We are pleased that you are interested in our website and the offers on the website www.sitnskate.de. Of course, the protection of your personal data when you visit our website is also important to us.

1. General information on data processing

With the following data protection information we inform you about the type and scope of the processing of personal data. We collect and use the personal data of visitors to our website only to the extent necessary to make the website and our content and services functional and convenient for visitors to use. 

Personal data is regularly processed only with the consent of the visitor. In addition, processing can take place if prior consent cannot be obtained for actual reasons and data processing is permitted by statutory provisions – in particular by the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG 2018).

According to Art. 4 No. 1 GDPR, “ personal data ” is all information relating to an identified or identifiable natural person (“data subject”). This includes, for example, the name, address, date of birth, e-mail address and telephone number.

According to Art. 4 No. 2 GDPR, ” processing ” means any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data (e.g. collection, storage, use or disclosure).

According to Art. 4 No. 7 GDPR, “ person responsible ” is the natural or legal person, authority, institution or other body that alone or together with others decides on the purposes and means of processing personal data.

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) GDPR serves as the legal basis. Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first-mentioned interest,

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

2. Name and contact details of the person responsible, contact details of the data protection officer

The person responsible for data processing when visiting and using this website is:

SUPR SPORTS gGmbH (limited liability), represented by the managing director 

Jens Dreesen

20 Glücksburger Strasse

22769 Hamburg

mail@sitnskate.de 

3. Processing of data when visiting and using our website

3.1 Storage of access data in http log files (“log files”)

In principle, you can visit and use our website without providing any personal information. When you visit our website, the Internet browser you use automatically transmits certain access data to the server provided. This concerns the following data: 

• Visited site
• Time of access
• Amount of data sent in bytes
• Source/reference from which you came to the page
• Browser used
• Operating system used
• IP address used

Type and purpose of data processing:

This data is temporarily stored in a separate log file (so-called “log file”). The log files contain IP addresses or other data that enable assignment to a user. This could be the case, for example, if the link to the website from which the user arrives at the website or the link to the website to which the user switches contains personal data.

The storage serves the purpose of permanently guaranteeing system security and stability and to enable technical administration in order to ensure trouble-free connection establishment and operation of our website as well as its comfortable use. In addition, this data is evaluated for internal administrative and statistical purposes in order to improve our online offering. This data is not merged with other data or data sources that would allow conclusions to be drawn about your person.

Legal basis:

The legal basis for this processing is Article 6 (1) (f) GDPR. With this data processing, we are pursuing the legitimate interest of maintaining the operational security of our website in order to be able to provide this website and the information contained there smoothly and conveniently. 

Storage duration:

The data will be deleted as soon as they are no longer required to achieve the aforementioned purposes of their collection. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

Possibility of revocation and elimination:

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

3.2 Cookies

Type and purpose of data processing and storage period:

When you visit our website, so-called “cookies” are also stored on your device or data carrier. Cookies are text or information files that your Internet browser automatically saves on your end device when you visit our website. They contain certain data or settings that are exchanged between your Internet browser and our system. This is primarily information about which sub-pages of our website are accessed and how often. Cookies enable the browser to be uniquely identified when the website is called up again.

We use cookies to make our website functional. Some functions of our website cannot be offered without the use of cookies; for these it is necessary that the browser is recognized after a page change. We use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our website. 

The visitor data collected in this way is pseudonymized by technical precautions. The data is not stored together with other personal data of the visitor. It is therefore no longer possible to assign the data to the calling visitor. 

We only save technically necessary cookies. These are mandatory in order to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they remember which websites you have visited;

Legal basis:

The legal basis for the processing of personal data using technically required cookies within the meaning of Section 25 (2) TTDSG in conjunction with Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services.

Possibility of objection regarding the storage of cookies:

You can also use our website without cookies; however, we would like to point out that you may then no longer be able to fully use all the services or functions of our website. You can set your browser so that it informs you about the placement of cookies. So the use of cookies becomes transparent for you. You can also delete cookies at any time using the appropriate browser setting and prevent new cookies from being set; please contact your browser provider for more information. You can usually deactivate cookies via deactivation links. 

3.3 Matomo

We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. 

Type and purpose of data processing:

The software sets a cookie on the user’s computer (see above for cookies). If individual pages of our website are called up, the following data is stored:

• Two bytes of the IP address of the user’s calling system
• The accessed website
• The website from which the user accessed the accessed website (referrer)
• The sub-pages that are accessed from the accessed website
• The length of stay on the website
• The frequency of visits to the website

The software runs exclusively on the servers of our website. A storage of the personal data of the users only takes place there. The IP address is anonymized before it is saved. We use Matomo without cookies. The data will not be passed on to third parties.

Matomo enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. Our legitimate interest in the processing of the data according to Art. 6 (1) (f) GDPR also lies in these purposes. By making the IP address anonymous, the interest of the user in the protection of their personal data is sufficiently taken into account.

Legal basis:

The legal basis for the processing of users’ personal data is Article 6 (1) (f) GDPR.

Possibility of revocation:

You have the option of terminating the Matomo web analysis by deactivating the following checkbox:

Your visit to this website is currently being recorded by the Matomo web analysis. Deselect this checkbox to opt-out.

You can find more information about the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/ .

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

You are not opted out. Uncheck this box to opt-out. You are currently opted out. Check this box to opt-in.

The tracking opt-out feature requires cookies to be enabled.

3.4 Wordfence

We use the “Wordfence Security” service. The service provider is Defiant Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA. 

Type and purpose of data processing:

The website uses the plug-in to protect against viruses and malware and to ward off attacks by computer criminals. For example, to recognize whether the visitor is a human or a robot, the plug-in sets cookies. Here you will find information about which cookies are set: https://www.wordfence.com/help/general-data-protection-regulation/

For the purpose of protection against brute force and DDoS attacks or comment spam, IP addresses are stored on the Wordfence servers. IP addresses classified as harmless are placed on a white list. Wordfence Security secures our website, thereby protecting website visitors from viruses and malware.

Legal basis:

The legal basis for processing the data is Art. 6 (1) (f) GDPR. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO, the consent can be revoked at any time.

We have concluded an order processing contract with the above-mentioned operator Defiant and fully implement the strict requirements of the German data protection authorities when using Wordfence Security. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. See https://www.wordfence.com/standard-contractual-clauses/ for details . 

More information on the collection and use of data by Wordfence Security can be found in Defiant’s data protection information: https://www.wordfence.com/privacy-policy/ .

3.5 Contact Form

Type and purpose of data processing:

You can use the contact form provided on our website to send us inquiries and request information material. Mandatory information for using the contact form is your e-mail address, which we need in order to be able to answer your inquiry and to be able to contact you. You can also voluntarily provide your first and last name in order to enable us to address you personally or to make it easier to answer your request. If further information is necessary to answer your request, we will contact you separately. 

When using the contact form, the user’s consent to the processing of this data is obtained. By giving your consent, you confirm that you want us to answer your inquiry and you give your consent to the data you have provided being transmitted to them for this purpose.

We will only use the data entrusted to us via the contact form or as part of any other contact to answer your request. We will not pass this data on to third parties, either for a fee or free of charge. Unless you have consented to further storage and use of your personal data, it will only be stored for as long as is necessary to fulfill the purpose for which it was transmitted or as required by statutory regulations (in particular tax and commercial retention periods). is.

At the time a request is sent, the IP address of the user and the date and time the contact form was used are also saved. This serves to prevent misuse of our services or the data provided and to log contact for verification purposes.

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

Legal basis:

The legal basis for this processing is Article 6 (1) (a) GDPR. Processing will only take place if you have given your consent for the aforementioned purposes. The legal basis for storing the IP address and the date and time of use of the contact form is Article 6 Paragraph 1 Letter f) GDPR. Data processing is necessary to safeguard our legitimate interests in the trouble-free use of our services and, in the event of misuse, possibly also to assert, exercise and defend legal claims. In the event of the improper input of third-party data, this data processing may also be necessary to protect the legitimate interests of a third party, namely the owner of the data entered.

The legal basis for the processing of data transmitted in the course of sending an email is Article 6 Paragraph 1 Letter f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

Storage duration:

This data is stored for as long as is necessary to process the request in question. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

In addition, longer storage may be necessary due to legal obligations, in particular due to commercial or tax retention requirements from the German Commercial Code (HGB) and the Tax Code (AO), which provide for storage of up to ten years. Otherwise, data is only stored for a longer period of time if this is necessary to fulfill a contract.

Cancellation options:

You can revoke your consent at any time (even if you gave your consent before the GDPR came into force). The revocation of consent applies for the future, so that the legality of data processing that took place on the basis of your consent and before its revocation remains unaffected.

3.6 Social Media Profiles

Type and purpose of data processing:

We maintain publicly accessible profiles on social networks. The social networks we use in detail can be found below. Social networks such as Facebook, Twitter, etc. can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-related processing operations. 

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, however, your personal data can also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address. 

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both inside and outside of the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot trace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and data protection regulations of the respective social media portals.

Legal basis:

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Article 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a DSGVO). 

Responsible and assertion of rights:

If you visit one of our social media presences (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data transferability and complaints) both against us as well as the operator of the respective social media portal (e.g. vs. Facebook). Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the corporate policy of the respective provider.

Storage duration:

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies. Saved cookies remain on your end device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection declaration, see below).

Social networks in detail:

• Facebook:
  • We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries. We have concluded an agreement on joint processing (Controller Addendum) with Facebook. This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum . You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in:https://www.facebook.com/settings?tab=ads . Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381 . Details can be found in Facebook’s data protection declaration: https://www.facebook.com/about/privacy/ .
• Instagram:
  • We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. See details here: https://help.instagram.com/519522125107875 . We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or how it is used by Instagram. Privacy Policy: http://instagram.com/about/legal/privacy/ .
• tik tok:
  • We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace Dublin, D02 T380. You can find more information about data processing by TikTok Technology Limited at https://ads.tiktok.com/i18n/official/policy/privacy . When using TikTok, personal data may also be transmitted to servers outside the European Economic Area. In this case, the personal data is processed on the basis of the standard contractual clauses.

3.7 YouTube

Our site uses the provider YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for the integration of videos. Normally, when you call up a page with embedded videos, your IP address is sent to YouTube and cookies are installed on your computer. We use the YouTube No-Cookies function, ie we have activated extended data protection, videos are not accessed via youtube.com but via youtube-nocookie.com. Youtube provides this itself and thus ensures that Youtube will initially not store any cookies on your device. However, when you call up the relevant pages, the IP address is transmitted and, in particular, you are informed which of our Internet pages you have visited. However, this information cannot be assigned to you, if you are not permanently logged in to YouTube or another Google service when you call up the page. In addition, the storage can be prevented by appropriate browser settings and extensions. 

Legal basis:

YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. 

Further information on data protection at YouTube can be found in the provider’s data protection declaration at: https://www.google.de/intl/de/policies/privacy/ .

3.8 iFrames

Type and purpose of data processing:

On this website we use iframes from the provider gut.org gAG, Schlesische Straße 26, 10977 Berlin (operator of the online donation platform betterplace.org, hereinafter referred to as “betterplace.org”). This allows, for example, a donation form to be integrated and a project widget or overlay donation button to be used). betterplace.org uses third-party services in these iFrames. Details on the data processing in connection with the services can be found at https://www.betterplace.org/c/hilfe/was-muss-ich-beim-einverbinden-von-iframes-beachten.

Further information on data protection at betterplace can be found at https://www.betterplace.org/c/regeln/datenschutz . 

Legal basis:

The legal basis for the integration of iFrames is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in optimizing the user-friendliness of the website and enabling a user-friendly link between our website and the betterplace.org online donation platform.

3.9 Data Security

We make every effort to ensure the security of your data. In order to prevent the loss, misuse and alteration of personal data, we have put in place appropriate physical, electronic and managerial procedures and adapt them to the current state of the art. 

For security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator, this site uses SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.

3.10 No use of automated decision-making including profiling 

We do not use so-called profiling or other decision-making processes that are based solely on automated data processing and have a legal effect on you or significantly affect you in a similar way.

4. Online Advertising

4.1 Newsletter after registration

Type and purpose of data processing:

If you register for our e-mail newsletter, we will send you information about our offers on a regular basis. The only mandatory information for sending the newsletter is your e-mail address. The collection of the user’s e-mail address serves to deliver the newsletter. The indication of any further data is voluntary and is used to be able to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you consent to the sending of newsletters. We will then send you a confirmation email asking you to click on a link to confirm that you wish to receive newsletters in the future. When you register for the newsletter, we save your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later point in time. The data collected by us when registering for the newsletter is used exclusively for advertising purposes by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a message to the person responsible mentioned above. The data collected by us when registering for the newsletter is used exclusively for advertising purposes by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a message to the person responsible mentioned above. The data collected by us when registering for the newsletter is used exclusively for advertising purposes by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a message to the person responsible mentioned above. 

Legal basis:

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6 (1) (a) GDPR. 

Duration of storage: 

After you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we will inform you in this declaration. The other personal data collected as part of the registration process is usually deleted after a period of seven days.

Possibility of revocation:

You can object to the use of your data for this purpose at any time with effect for the future. For this purpose, there is a corresponding link in every newsletter. This also enables a revocation of the consent to the storage of the personal data collected during the registration process.

4.2 MailChimp

We use the services of MailChimp to send the newsletter. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Type and purpose of data processing:

MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of subscribing to the newsletter (e.g. e-mail address), this will be stored on the MailChimp servers in the USA. With the help of MailChimp we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to the MailChimp servers in the USA. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyzes can be used to better adapt future newsletters to the interests of the recipients.

Legal basis:

The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses . 

Storage duration:

The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. 

Cancellation options:

If you do not want an analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

For more information, see MailChimp’s privacy policy at: https://mailchimp.com/legal/terms/ .

5. Your data subject rights

You have the following rights regarding the processing of your personal data:

5.1 Right to information (Article 15 GDPR)

You have the right to request information about your personal data processed by us. In particular, you can obtain information about the processing purposes, the categories of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right of appeal, the origin of your data, if not collected from us, and the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and, if necessary, meaningful information about their details.

You also have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

5.2 Right to rectification (Article 16 GDPR)

You have the right to immediately request the correction of data about you that is incorrectly stored by us, or to request that it be completed if it is incompletely stored by us.

5.3 Right to erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data stored by us if one of the following reasons applies:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
• You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.
• The personal data concerning you have been processed unlawfully.
• The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
• The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

If the person responsible has made the personal data relating to you public and is obliged to delete it in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, to protect the person responsible for data processing, taking into account the available technology and the implementation costs , who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

The right to erasure does not exist if processing is necessary

• to exercise the right to freedom of expression and information;
• to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller;
• for reasons of public interest in the field of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) GDPR;
• to assert, exercise or defend legal claims.

5.4 Right to restriction of processing (Art. 18 GDPR)

You have the right to request that the processing of your personal data be restricted if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data, if we no longer need the data but you do to assert, exercise or defend legal claims, or if you have objected to processing in accordance with Art. 21 GDPR.

5.5 Right to information (Article 19 GDPR)

If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

5.6 Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible.

5.7 Right to withdraw consent at any time (Art. 7 Para. 3 in conjunction with Art. 6 Para. 1 Letter a) or Art. 9 Para. 2 Letter a) GDPR)

You have the right to withdraw any consent you have given us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future, unless this can be based on another legal basis.

5.8 Right of appeal to a supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG 2018)

You have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

5.9 Right to object (Art. 21 GDPR)  

If we process data about you on the basis of legitimate interests, you can object to this for reasons that arise from your particular situation.

You can also object to data processing if we do it for direct marketing purposes.

5.10 Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision 

1. is necessary for the conclusion or performance of a contract between you and the person responsible,
2. is permitted on the basis of legal provisions of the Union or the Member States to which the person responsible is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests or
3. takes place with your express consent.

However, these decisions may not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR unless Article 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests .

With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to challenge the decision.

To exercise your rights, you can contact our data protection officer.