Language default Language en_store
DKK EUR GBP CHF
Artikel (0)

Privacy statement

 

I. Scope

 

This privacy statement is designed to provide users of this website with information, in accordance with the German Federal Data Protection Act and German Telemedia Act, on the type, scope and purpose of the practices implemented by acwa service GmbH. Germaniastraße 2, 40223 Düsseldorf (hereinafter known as website operator) to collect and use personal data.

 

The website operator takes your privacy very seriously, and handles your personal data confidentially and in accordance with the legal regulations.

 

As the party responsible for processing, the website operator has taken a number of technical and organisational measures to ensure the maximum possible protection of the personal data processed through this website. Internet-based data transfers can, however, have security loopholes, meaning total protection cannot be guaranteed. For this reason, every affected person is also free to send personal data to us via alternative means, such as by telephone.

 

Name and address of the party responsible for processing

 

The party responsible as defined by the General Data Protection Regulation, other privacy laws applicable in the European Union member states, and other privacy regulations is:

 

acwa service GmbH

Germaniastr. 29

40223 Düsseldorf

Tel.: 0211 97633861

Email: info@acwa-service.de

 

There is only one (the aforementioned) responsible party as defined by Article 26 GDPR.

 Got advice or a complaint regarding privacy at our company? Then please email us at datenschutz@acwa-service.de.

 

II. General information on data processing

 

1. Scope of personal-data processing

 

We generally only process our users’ personal data insofar as this is required to provide a functional website and our content and services. Our users’ personal data is frequently only processed with the user’s consent. One exception is cases in which it is not possible to obtain prior consent for practical reasons, and the processing of data is permitted by law.

No data is collected by third parties. As such, all data is requested/collected by us ourselves.

 

2. Handling personal data

 

When you visit our website, we only collect your personal data (such as name, telephone number, email address) if this is necessary to use certain services or handle your requests and orders.

The only third parties this data is shared with are external service providers hired by us, and this is only to process your requests and run the website. These parties are contractually obliged to uphold privacy laws.

We will not, however, sell your personal data to third parties, or otherwise market it to third parties for commercial or non-commercial purposes.

acwa service expressly wishes to advise that transmitting data on the Internet (e.g. when communicating by email) can involve security loopholes, and that it is impossible to protect against access by third parties.

You can also use our website without entering personal details. Please note, however, that this may then mean certain services, e.g. the processing of your requests and orders, become unavailable.

If you have any questions about the way in which we process your personal data (e.g. name, email address), you are welcome to contact acwa service any time at datenschutz@acwa-service.de.

Upon request, we will also be glad to tell you which of your personal data has been collected, and how this has been processed. To do this, we need a written request signed personally by you. If you have any questions beforehand, you are welcome to send your enquiry to datenschutz@acwa-service.de. You may also revoke your consent to the use of your collected personal data at any time. This will take effect for the future, but cannot be applied retrospectively. Please advise us of your revocation by emailing datenschutz@acwa-service.de.

 

3. Online shop

 

User account

In order to place orders through this website, each customer can set up a password-protected customer account. Orders can also be placed without a customer account (guest order). The account contains an overview of orders placed and active order processes. If you leave the online shop as a customer, you will be automatically logged out.

The operator cannot be held liable for password misuse, unless this has been caused by the operator themselves.

Order process

All data entered by the customer during an order process is stored. This includes:

  • Last name, first name
  • Address
  • Payment details
  • Email address

Any data necessarily required for delivery or order processing is passed onto third-party service providers. If your data no longer needs to be stored, or this storage is no longer required by law, the data is deleted.

Payment by PayPal

For payments via Paypal, credit card via PayPal, direct debit via Paypal or – if available – "Purchase on account" by PayPal, we share your payment details with PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment process. PayPal reserves the right to run a credit-rating check for the credit card via PayPal, direct debit via PayPal or – if available - "Purchase on account" by PayPal payment methods. PayPal uses the result of the credit check regarding the statistical likelihood of payment default to decide whether or not to provide the respective payment method. The credit check may contain probabilities (so-called “score values”). If score values are incorporated into the credit-check result, they are based on a scientifically recognised mathematical/statistical process. The score-value calculation uses address details, among other things. For more privacy information, including the information bureaus used, please see PayPal’s privacy statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Newsletter

The website operator/site provider collects data when you subscribe to its newsletter. The collected data is used purely to send the newsletter, and is not shared with third parties.

The following data is collected:

  • Last name, first name
  • Email address

Handling contact details

If you contact the website operator using the contact options provided, your details will be stored so that they can be used to process and respond to your request. This data is not shared with third parties without your consent.

 

4. Legal basis for processing personal data

 

Insofar as we obtain consent from the affected person to process personal data, Art. 6 Para. 1 a of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis.

In cases of personal-data processing required to fulfil a contract whose parties include the affected person, Art. 6 Para. 1 b GDPR shall serve as the legal basis. This also applies to processing required for pre-contractual measures.

Insofar as the processing of personal data is necessary in order to fulfil a legal obligation to which our company is bound, Art. 6 Para. 1 c GDPR shall serve as the legal basis.

In the event that vital interests of the affected person or another natural person render it necessary to process personal data, Art. 6 Para. 1 d GDPR shall serve as the legal basis.

If the processing is required in order to protect our company’s or a third party’s justified interest, and the affected party’s interests, basic rights and basic freedoms do not outweigh the aforementioned interest, Art. 6 Para. 1 f GDPR shall serve as the legal basis for the processing.

A justified interest of the party responsible for processing is specifically considered as being the right to advertising here (see recital 47 GDPR).

 

5. Data deletion and storage duration

 

The affected person’s personal data is deleted or locked as soon as there is no further need for it to be stored. It may also be stored if this has been stipulated by European or national legislators in EU regulations, laws or other directives governing the party responsible for processing. Data is also locked or deleted if a storage deadline stipulated by the aforementioned regulations elapses, unless it needs to keep being stored in order for a contract to be concluded or fulfilled.

 

6. SSL encryption

 

In order to provide the best possible protection for the data you send, the website operator uses SSL encryption. You will be able to recognise connections encrypted in this way from the “https://” prefix in the URL in your browser’s address bar. Unencrypted sites are denoted by “http://”.

Thanks to the SSL encryption, no data you send to this website – e.g. as part of requests or logins – can be read by third parties.

 

III. Providing the website and creating log files

 

1. Description and scope of data processing

 

Every time our website is retrieved, our system automatically records data and information from the retrieving computer’s system.

The following data is collected here:

Access data

The website operator/site provider collects data relating to site hits, and saves this as “server log files”. The following data is logged in this way:

  • - Website visited
  • - Time of access
  • - Quantity of data sent in bytes
  • - Source/Link from which the user accessed the site
  • - Browser used
  • - Operating system used
  • - IP address used (anonymised)

The collected data is only used for statistical analyses and to improve the website. However, the website operator reserves the right to subsequently review the server log files if there is concrete evidence of illegal use.

The server log files only contain encrypted IP addresses; they do not contain any other data which can be linked to a user.

The data is also stored in our system’s log files. This does not affect the user’s IP addresses or other data enabling the data to be linked to a user. This data is not stored with any of the user’s other personal data.

Incorporation of the Trusted Shops trustmark

The Trusted Shops trustmark is incorporated into this website to display our Trusted Shops quality seal and any ratings, and to offer Trusted Shops products to purchasers following an order.

This serves to protect our overriding justified interest (based on a consideration of interests) in optimising our website marketing under Art. 6 Para. 1 Clause 1 f GDPR. The trustmark and the advertised services are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

When the trustmark is retrieved, the web server automatically saves a so-called “server log file”, which contains data such as your IP address, date and time of retrieval, quantity of data sent, and the requesting provider (access data), and documents the retrieval. This access data is not analysed, and is automatically overwritten within seven days of your site visit ending. Other personal data is only sent to Trusted Shops if you have consented to this, have chosen to use Trusted Shops products after completing your order, or have already registered to use these. In this case, the contractual agreement established between you and Trusted Shops shall apply.

 

2. Legal basis for data processing

 

The legal basis for temporarily storing data is Art. 6 Para. 1 f GDPR.

 

3. Purpose of data processing

 

The encrypted IP address needs to be temporarily stored by the system to enable the website to be delivered to the user’s computer. This requires the user’s encrypted IP address to remain stored for the duration of the session.

These purposes also tie in with our justified interest in processing data under Art. 6 Para. 1 f GDPR.

 

4. Duration of storage

 

The data is deleted as soon as it is no longer necessary to fulfil the purpose of its collection, or within no more than 14 days of collection. In the event the data is recorded for the purpose of providing the website, this is the case when the respective session has ended.

 

5. Ability to disallow and remove

 

The recording of data to provide the website, and the storage of data in log files, is imperative for operating the website. As such, there is no option for the user to disallow this.

 

IV. Use of cookies

 

1. Description and scope of data processing

 

Our website uses cookies. Cookies are text files stored in or by the Internet browser on the user’s computer system. If a user retrieves a website, a cookie may be stored on the user’s operating system. This cookie contains a unique sequence of characters enabling the browser to be clearly identified if the website is retrieved again.

When you visit the www.acwa -service.de website, cookies are stored on your computer so that

  • You can use our website without restriction
  • The website loads quicker on subsequent visits
  • We can provide information on general – non-personal – statistical data about your visit to our website in order to perform constant optimisations and improvements

The following data can be sent in this way:

  • - Search queries entered
  • - Frequency of site visits
  • - Use of website functions

We use cookies to personalise content and advertisements, and to analyse the hits on our website. We also pass information about your use of our website to our partners for advertising and analysis. Our partners may combine this information with other data you have provided to them, or which they have collected while you use their services.

When retrieving our website, users are informed of the use of cookies for analysis purposes, and are asked for their consent for the personal data used in this context to be processed. Reference is also made to this privacy policy.

The cookies on our website do not collect any personal data about you or your usage. You can delete cookies at any time by retrieving the relevant menu item in your Internet browser or deleting the cookies from your hard drive.

You can also configure your Internet browser to disallow cookies, or so that you have to manually confirm each time a cookie is saved on your computer.

How you delete cookies or prevent/manually confirm the storage of cookies depends on your browser software and the version type (Internet Explorer, Mozilla Firefox, Safari, Google Chrome, etc.). Additional software add-ons (“plug-ins”) may also need to be installed for this. Please use your browser’s help function, or contact the manufacturer of your browser software directly.

Please note that deleting or disallowing cookies may affect the functionality of our website.

 

2. Legal basis for data processing

 

The legal basis for processing personal data using technically required cookies is Art. 6 Para. 1 f GDPR.

The legal basis for processing personal data using cookies for analysis purposes is Art. 6 Para. 1 a GDPR, insofar as the user has consented to this.

 

3. Purpose of data processing

 

The purpose of using technically required cookies is to make websites easier to use. Some functions of our website cannot be provided without cookies. For these functions, it is essential for the browser to be recognised even after the user has moved sites.

The user data collected via technically required cookies is not used to create user profiles.

Analysis cookies (Google Remarketing, Google Analytics, Google AdWords, etracker) are used to improve the quality of our website and its content. These analysis cookies tell us how the website is used, enabling us to constantly optimise our service.

These purposes also tie in with our justified interest in processing personal data in accordance with Art. 6 Para. 1 f GDPR.

 

3.1 Google Remarketing

 

The party responsible for processing has integrated Google Remarketing services into this website. Google Remarketing is a function run by Google Analytics and Google AdWords, which enables a business to show advertisements to Internet users who have previously visited the business’ website. Integrating Google Remarketing thus allows a business to create user-based advertising and hence show Internet users advertisements relevant to their interests.

Google Remarketing is run by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to show interest-related advertising. Google Remarketing enables us to display advertisements through the Google advertising network, or to have these displayed on other websites tailored to Internet users’ personal needs and interests .

Google Remarketing creates a cookie on the affected person’s IT system. The concept of cookies has already been described above. Creating the cookie enables Google to recognise a visitor to our website if this user subsequently retrieves websites which are also members of the Google advertising network. Every time a user retrieves a website into which the Google Remarketing service has been integrated, the affected person’s Internet browser is automatically identified by Google. During this technical process, Google becomes aware of personal data, such as the user’s IP address or browsing behaviour, which Google uses to show interest-related advertising, among other things.

Personal information, such as the websites visited by the affected person, is stored using the cookie. Every time our website is visited, personal data, including the IP address of the Internet connection used by the affected person, is thus sent to Google in the United States of America. This personal data is stored by Google in the United States of America. Google sometimes shares this personal data, collected via the technical process, with third parties.

The affected person may prevent cookies from being created by our website as described above, and thus permanently disallow cookies, at any time by changing their Internet browser settings accordingly. Configuring the Internet browser in this way also prevents Google from creating a cookie on the affected person’s IT system. Cookies created by Google Analytics can similarly be deleted at any time via the Internet browser or other software programs.

Furthermore, the affected person is also given the option of disallowing interest-based advertising by Google. To do this, the affected person must retrieve each of their used Internet browsers from www.google.de/settings/ads, and change the settings there accordingly.

Further information and Google’s privacy policy can be found at https://www.google.de/intl/de/policies/privacy/.

 

3.2 Google Analytics

 

This website uses the “Google Analytics” service, provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), to analyse users’ website usage. The service uses “cookies” – text files stored on your end device. The information collected by the cookies is generally sent to a Google server in the USA, where it is stored.

IP anonymisation is activated on this website, meaning users’ IP addresses are abbreviated within member states of the EU and European Economic Area. This abbreviation eliminates any personal reference in your IP address. As part of the order-processing agreement concluded between the website operator and Google Inc., Google uses the collected information to analyse website usage and activity and render services associated with the Internet usage.

You can prevent cookies from being stored on your device by configuring your browser settings accordingly. If your browser does not permit cookies, however, we cannot guarantee you will be able to fully access all of this website’s functions.

You can also use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link provides access to the relevant plug-in: https://tools.google.com/dlpage/gaoptout?hl=de     

Alternatively, you can click this link Disable Google Analytics to prevent Google Analytics from recording data relating to you on this website. Clicking the link above downloads an “opt-out cookie”. Your browser must thus generally allow the storage of cookies for this. If you delete your cookies regularly, you will need to re-click the link every time you visit this website.

Further information on Google Inc.‘s data usage is available here: https://support.google.com/analytics/answer/6004245?hl=de

Use of Google Remarketing: This website uses the Remarketing function run by Google Inc. (“Google”). This function serves to display interest-based advertisements to website visitors within the Google advertising network. According to Google’s own information, Google does not collect any personal data during this process. If, however, you do not want the Google Remarketing function, you can generally disable this by changing the relevant settings at https://www.google.com/settings/ads. Alternatively, you can disable the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp. Further information on Google Remarketing and Google’s privacy policy can be viewed at https://www.google.com/privacy/ads/.

This website uses the Google Analytics reports on demographic characteristics, which use data from Google’s interest-based advertising and visitor data from third-party providers (e.g. age, sex and interests). This data cannot be traced to a specific person, and can also be disabled via the advertising settings (https://www.google.com/settings/ads/onweb/?hl=de).

 

3.3 Google AdWords

 

The party responsible for processing has integrated Google Adwords into this website. Google Adwords is an Internet advertising service allowing website operators to place ads in Google’s search results and in the Google advertising network. Google Adwords enables website operators to set specific keywords in advance, which are then only used to show an advertisement in Google’s search results if the user retrieves a keyword-related search result via the search engine. Advertisements in the Google advertising network are shared on relevant Internet sites via an automatic algorithm and in keeping with the pre-defined keywords.

The Google AdWords service is run by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by displaying interest-related advertising on the websites of third-party businesses and in Google’s search results, and to display external advertising on our website.

 

3.3.1 Google Conversion Tracking

 

If an affected person accesses our website via a Google advertisement, Google stores a so-called “conversion cookie” on the affected person’s IT system. The concept of cookies has already been described above. A conversion cookie becomes invalid after thirty days, and is not used to identify the affected person. If the conversion cookie has not expired, it is used to ascertain whether certain subpages, e.g. the shopping cart of an online shop system, have been retrieved on our website. The conversion cookie enables both us and Google to determine whether an affected person accessing our website via an AdWords advertisement generated sales, i.e. completed or aborted a purchase.

The data and information collected using the conversion cookie are used by Google to compile visit statistics for our website. We in turn use these statistics to calculate the total number of users directed to us through AdWords advertisements, i.e. to calculate the success or failure of the respective AdWords advertisement and to optimise our AdWords advertisements for the future. Neither our company nor other advertising customers of Google AdWords receives information from Google which could be used to identify the affected person.

The conversion cookie is used to store personal information, e.g. the websites visited by the affected person. As such, every time our website is visited, personal data, including the IP address of the Internet connection used by the affected person, is sent to Google in the United States of America. This personal data is stored by Google in the United States of America. Google sometimes shares this personal data, collected via the technical process, with third parties.

If the affected person does not wish to be part of the tracking process, they may also disallow the relevant cookie from being created, e.g. by selecting the browser setting that generally disables the automatic creation of cookies. They may also disable cookies for conversion tracking by configuring their browser so that cookies from the “googleadservices.com” domain are blocked.

Furthermore, the affected person may also disallow interest-based advertising by Google. To do this, they must retrieve each of their used browsers from www.google.de/settings/ads, and configure the relevant settings accordingly.

Further information and the Google privacy policy is available at https://www.google.de/intl/de/policies/privacy/.

 

3.4 etracker

 

This website uses technology created by etracker GmbH (www.etracker.com) to collect and store data for marketing and optimisation purposes. Based on this data, usage profiles can be created under a pseudonym. Cookies can be used for this. Cookies are small text files stored in the cache of the site visitor’s Internet browser. The cookies enable the Internet browser to be recognised. The data collected via the etracker technologies is not used to personally identify the website user without this person’s specific consent, and is not combined with personal data relating to the pseudonym’s owner (see also https://www.etracker.com/datenschutz/). Data collection and storage may be disallowed at any time, taking effect for the future but not retrospectively.

 

Disable eTracker

 

3.5 Share buttons

 

Our website acwa-service.de uses the privacy-secure “Shariff” button for the “social share buttons”. When you visit our website, it does not connect to the servers of social networks such as Facebook, Google+, Twitter, XING or LinkedIn. Only by clicking the icon of a “share button” are you redirected to the provider’s service, and your data sent to the selected social network. If you do not click a “share button”, no data is exchanged between you and the aforementioned social networks. On our website, we offer privacy-secured “social share buttons” for the following services: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. "Tweet" button from Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. "+1" button from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. "Recommended" button from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. "Share" button from XING AG, Gänsemarkt 43, 20354 Hamburg, Germany.

 

4. Duration of storage, ability to disallow and remove

 

Cookies are stored on the user’s computer and sent from this computer to our site. You, as a user, thus also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Cookies already saved may be deleted at any time. This may also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all of the website’s functions to their full extent.

 

V. Registering with the acwa service shop

 

1. Description and scope of data processing

 

On our website, we give users the option of registering by providing personal details. The data is entered in a mask, sent to us, and stored. It is not shared with third parties. The following data is collected as part of the registration process:

  • - Company name
  • - Company address

The following are also among the data stored at the time of registration:

  • - Encrypted IP address
  • - Contact details
  • - Shopping basket

The user’s consent to process this data is obtained during the registration process.

 

2. Legal basis for data processing

 

The legal basis for processing the data is Art. 6 Para. 1 a GDPR, insofar as the user has consented to this.

If the registration serves to fulfil a contract involving the user as one of its parties, or to take pre-contractual measures, the additional legal basis for processing the data is Art. 6 Para. 1 b GDPR.

If the process is required in order to protect one of our company’s justified interests, Article 6 Para. 1 f GDPR shall serve as the legal basis. A “justified interest” of the responsible party is specifically considered here to be the right to realise profit, and the right to efficiency in terms of work and costs.

 

3. Purpose of data processing

 

Goods are sold to acwa service customers (B2B/B2C) via the online shop.

User registration is not required in order to fulfil the contract with the user or to take pre-contractual measures.

A contract takes effect if the user places an order through the acwa service shop.

 

4. Duration of storage

 

The data is deleted once it is no longer required for the purpose of its collection.

During the registration process to fulfil a contract or take pre-contractual measures, this is the case if the data is no longer required to execute the contract. The contractual partner’s personal data may still need to be stored after the contract has been concluded in order to comply with contractual or legal obligations.

 

VI. Contact form and email contact

 

1. Description and scope of data processing

 

Our website contains a contact form which may be used to contact us electronically. If a user chooses this option, the data entered into the mask is sent to and stored by us. This data is as follows:

  • - Last name
  • - First name
  • - Customer no. or company name
  • - Email address
  • - Telephone number

The following data is also stored at the time the message is sent:

(1) The user’s encrypted IP address

(2) The date of registration

Your consent is obtained, and this privacy policy referenced, during sending in order to process the data.

Alternatively, you may contact us via the email address provided. In this case, the user’s personal data sent with the email is stored.

The data is not shared with third parties in this context. The data is only used to process the conversation.

 

2. Legal basis for data processing

 

The legal basis for processing data is Art. 6 Para. 1 a GDPR, insofar as the user has consented to this.

The legal basis for processing the data transmitted when sending an email is Art. 6 Para. 1 f GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Art. 6 Para. 1 b GDPR.

 

3. Purpose of data processing

 

The processing of personal data from the input mask serves purely to address the contact enquiry. If the contact is made by email, this also involves the required, justified interest in processing data.

The other personal data processed during sending serves to prevent abuse of the contact form, and to secure our IT systems.

 

4. Duration of storage

 

The data is deleted as soon as it is not longer required for the purpose of its collection. This is the case for the personal data from the contact form mask, and data sent by email, if the respective conversation with the user has ended. The conversation is deemed ended if the circumstances indicate that the relevant matter has been definitively settled.

The additional personal data collected during sending is deleted within no more than seven days.

 

5. Ability to disallow and remove

 

The user can revoke their consent to the processing of personal data at any time. If the user contacts us by email, they may disallow the storage of their personal data at any time. The conversation cannot be continued in this case.

Please advise us of your revocation by emailing datenschutz@acwa-service.de. In this case, all personal data stored during the contact process is deleted.

 

VII. Rights of the affected person

 

The following list covers all of the affected person’s rights under the GDPR. Rights with no relevance to our website do not need to be cited, meaning the list can be shortened.

If your personal data is processed, you are an affected party as defined by the GDPR, and you are entitled to assert the following rights against the party responsible:

1. Right to information

You can ask the party responsible to provide confirmation as to whether or not personal data relating to you is processed by us.

If it is, you can ask the party responsible to provide the following information as per Article 15 GDPR:

  • - The purposes for which the personal data is processed;
  • - The categories of personal data processed;
  • - The recipients/categories of recipients to whom your personal data has been or is still being disclosed;
  • - The planned storage duration of your personal data or, if it is not possible to provide concrete information here, criteria for establishing the storage duration;
  • - The existence of a right to correct or delete your personal data, a right to limit the processing of data by the party responsible, or a right to object to this processing;
  • - The existence of the right to complain to a supervisory authority;
  • - All available information about the data’s origin – if the personal data is not collected from the affected person;
  • - The existence of an automated decision-making process as per Art. 22 Para. 1 and 4 GDPR and – at least in these cases – detailed information about the logic involved, and the consequences and desired impacts of such processing for the affected person.

You are entitled to ask for information on whether your personal data is sent to a third country or an international organisation. In this context, you can ask to be informed about the appropriate guarantees in place as per Art. 46 GDPR in relation to the transmission.

 

2. Right to correction

 

In accordance with Article 16 GDPR, you are entitled to have the party responsible correct and/or complete your personal data, insofar as said data is incorrect or incomplete. The party responsible must perform the correction immediately.

 

3. Right to restrict processing

 

In accordance with Art. 18 GDPR, you can ask for the processing of your personal data to be restricted under the following conditions:

  • - If you dispute the accuracy of your personal data for a duration enabling the party responsible to review the data’s accuracy;
  • - The processing is unlawful and you refuse to have your personal data deleted, instead asking for its use to be restricted;
  • - The party responsible no longer needs the personal data for processing, but you need it to assert, exercise or defend legal claims, or
  • - If you have lodged an objection to the processing under Art. 21 Para. 1 GDPR, and it is not yet clear whether the responsible party’s justified arguments outweigh your arguments.

If the processing of your personal data has been restricted, this data – apart from the storage thereof – may only be processed with your consent, to assert, exercise or defend legal claims, to protect the rights of another natural person or legal entity, or based on an important public interest of the European Union or a member state.

If the processing restriction has been enforced under the aforementioned conditions, you will be informed by the party responsible before the restriction is lifted.

 

4. Right to deletion

 

a) Deletion obligation

In accordance with Article 17 GDPR, you may ask the party responsible for your personal data to be immediately deleted, and the party responsible is obliged to comply with this if one of the following arguments applies:

  • - Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • - You revoke your consent serving as the basis for the processing as per Art. 6 Para. 1 a or Art. 9 Para. 2 a GDPR, and there is no other applicable legal basis for the processing.
  • - You lodge an objection to the processing as per Art. 21 Para. 1 GDPR, and there are no overriding, justified arguments for the processing, or you lodge an objection to the processing as per Art. 21 Para. 2 GDPR.
  • - Your personal data has been processed unlawfully.
  • - Your personal data must be deleted in order to comply with a legal obligation under EU law or the law of the member states governing the party responsible.
  • - Your personal data has been collected in relation to services offered by the information society as per Art. 8 Para. 1 GDPR.

b) Informing third parties

If the party responsible has publicly disclosed your personal data, and is obliged to delete it under Art. 17 Para. 1 GDPR, it will implement (technical) measures, taking into account the technology available and implementation costs, to inform parties responsible for processing personal data that you, as the affected person, have asked them to delete all links to this personal data or copies or replicas of this personal data.

c) Exceptions

The right to deletion does not apply if the processing is necessary

  • - In order to exercise the right to freedom of expression and information;
  • - In order to fulfil a legal obligation requiring processing under the law of the European Union or the member states governing the party responsible, or to complete a task assigned to the party responsible, which involves serving the public’s interest or exercising public authority;
  • - For reasons for public interest in the area of public health as per Art. 9 Para. 2 h and I, and Art. 9 Para. 3 GDPR;
  • - For archiving purposes in the public’s interest, scientific or historical research purposes, or statistical purposes as per Art. 89 Para. 1 GDPR, insofar as the law stated under section a) is not likely to make it impossible or significantly difficult to achieve the goals of this processing, or  
  • - In order to assert, exercise or defend legal claims.

 

5. Right to notification

 

If you have asserted your right to correct, delete or restrict processing against the party responsible, this party is obliged to advise this correction or deletion of data, or restriction of processing, to all recipients to whom your personal data has been disclosed, unless this proves to be impossible or involves unreasonable expense.

You are entitled to have the party responsible inform you of these recipients.

 

6. Right to data transmissibility

 

In accordance with Article 20 GDPR, you are entitled to receive your personal data, which you have provided to the party responsible, in a structured, conventional, machine-readable format. You are also entitled to send this data to another party responsible, without challenge from the original responsible party who received the personal data, if

  • - The processing is based on a consent as per Art. 6 Para. 1 a GDPR or Art. 9 Para. 2 a GDPR, or on a contract as per Art. 6 Para. 1 b GDPR, and
  • - The processing is performed using automated methods.

When exercising this right, you are also entitled to have your personal data sent directly from one responsible party to another, insofar as this is technically feasible. This must not affect the freedoms or rights of other persons.

The right to data transmissibility does not apply to the processing of personal data required to complete a task assigned to the responsible party and which serves public interest or exercises public authority.

 

7. Right to objection

 

You are entitled to object to your data being processed under Art. 6 Para. 1 e or f GDPR at any time, for reasons based on your particular situation. The party responsible will no longer process your personal data, unless it can prove mandatory, defence-worthy arguments for processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your personal data is processed for the purpose of direct advertising, you are entitled to object to the processing of your personal data for advertising, insofar as this involves said direct advertising.

If you object to the processing for direct-advertising purposes, your personal data will no longer be processed for these purposes.

In the context of using services of the information society – irrespective of Directive 2002/58/EC –, you can exercise your right to objection via automated processes in which technical specifications are used.

 

8. Right to revoke privacy consents

 

In accordance with Article 7 (3) GDPR, you are entitled to revoke your privacy consents at any time. Doing so will not affect the legitimacy of the processing performed based on the consent prior to the revocation.

 

9. Automated decisions in individual cases, including profiling

 

Profiling, analyses of personal aspects, predictions, or automated individual decisions as defined by Art. 4 No. 4 GDPR are not performed.

10. Right to complain to a supervisory authority

Irrespective of other administrative or judicial legal remedies, you are entitled, under Article 77 GDPR, to complain to a supervisory authority, particularly in the member state serving as your primary place of residence or work, or the place of alleged breach, if you believe the processing of your personal data breaches the GDPR.

The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Düsseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de. You are welcome to get in touch with us first before contacting the supervisory authority. If we cannot assist you further, you can then still contact the supervisory authority.

The supervisory authority with which the complaint is lodged will inform the complainant of the progress and results of the complaint, including the possibility of judicial remedies as per Art. 78 GDPR.

 

Version: 25 May 2018