1. Legal basis

      The legal basis for the temporary storage of data is Article 6 para. 1 lit. f GDPR.

    2. Purpose of storage

      Log files are used for storage to ensure the functionality of the website. In addition, the data is used by the company to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

      Our legitimate interest in the processing of the data also lies in these purposes, in accordance with Art. 6 para. 1 lit. f GDPR.

    3. Deletion

      The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Where data is collected for the provision of the website, the data is deleted when the respective session is completed. Data stored in log files will be deleted after a maximum of seven days.

    4. Right of objection

      The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. For this reason, there is no right of objection on the part of the user in this case.

9. Use of social plug-ins

Use of Facebook, Google+, Twitter and Instagram plug-ins
Our website uses so-called social plug-ins (“plug-ins”) by the social networks Facebook and Google+, the microblogging services of Twitter and Instagram.

These services are offered by Facebook Inc., Google Inc., Twitter Inc. and Instagram LLC. (“Provider”).

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
An overview of the Facebook plug-ins and their appearance is available at: https://developers.facebook.com/docs/plugins

Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
An overview of the Google plug-ins and their appearance is available at: https://developers.google.com/+/web/

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”).
An overview of the Twitter buttons and their appearance is available at: https://about.twitter.com/en_us/company/brand-resources.html

Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).
An overview of the Instagram buttons and their appearance is available at: http://blog.instagram.com/post/36222022872/introducing-instagram-badges

When you access a page of our website that contains such a plug-in, your browser establishes a direct connection to the servers of Facebook, Google, Twitter or Instagram. The content of the plug-in is transferred directly from the respective provider to your browser and integrated into the page.

By integrating the plug-in, the providers receive the information that your browser has called up the corresponding website page, even if you do not have a profile or you are not logged in at the time. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider in the USA and stored there.

If you are logged in to one of the services, the providers can immediately assign your visit to our website to your profile on Facebook, Google+, Twitter or Instagram.

If you interact with the plug-ins, for example the “Like”, the “+1”, the “Twitter” or the “Instagram” button, the corresponding information is also transmitted directly to a server of the providers and stored there. The information is also disclosed in the social network, on your Twitter or Instagram account and displayed to your contacts.

For information about purpose and scope of data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options for the protection of your privacy, please refer to the providers’ privacy policy.

Facebook privacy policy: http://www.facebook.com/policy.php

Google privacy policy: http://www.google.com/intl/en/+/policy/+1button.html

Twitter privacy policy: https://twitter.com/privacy

Instagram privacy policy https://help.instagram.com/155833707900388/

If you do not want Google, Facebook, Twitter or Instagram to associate the data collected via our website directly with your profile in the relevant service, you must log out of the relevant service before visiting our website. You can also completely prevent the loading of the plug-ins with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).

E. Rights of the data subject

The operator of these web pages is committed to the safety of your personal data. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy statement.

If your personal data is being processed, you are the ‘data subject’ in terms of the GDPR and you have the following rights towards the controller:

  1. Right of access

    You may ask the controller to confirm whether your personal data is processed by us.

    If such processing has taken place, you can request the following information from the controller:

    1. the purposes for which the personal data are processed;
    2. the categories of the personal data that are processed;
    3. the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
    4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
    5. the existence of a right to rectification or deletion of the personal data concerning you, a right to restrict the processing by the controller or a right to object to such processing;
    6. the existence of a right of appeal to a supervisory authority;
    7. all available information on the origin of the data if the personal data are not collected from the data subject;
    8. the existence of automated decision-making, including profiling in accordance with Article 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

    You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

  2. Right to rectification

    You have the right to request the rectification and/or completion of your personal data from the controller if your personal data processed is incorrect or incomplete. The controller has to make the rectification without delay.

  3. Right to restriction of processing

    Under the following conditions, you may request that the processing of personal data concerning you be restricted:

    1. if you dispute the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
    2. if the processing is unlawful, and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
    3. if the controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
    4. if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

    If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

    If the processing restriction has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

  4. Right to deletion

    1. Duty to delete

      You can request the controller to immediately delete the personal data concerning you, and the controller has an obligation to delete such data without delay if one of the following reasons applies:

      1. The personal data concerning you are no longer required for the purposes for which they were collected or otherwise processed.
      2. You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
      3. You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR
      4. The personal data concerning you have been processed unlawfully.
      5. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
      6. The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

      If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data, that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

      The right to deletion does not exist insofar as the processing is necessary

      1. to exercise freedom of expression and information;
      2. to perform a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or to perform a task in the public interest or in the exercise of official authority conferred on the controller;
      3. for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
      4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
      5. to assert, exercise or defend legal claims.

  5. Notification obligation

    If you have made use of your right to rectify, erase, or restrict the processing of your personal data, the controller is obliged to inform all recipients to whom the personal data has been disclosed of this rectification or erasure of the data or restriction of the processing, unless this proves to be impossible or involves a disproportionate effort.

    You have the right to be informed of these recipients by the controller.

  6. Right to data portability

    You have the right to receive the personal data relating to you which you have provided to the data controller in a structured, commonly used, and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller, who has been provided with the personal data, where

    1. the processing is based on a consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and
    2. the processing is carried out using automated means.

      In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

    The right to data transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

  7. Right to object

    For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data related to you, which is carried out based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

    The controller will no longer process the personal data related to you, unless the controller can prove that there are compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms or the processing serves to establish, exercise, or defend legal claims.

    Where the personal data related to you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data related to you for such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

    Where you object to the processing for the purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.

    In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility of exercising your right to object by automated means using technical specifications.

  8. Right to withdraw the declaration of consent under the Data Protection Act

    You have the right to revoke your declaration of consent under the Data Protection Act at any time. The withdrawal of the consent does not affect the lawfulness of the processing carried out up to the withdrawal of the consent.

  9. Automated decision in individual cases including profiling

    You have the right not to be subject to a decision based exclusively on automated processing - including profiling – that has legal effect against you or significantly affects you in a similar manner. This does not apply if the decision

    1. is necessary for the conclusion or performance of a contract between you and the controller,
    2. is admissible by law of the Union or of the Member States to which the controller is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
    3. is made with your express consent.

    However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

    In the cases referred to in (1) and (3), the controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the controller, to state his own position and to challenge the decision.

  10. Right to lodge a complaint with a supervisory authority

    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

    The supervisory authority with which the complaint has been lodged is to inform the complainant on the progress and the outcome of the complaint including the possibility of judicial remedy in accordance with Article 78 GDPR.