Data protection

DATA PROTECTION POLICY  (as of May 2018)

 

Con­tents:

I. Data Con­troller with­in the mean­ing of data pro­tec­tion leg­is­la­tion

II. Data Pro­tec­tion Office

III. Gen­er­al infor­ma­tion about data pro­cess­ing

IV. Auto­mat­ic data pro­cess­ing when access­ing the web­site www.mds-logisticspartner.com

V. Use of cook­ies

VI. Pro­cess­ing of per­son­al data via the con­tact form

VII. Pro­cess­ing of per­son­al data via email

VIII. Pro­cess­ing of per­son­al data over the tele­phone

IX. Pro­cess­ing of per­son­al data via fax

X. Pro­cess­ing of per­son­al data in the con­text of the appli­ca­tion process

XI. Rights of data sub­jects

 

Data pro­cess­ing by us

When using the web­site www.mds-logisticspartner.com and its func­tions, mak­ing con­tact with us and sub­mit­ting a query, you trans­fer your per­son­al data to us, which we use to process your queries. This data is used by us strict­ly for this pur­pose only, with­in the frame­work of data pro­tec­tion leg­is­la­tion.

 

I. The Data Con­troller with­in the mean­ing of data pro­tec­tion leg­is­la­tion is:

mds GmbH

Carl-Zeiss-Straße 1

55129 Mainz – Ger­many

 

Phone: +49 (0)6131 505 100

Email: info@mds-logisticspartner.com

 

Rep­re­sent­ed by:

Andrea Neumer, Man­ag­ing Direc­tor

 

II. Data Pro­tec­tion Offi­cer:

We have appoint­ed a Data Pro­tec­tion Offi­cer for our com­pa­ny. Legal­ly stip­u­lat­ed Data Pro­tec­tion Offi­cer:

RDP Röhl Dehm & Part­ner Recht­san­wälte mbB

Moritz­platz 6

86150 Augs­burg

datenschutz@rdp-law.de

 

III. Gen­er­al infor­ma­tion about data pro­cess­ing

 

Extent of pro­cess­ing of per­son­al data in gen­er­al

As a mat­ter of prin­ci­ple, we only process per­son­al data to the extent required in order to pro­vide a prop­er­ly func­tion­ing web­site and to deliv­er our con­tent and ser­vices.

 

Legal basis for pro­cess­ing of per­son­al data :

The legal basis for pro­cess­ing per­son­al data is Arti­cle 6 (1) a) – f) of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR).

If the data sub­ject gives con­sent, Art. 6 (1) a) GDPR is the legal basis.

Art. 6 (1) b) GDPR is the legal basis for the pro­cess­ing of per­son­al data for the ful­fil­ment of a con­tract in which the data sub­ject is a con­tract­ing par­ty or for the pro­cess­ing pro­ce­dures for pre-con­trac­tu­al mea­sures.

If pro­cess­ing is required to meet a legal oblig­a­tion of the data con­troller, Art. 6 (1) c) GDPR is the legal basis.

If essen­tial inter­ests of the data sub­ject or anoth­er nat­ur­al per­son make pro­cess­ing nec­es­sary, Art. 6 (1) d) GDPR is the legal basis.

If pro­cess­ing is required to car­ry out a task that is in the pub­lic inter­est or to exer­cise pub­lic author­i­ty that has been trans­ferred to the data con­troller, the legal basis is Art. 6 (1) e) GDPR.

If pro­cess­ing is required to pro­tect a legit­i­mate inter­est of our com­pa­ny and if the inter­ests, basic free­doms and basic rights of the data sub­ject do not out­weigh this, the legal basis is Art. 6 (1) f) GDPR.

 

Pro­vi­sion of per­son­al data for con­clu­sion of a con­tract or on the basis of statu­to­ry reten­tion oblig­a­tions

When­ev­er you make con­tact with us, we col­lect per­son­al data. This data is saved by us, part­ly in accor­dance with statu­to­ry reg­u­la­tions, part­ly because it is required to con­clude a con­tract. If you wish to con­clude a con­tract with us, you must pro­vide us with your data so that we can deliver/render our ser­vices to/for you. We are also under legal reten­tion oblig­a­tions in respect of tax and com­mer­cial law that we must meet. Oth­er­wise we may be unable to pro­vide you with our ser­vices.

Before pro­vid­ing your per­son­al data, you are wel­come to get in touch with your con­tact in our com­pa­ny to find out if we require your data to con­clude a con­tract and/or to meet our statu­to­ry reten­tion oblig­a­tions and what the con­se­quences will be if you do not pro­vide us with this data.

 

Data era­sure and stor­age peri­od

We store your per­son­al data as long as is nec­es­sary to ful­fil the par­tic­u­lar pur­pose or as is pre­scribed by legal reg­u­la­tions, Art. 6 (1) c) GDPR. If the pur­pose of stor­age of per­son­al data no longer exists, the data shall be erased after 6 months or its pro­cess­ing shall be restrict­ed, unless there is still a need for fur­ther stor­age of the data to con­clude or ful­fil a con­tract. Stor­age beyond this shall take place only if Euro­pean or nation­al leg­is­la­tion dic­tates.

 

SSL and TLS encryp­tion

For secu­ri­ty pur­pos­es and to pro­tect your con­fi­den­tial data, we use SSL and TLS encryp­tion through­out our web­site. As a result of this encryp­tion, con­fi­den­tial data that you send to us, such as queries etc, can­not be seen by third par­ties. You can recog­nise an encrypt­ed con­nec­tion by the fact that the address bar of your brows­er changes from “http://” to “https://” and a green pad­lock sym­bol appears on the address bar.

 

IV. Auto­mat­ic data pro­cess­ing when access­ing the web­site www.mds-partner.com

IP-address

  1. Descrip­tion and extent of data pro­cess­ing

When this site is accessed, requests are sent to the serv­er that must receive a response. Your IP address must be col­lect­ed and processed so that the cor­re­spond­ing serv­er requests can be answered.

  1. Legal basis for data pro­cess­ing

The legal basis for the pro­cess­ing of this data is Art. 6 (1) f) GDPR.

  1. Pur­pose of data pro­cess­ing

The pur­pose of pro­cess­ing your IP address is to ensure func­tion­ing of the web­site and pro­vide tech­ni­cal access to it.

  1. Legit­i­mate inter­est

The legit­i­mate inter­est in the tem­po­rary stor­age of your IP address lies in the fact that the func­tion­ing of and pro­vi­sion of tech­ni­cal access to the web­site is not pos­si­ble with­out it.

  1. Stor­age peri­od

The data will be delet­ed as soon as fur­ther stor­age is no longer required to achieve the par­tic­u­lar pur­pose.

When record­ing data to make the web­site acces­si­ble, this is the case when the retrieval process is com­plete.

  1. Recip­i­ents of per­son­al data

The IP address is processed by the fol­low­ing host­ing provider on the basis of an order data pro­cess­ing agree­ment in accor­dance with Art. 28 (2) and (4) GDPR:

1&1 Inter­net SE
Elgen­dor­fer Straße 57
56410 Montabaur

 

Host­ing

  1. Descrip­tion and extent of data pro­cess­ing

We use the ser­vices of our host­ing ser­vice provider for the tech­ni­cal imple­men­ta­tion of the web­site, to make it acces­si­ble, and to car­ry out tech­ni­cal main­te­nance.

This com­pris­es the pro­vi­sion of stor­age and data­base ser­vices and the main­te­nance and ser­vic­ing of these.

  1. Legal basis for data pro­cess­ing

The legal basis for the pro­cess­ing of this data is Art. 6 (1) f) GDPR.

  1. Pur­pose of data pro­cess­ing

The pur­pose of pro­cess­ing is the imple­men­ta­tion of the online ser­vice and the detec­tion of mal­func­tions or any attempt­ed unau­tho­rized access.

  1. Legit­i­mate inter­est

The legit­i­mate inter­est in com­mis­sion­ing the host­ing ser­vice provider is to have exter­nal tech­ni­cal com­pe­tence and the pro­vi­sion of a func­tion­ing and uncom­pro­mised tech­ni­cal web­site envi­ron­ment.

  1. Recip­i­ents of per­son­al data and data cat­e­gories:

The fol­low­ing host­ing provider is com­mis­sioned to work on our behalf on the basis of an order data pro­cess­ing agree­ment in accor­dance with Art. 28 (2) and (4) GDPR:

1&1 Inter­net SE
Elgen­dor­fer Straße 57
56410 Montabaur

 

The data cat­e­gories con­cerned are:

  • User data
  • Com­mu­ni­ca­tion data
  • Con­tact details
  • Con­tract data

 

Serv­er-Log-Files

  1. Descrip­tion and extent of data pro­cess­ing

The IP address­es record­ed when access­ing this site are also stored in so-called serv­er log files to iden­ti­fy and allow rec­ti­fi­ca­tion of tech­ni­cal faults, attempt­ed manip­u­la­tion, and/or unau­tho­rised access to the serv­er struc­ture. The host­ing provider for this web­site also auto­mat­i­cal­ly col­lects, stores and process­es infor­ma­tion in so-called serv­er log files, which is trans­ferred auto­mat­i­cal­ly by your brows­er. This infor­ma­tion is:

  • Brows­er Type and Brows­er Ver­sion
  • Used oper­at­ing sys­tem
  • Refer­rer URL
  • IP
  • Date
  • Time
  • Pages accessed
  • Logs
  • Sta­tus code
  • User agent

How­ev­er, this infor­ma­tion is not com­bined with any oth­er data sources.

 

  1. Legal basis for data pro­cess­ing

The legal basis for the pro­cess­ing of this data is Art. 6 (1) f) GDPR.

  1. Pur­pose of data pro­cess­ing

The pur­pose of pro­cess­ing your IP address and the above infor­ma­tion is detect­ing mal­func­tions and any attempts at unau­tho­rised access.

  1. Legit­i­mate inter­est

The legit­i­mate inter­est in pro­cess­ing the IP address and the afore­men­tioned infor­ma­tion is the pro­vi­sion of a func­tion­ing and uncom­pro­mised tech­ni­cal web­site envi­ron­ment.

  1. Stor­age peri­od

The data is erased with­in 7 days.

  1. Recip­i­ents of per­son­al data

The IP address and the infor­ma­tion spec­i­fied above is processed by the fol­low­ing host­ing provider on the basis of an order data pro­cess­ing agree­ment in accor­dance with Art. 28 (2) and (4) GDPR:

1&1 Inter­net SE
Elgen­dor­fer Straße 57
56410 Montabaur

 

V. Use of cook­ies

  1. Descrip­tion and extent of data pro­cess­ing

The site www.mds-logisticspartner.com uses so-called “cook­ies”. Cook­ies are small text files that are stored in the mem­o­ry and/or on a data stor­age car­ri­er of the device you use to vis­it the site and are processed by your web brows­er in accor­dance with its set­tings.

The con­tent of the cook­ies is:

_ga (to iden­ti­fy unique users)
_gat (to throt­tle the request rate)
_gid (to dis­tin­guish users)

 

  1. Legal basis for data pro­cess­ing

The legal basis for such pro­cess­ing is Art. 6 (1) b) and Art. 6 (1) f) GDPR.

  1. Pur­pose of data pro­cess­ing

These cook­ies con­tain tech­ni­cal infor­ma­tion for the pro­vi­sion of web­site func­tions. This facil­i­tates tech­ni­cal imple­men­ta­tion of the web­site.

  1. Legit­i­mate inter­est pur­suant to Art. 6 (1) f) GDPR

The cook­ies used only con­tain tech­ni­cal data, which ensure the prop­er func­tion­ing of the web­site.

  1. Stor­age peri­od and rejec­tion and removal options

The cook­ies used on the site are so-called “ses­sion cookies”.They are auto­mat­i­cal­ly delet­ed from the brows­er cache/memory of your com­put­er at the end of your vis­it to our web­site and/or when you close your brows­er, pro­vid­ed that you have acti­vat­ed this func­tion in your brows­er.

Please check the set­tings of your inter­net brows­er (e.g. Fire­fox, Inter­net Explor­er, Edge, Chrome, Opera, Safari) in regards to this. You inter­net brows­er also gives you the option to con­trol how you han­dle cook­ies or to deac­ti­vate them com­plete­ly. Cook­ies that have already been saved can be delet­ed at any time. This can also take place auto­mat­i­cal­ly. If cook­ies are deac­ti­vat­ed for our web­site, it may be the case that it is not pos­si­ble to use all of the func­tions of the web­site to the fullest extent pos­si­ble.

 

VI. Pro­cess­ing of per­son­al data via the con­tact form

  1. Descrip­tion and extent of data pro­cess­ing

A con­tact form is pro­vid­ed on our web­site which is used only for elec­tron­ic con­tact. We process your per­son­al data only to the extent that you com­mu­ni­cate it to us when you make con­tact. When queries are sub­mit­ted via the con­tact form, the fol­low­ing data is processed:

  • Name*
  • Email address*
  • Com­ment*

The fields marked with an aster­isks “*” sym­bol are oblig­a­tory and queries can­not be sent to us using this form unless they are com­plet­ed.

Pro­vid­ing your name allows us to address you in per­son when we process your query. Sim­ply enter­ing the data on the form does not com­mu­ni­cate any data to us, as this hap­pens only when you press the blue “Sub­mit” but­ton. When the mes­sage is sub­mit­ted, the fol­low­ing data is also processed:

  • Date and time of the query

 

  1. Legal basis for data pro­cess­ing

The legal basis for the pro­cess­ing of per­son­al data for han­dling and respond­ing to your queries is Art. 6 (1) f) GDPR.

The legal basis for the pro­cess­ing of per­son­al data for the prepa­ra­tion and/or imple­men­ta­tion a con­trac­tu­al rela­tion­ship is Art. 6 (1) b) GDPR.

  1. Pur­pose of data pro­cess­ing

Pro­cess­ing of per­son­al data via the con­tact form is used sole­ly for the pur­pose of mak­ing con­tact and allows the cus­tomer to request infor­ma­tion from the com­pa­ny at the ini­tia­tive of the cus­tomer. Depend­ing on the inten­tion and con­tent of your query, the pur­pose may also be the ini­ti­a­tion and/or exe­cu­tion of a con­trac­tu­al rela­tion­ship.

  1. Legit­i­mate inter­est

The legit­i­mate inter­est in data pro­cess­ing lies in the option to process your query and respond to your query appro­pri­ate­ly. The data col­lect­ed is processed on the basis of a query that comes from you. This pro­cess­ing is also in your inter­est, so that we can respond to your query in accor­dance with your expec­ta­tions.

  1. Stor­age peri­od

The data is erased with­in 6 months of the point at which it is no longer required to achieve the pur­pose for which it was col­lect­ed, pro­vid­ed that it is not sub­ject to fur­ther statu­to­ry reten­tion oblig­a­tions (e.g. 10 years under the Ger­man Tax Code, 6 years under the Com­mer­cial Code). This is the case for the data that you enter in the con­tact form if the con­ver­sa­tion with the user has end­ed.

The con­ver­sa­tion is end­ed when cir­cum­stances indi­cate that the issue in ques­tion has been resolved defin­i­tive­ly.

 

VII. Pro­cess­ing of per­son­al data via email

  1. Descrip­tion and extent of data pro­cess­ing

Per­son­al data is processed for queries sub­mit­ted by email in accor­dance with the con­tent of the email: In all cas­es, this includes your email address, the date and time and the con­tent of the mes­sage. Depend­ing on the con­tent of your email, the fol­low­ing per­son­al data may also be processed, for exam­ple:

  • First name, sur­name
  • Tele­phone num­ber

The data is used exclu­sive­ly to process the con­ver­sa­tion and/or to imple­ment and/or ini­ti­ate a con­trac­tu­al rela­tion­ship.

  1. Legal basis for data pro­cess­ing

Due to the explic­it query com­ing from the user by email, the legal basis for the pro­cess­ing of this data is Art. 6 (1) f) GDPR. If the aim of the email con­tact is also to con­clude and/or exe­cute a con­tract, the addi­tion­al legal basis for pro­cess­ing is Art. 6 (1) b) GDPR.

  1. Pur­pose of data pro­cess­ing

Pro­cess­ing of per­son­al data via email query is used sole­ly for the pur­pose of mak­ing con­tact and allows the cus­tomer to request infor­ma­tion from the com­pa­ny at the ini­tia­tive of the cus­tomer. Depend­ing on the inten­tion and con­tent of your query, the pur­pose may also be the ini­ti­a­tion and/or exe­cu­tion of a con­trac­tu­al rela­tion­ship.

  1. Legit­i­mate inter­est

The legit­i­mate inter­est in data pro­cess­ing lies in the option to process your query and respond to your query appro­pri­ate­ly. The data col­lect­ed is processed on the basis of a query that comes from you. This pro­cess­ing is also in your inter­est, so that we can respond to your query in accor­dance with your expec­ta­tions.

  1. Stor­age peri­od

The data is erased with­in 6 months of the point at which it is no longer required to achieve the pur­pose for which it was col­lect­ed, pro­vid­ed that it is not sub­ject to fur­ther statu­to­ry reten­tion oblig­a­tions (e.g. 10 years under the Ger­man Tax Code, 6 years under the Com­mer­cial Code). This is the case for your email when the con­ver­sa­tion with the user has end­ed.

The con­ver­sa­tion is end­ed when cir­cum­stances indi­cate that the issue in ques­tion has been resolved defin­i­tive­ly.

 

VIII. Pro­cess­ing of per­son­al data over the tele­phone

  1. Descrip­tion and extent of data pro­cess­ing

Per­son­al data is processed for tele­phone queries in accor­dance with the con­tent of the con­ver­sa­tion. Depend­ing on the infor­ma­tion you pro­vide in the course of the phone call, this may include the fol­low­ing infor­ma­tion:

  • First name, sur­name
  • Tele­phone num­ber
  • Cus­tomer num­ber
  • Pay­ment data
  • Con­tract data

The data is used exclu­sive­ly to process the con­ver­sa­tion and/or to imple­ment and/or ini­ti­ate a con­trac­tu­al rela­tion­ship

 

  1. Legal basis for data pro­cess­ing

Due to the explic­it query com­ing from the user via tele­phone, the legal basis for pro­cess­ing of this data is Art. 6 (1) f) GDPR. If the aim of the tele­phone con­tact is also to con­clude and/or exe­cute a con­tract, the addi­tion­al legal basis for pro­cess­ing is Art. 6 (1) b) GDPR.

  1. Pur­pose of data pro­cess­ing

The pro­cess­ing of per­son­al data through the tele­phone call is sole­ly done for the pur­pose of mak­ing con­tact and allows the cus­tomer to request infor­ma­tion from the com­pa­ny at the ini­tia­tive of the cus­tomer. Depend­ing on the inten­tion and con­tent of your query, the pur­pose may also be to ini­ti­ate and/or exe­cute a con­trac­tu­al rela­tion­ship and to main­tain and sup­port the cus­tomer rela­tion­shi.

  1. Legit­i­mate inter­est

The legit­i­mate inter­est in data pro­cess­ing lies in the option to process your query and respond to your query appro­pri­ate­ly. The data col­lect­ed is processed on the basis of a query that comes from you. This pro­cess­ing is also in your inter­est, so that we can respond to your query in accor­dance with your expec­ta­tions.

  1. Stor­age peri­od

The data is erased with­in 6 months of the point at which it is no longer required to achieve the pur­pose for which it was col­lect­ed, pro­vid­ed that it is not sub­ject to fur­ther statu­to­ry reten­tion oblig­a­tions (e.g. 10 years under the Ger­man Tax Code, 6 years under the Com­mer­cial Code). This is the case for your email when the con­ver­sa­tion with the user has end­ed.

The con­ver­sa­tion is end­ed when cir­cum­stances indi­cate that the issue in ques­tion has been resolved defin­i­tive­ly.

 

IX. Pro­cess­ing of per­son­al data via fax

  1. Descrip­tion and extent of data pro­cess­ing

Per­son­al data is processed for queries sub­mit­ted by fax in accor­dance with the con­tent of the fax. In all cas­es, this includes your fax address, the date and time and the con­tent of the mes­sage. Depend­ing on the con­tent of your fax, the fol­low­ing per­son­al data may also be processed, for exam­ple:

  • First name, sur­name
  • Phone num­ber
  • Cus­tomer num­ber
  • Pay­ment data
  • Con­tract data

The data is used exclu­sive­ly to process the con­ver­sa­tion and/or to imple­ment and/or ini­ti­ate a con­trac­tu­al rela­tion­ship.

 

  1. Legal basis for data pro­cess­ing

Due to the explic­it query com­ing from the user by fax, the legal basis for the pro­cess­ing of this data is Art. 6 (1) f) GDPR. If the aim of the fax con­tact is also to con­clude and/or exe­cute a con­tract, the addi­tion­al legal basis for pro­cess­ing is Art. 6 (1) b) GDPR.

  1. Pur­pose of data pro­cess­ing

Pro­cess­ing of per­son­al data via fax query is used sole­ly for the pur­pose of mak­ing con­tact and allows the cus­tomer to request infor­ma­tion from the com­pa­ny at the ini­tia­tive of the cus­tomer. Depend­ing on the inten­tion and con­tent of your query, the pur­pose may also be the ini­ti­a­tion and/or exe­cu­tion of a con­trac­tu­al rela­tion­ship.

  1. Legit­i­mate inter­est

The legit­i­mate inter­est in data pro­cess­ing lies in the option to process your query and respond to your query appro­pri­ate­ly. The data col­lect­ed is processed on the basis of a query that comes from you. This pro­cess­ing is also in your inter­est, so that we can respond to your query in accor­dance with your expec­ta­tions.

  1. Stor­age peri­od

The data is erased with­in 6 months of the point at which it is no longer required to achieve the pur­pose for which it was col­lect­ed, pro­vid­ed that it is not sub­ject to fur­ther statu­to­ry reten­tion oblig­a­tions (e.g. 10 years under the Ger­man Tax Code, 6 years under the Com­mer­cial Code). This is the case for your fax when the con­ver­sa­tion with the user has end­ed.

The con­ver­sa­tion is end­ed when cir­cum­stances indi­cate that the issue in ques­tion has been resolved defin­i­tive­ly.

 

X. Pro­cess­ing of per­son­al data in the con­text of the appli­ca­tion process

We pro­vide reg­u­lar infor­ma­tion about cur­rent job vacan­cies in job adver­tise­ments and on our web­site. You have the oppor­tu­ni­ty to apply for such vacan­cies. You can send your appli­ca­tion data to us by post or by email.

Data that you send to us as part of the appli­ca­tion process may include:

  • Name, address and con­tact details
  • Cur­ricu­lum vitae includ­ing fur­ther details
  • Per­son­al let­ter
  • Qual­i­fi­ca­tions
  • Inter­ests

 

If you send your data to us by email, we will also process your email address, the date and time and the con­tent of the mes­sage. Depend­ing on the con­tent of your email, the fol­low­ing per­son­al data may also be processed, for exam­ple:

  • First name, sur­name
  • Tele­phone num­ber

The data is used exclu­sive­ly in the con­text of the appli­ca­tion process to take a deci­sion about fill­ing the post.

 

  1. Legal basis for data pro­cess­ing

The legal basis for pro­cess­ing data in the con­text of the appli­ca­tion process is Art. 6 (1) b) GDPR and Sec­tion 26 (1) of the Ger­man Fed­er­al Data Pro­tec­tion Act (BDSG).

If, in the course of the appli­ca­tion process, you pro­vide us with spe­cial cat­e­gories of per­son­al data, such as infor­ma­tion about an exist­ing seri­ous dis­abil­i­ty or about your health, which is required to assess your suit­abil­i­ty for a spe­cif­ic job, pro­cess­ing of the data com­mu­ni­cat­ed to us at your ini­tia­tive is done in accor­dance with Art. 9 (2) b), h) GDPR, Sec­tion 26 (3) BDSG.

  1. Pur­pose of data pro­cess­ing

The pro­cess­ing or per­son­al data in the course of the appli­ca­tion process is sole­ly done for the pur­pose of per­son­nel plan­ning and estab­lish­ing employ­ment rela­tion­ships.

  1. Legit­i­mate inter­est

The legit­i­mate inter­est in pro­cess­ing the data lies in the need to fill vacan­cies with qual­i­fied appli­cants as part of sus­tain­able per­son­nel plan­ning and com­pa­ny man­age­ment.

  1. Stor­age peri­od

If an appli­ca­tion is turned down, the data is erased with­in 6 months of the rejec­tion. Data relat­ing to suc­cess­ful appli­ca­tions is sub­ject to reten­tion oblig­a­tions under the reg­u­la­tions of employ­ment and social law, the Tax Code and the Com­mer­cial Code.

 

XI. Rights of data sub­jects

If your per­son­al data is processed, you are the data sub­ject with­in the mean­ing of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion. You there­fore have the fol­low­ing rights in respect of the data con­troller. In order to exer­cise your rights as the data sub­ject in respect of us as the data con­troller, please con­tact us at the fol­low­ing email address: datenschutz@rdp-law.de

 

  1. Right to infor­ma­tion — Art. 15 GDPR

You have the right to request con­fir­ma­tion from the data con­troller as to whether your per­son­al data is being processed or not. If such pro­cess­ing is being car­ried out, you have the right to infor­ma­tion about this per­son­al data and about the fol­low­ing:

  • the pur­pos­es for which the per­son­al data is being processed;
  • the cat­e­gories of per­son­al data that are being processed;
  • the recip­i­ents or the cat­e­gories of recip­i­ents to whom the per­son­al data has been dis­closed or is still being dis­closed;
  • if pos­si­ble, the planned peri­od for which the per­son­al data will be stored or, if this is not pos­si­ble, the cri­te­ria for estab­lish­ing the peri­od of stor­age;
  • the exis­tence of a right to cor­rec­tion or era­sure of the per­son­al data relat­ing to you, a right to restric­tion of the pro­cess­ing by the data con­troller or a right to object to such pro­cess­ing;
  • the exis­tence of a right of com­plaint to a super­vi­so­ry author­i­ty;
  • all avail­able infor­ma­tion about the ori­gin of the data if the per­son­al data was not col­lect­ed from the data sub­ject;
  • the exis­tence of an auto­mat­ed deci­sion-mak­ing process includ­ing pro­fil­ing in accor­dance with Art. 22 (1) and (4) GDPR and – at least in these cas­es – mean­ing­ful infor­ma­tion about the log­ic involved, the scope and the intend­ed effects of pro­cess­ing of this sort for the data sub­ject.

You also have the right to demand infor­ma­tion about whether the per­son­al data about you is being trans­ferred to a third coun­try or an inter­na­tion­al organ­i­sa­tion. Here, you can also demand infor­ma­tion about the appro­pri­ate guar­an­tees pur­suant to Art. 46 GDPR in con­nec­tion with such trans­fer.

 

  1. Right to cor­rec­tion – Art. 16 GDPR

You have the right, vis-a-vis the data con­troller, to imme­di­ate cor­rec­tion and/or com­ple­tion of the data about you, inso­far as the per­son­al data is incor­rect or incom­plete.

 

  1. Right to era­sure – Art. 17 GDPR

Era­sure oblig­a­tion:

you have the right to demand imme­di­ate era­sure of your per­son­al data, pro­vid­ed that one of the fol­low­ing grounds applies:

  • the per­son­al data about you is no longer required for the pur­pos­es for which it was col­lect­ed or processed in anoth­er way;
  • you have with­drawn your con­sent on which pro­cess­ing was based pur­suant to Art. 6 1 a) or Art. 9 (2) a) GDPR and there is no oth­er legal basis for pro­cess­ing;
  • you have object­ed to pro­cess­ing pur­suant to Art. 21 (1) and there are no legit­i­mate, prece­dent rea­sons for pro­cess­ing, or you have object­ed to pro­cess­ing pur­suant to Art. 21 (2) GDPR;
  • the per­son­al data about you has been processed ille­gal­ly;
  • era­sure of the per­son­al data about you is required to ful­fil a legal oblig­a­tion under EU law or the law of the Mem­ber States to which the data con­troller is sub­ject;
  • the per­son­al data about you has been col­lect­ed in rela­tion to the infor­ma­tion soci­ety ser­vices offered pur­suant to Art. 8 (1) GDPR

Excep­tions:

A right to era­sure does not exist if pro­cess­ing is required:

  • to exer­cise the right to free speech and free­dom of infor­ma­tion;
  • to ful­fil a legal oblig­a­tion that requires pro­cess­ing under EU law or the law of the Mem­ber States to which the data con­troller is sub­ject or to car­ry out a task that is in the pub­lic inter­est or to exer­cise pub­lic author­i­ty that has been trans­ferred to the data con­troller;
  • for rea­sons of pub­lic inter­est in the area of pub­lic health pur­suant to Arti­cle 9 (2) let­ters h and i and Arti­cle 9 (3);
  • for archiv­ing pur­pos­es, his­tor­i­cal research pur­pos­es or sta­tis­ti­cal pur­pos­es that are in the pubic inter­est pur­suant to Arti­cle 89 (1) GDPR,
  • inso­far as the right spec­i­fied in sec­tion a) is like­ly to make achieve­ment of the objec­tives of this pro­cess­ing impos­si­ble or will seri­ous­ly hin­der it, or
  • to assert, exer­cise or defend against legal claims.

 

  1. Right to restrict pro­cess­ing – Art. 18 GDPR

You have the right to demand that the pro­cess­ing of the per­son­al data about you be restrict­ed in accor­dance with the fol­low­ing con­di­tions:

  • if you have con­test­ed the accu­ra­cy of the per­son­al data about you for a peri­od that allows the data con­troller to ver­i­fy the accu­ra­cy of the per­son­al data;
  • if pro­cess­ing is ille­gal and you decline to have your per­son­al data erased and instead demand restric­tion of the use of the per­son­al data;
  • if the data con­troller no longer requires the per­son­al data for pur­pos­es of pro­cess­ing but still requires it to assert, exer­cise or defend against legal claims, or
  • if you have object­ed to pro­cess­ing pur­suant to Art. 21 (1) GDPR and it has not yet been estab­lished whether the legit­i­mate rea­sons of the data con­troller out­weigh your rea­sons.

If pro­cess­ing of the per­son­al data about you has been restrict­ed, with the excep­tion of stor­age, this data may be processed only with your con­sent or to assert, exer­cise or defend against legal claims or to pro­tect the rights of anoth­er nat­ur­al or legal per­son or for rea­sons of sig­nif­i­cant pub­lic inter­est in the EU or a Mem­ber State.

If pro­cess­ing has been restrict­ed on the basis of the con­di­tions described, you shall be noti­fied by the data con­troller before the restric­tion is lift­ed.

 

  1. Right to noti­fi­ca­tion – Art. 19 GDPR

If you have exer­cised one of your rights to cor­rec­tion, era­sure or restric­tion of pro­cess­ing, we are oblig­ed to noti­fy all recip­i­ents to whom the per­son­al data about you has been dis­closed of the cor­rec­tion or era­sure of the data or restric­tion of pro­cess­ing, unless this proves to be impos­si­ble or is asso­ci­at­ed with a dis­pro­por­tion­ate amount of work.

You also have the right to be informed of those recip­i­ents.

 

  1. Right to data trans­fer­abil­i­ty – Art. 20 GDPR

You have the right to receive the per­son­al data about you that you have pro­vid­ed to the data con­troller in a struc­tured and stan­dard for­mat that can be read by a com­put­er. You also have the right to com­mu­ni­cate this data to anoth­er data con­troller with­out hin­drance by the data con­troller to whom the per­son­al data was pro­vid­ed, if

  • pro­cess­ing is based on con­sent pur­suant to Art. 6 (1) a) GDPR or Art. 9 (2) a) GDPR or is based on a con­tract pur­suant to Art. 6 (1) b) GDPR and
  • pro­cess­ing is car­ried out with the aid of an auto­mat­ed process.

In exer­cis­ing this right to data trans­fer­abil­i­ty, you also have the right to have the per­son­al data about you trans­ferred direct­ly from one data con­troller to anoth­er data con­troller, inso­far as this is tech­ni­cal­ly fea­si­ble.

 

  1. Right to object — Art. 21 GDPR

You have the right for rea­sons result­ing from your spe­cif­ic sit­u­a­tion to object, at any time, to the pro­cess­ing of per­son­al data about you that is/was car­ried out on the basis of Art. 6 (1) e) or f) GDPR; this also applies to pro­fil­ing based on these pro­vi­sions.

The data con­troller shall stop pro­cess­ing the per­son­al data about you unless the data con­troller can demon­strate com­pelling rea­sons for pro­cess­ing that are wor­thy of pro­tec­tion and out­weigh your inter­ests, rights and free­doms, or the pro­cess­ing serves to assert, exer­cise of defend against legal claims.

If per­son­al data is processed for the pur­pos­es of direct adver­tis­ing, you have the right to object to the pro­cess­ing of per­son­al data about you for the pur­pos­es of such adver­tis­ing at any time; this also applies to pro­fil­ing, inso­far as it is con­nect­ed with such direct adver­tis­ing.

If you object to pro­cess­ing for pur­pos­es of direct adver­tis­ing, the per­son­al data about you shall no longer be processed for those pur­pos­es.

Notwith­stand­ing Direc­tive 2002/58/EC, you have the option, in con­nec­tion with the use of ser­vices of the infor­ma­tion com­pa­ny, to exer­cise your right to object by means of auto­mat­ed process­es in which tech­ni­cal spec­i­fi­ca­tions are used.

 

  1. Right to with­draw a dec­la­ra­tion of con­sent under data pro­tec­tion leg­is­la­tion

You have the right to with­draw your dec­la­ra­tion of con­sent under data pro­tec­tion law at any time. With­draw­ing your con­sent does not affect the legal­i­ty of the pro­cess­ing that was already car­ried out on the basis of your con­sent up to the point at which you with­draw it.

 

  1. Right to com­plain to a super­vi­so­ry author­i­ty – Art. 77 GDPR

Irre­spec­tive of any oth­er legal reme­dies under admin­is­tra­tive law or in court, you have the right to com­plain to a super­vi­so­ry author­i­ty, in par­tic­u­lar in the Mem­ber State of your nor­mal place of res­i­dence, your place of work or the loca­tion of the alleged breach, if you believe that the pro­cess­ing of the per­son­al data about you breach­es the Gen­er­al Data Pro­tec­tion Reg­u­la­tion.

The super­vi­so­ry author­i­ty to whom you sub­mit your com­plaint shall noti­fy you, as the com­plainant, of the sta­tus and out­come of the com­plaint, includ­ing the option to seek legal rem­e­dy in court pur­suant to Art. 78 GDPR.

This data pro­tec­tion pol­i­cy will be updat­ed at reg­u­lar inter­vals.