in accordance with the requirements of the EU GDPR of 25 May 2018
I. Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States as well as other data protection regulations is:
simplicity networks GmbH
Heinrich-Hertz-Straße 2
59302 Oelde
Germany
Tel.: 00800 – 338 670 48 (free of charge)
E-mail: info@simplicity.ag
Website: simplicity.ag
Managing Director authorised to represent the company: Stefan Leewe
Responsible registry court: Münster
Commercial Registry Number: HRB 14936
II. Name and address of the Data Protection Authority
The data protection authority of the administrator is:
TÜV Informationstechnik GmbH
Unternehmensgruppe TÜV NORD
IT Security, Business Security & Privacy
Am TÜV 1
45307 Essen
Germany
Tel.: +49 (0) 2522 8330-3155
E-mail: dataprotection@simplicity.ag
III. General information on data processing
1. Scope of the personal data processing
We collect and utilise our users’ personal data only insofar as this is necessary for provision of an operational website and of our content and services. Collection and utilisation of our users’ personal data is only undertaken periodically with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for legal or factual reasons and the processing of the data is permitted by law.
2. Legal basis for processing personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 (a) of the EU Data Protection Ordinance (GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 (d) GDPR applies as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 (f) GDPR serves as the legal basis for processing.
3. Data deletion and storage duration
The data subject’s personal data will be deleted or blocked as soon as the reason for storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. Blocking or erasure of data will be carried out even if a storage deadline prescribed by the above-mentioned standards expires, unless data storage is a necessity for concluding or performing a contract.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
(1) Information regarding the used browser type and version
(2) The user’s operating system
(3) The user’s IP address
(4) Date and time of access
(5) Websites from which the user’s system accesses our website
The data is also stored in our system’s log files. This data is not stored together with other personal user data. This process is anonymised. It is not possible to draw any conclusions about you personally. The data you provide helps us to design and continuously improve your shopping experience in our online shop. For this purpose, user profiles are created using a pseudonym. A connection between the person behind the pseudonym and the collected usage data is not established. When this purpose is achieved, log data is deleted.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 (f) GDPR.
3. Purpose of the data processing
Temporary storage of IP address by the system is necessary to enable delivery of the website to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the website’s functionality. The data is also used to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.
For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 (f) GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collection for providing the website, this will be undertaken once the respective session has ended.
Any data is to be stored in log files will be stored for seven days at most. Further storage is possible. In this case, the user’s IP addresses will be deleted or distorted, so that identification of the accessing client is no longer possible.
5. Objection and removal option
Collection of data for provision of the website and storage of data in log files is absolutely necessary for operation of the website. Consequently, there the user has no option to object.
V. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.
Two types of cookies are used. Temporary cookies are automatically deleted when you close your browser (so-called session cookies). Other Cookies remain on your end device and enable us and our partner companies to recognise your browser on your next visit (persistent Cookies). This type of cookie allows you to be recognized when you return to the site. These serve to make our website more user-friendly, effective and secure. Some elements of our website require that the calling browser can be identified even after changing pages.
The following data is stored and transmitted in the cookies:
(1) Items in a shopping cart
(2) Log-in information
We also use cookies on our website which enable analysis of the user’s surfing behaviour.
The following data can be transmitted in this way:
(1) Frequency of page views
(2) Use of website functions
The user data collected in this way is pseudonymised via technical arrangements. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with users’ other personal data.
When accessing our website, users are informed by an information banner on the use of cookies for analytical purposes and referred to this data protection declaration. A note is also included in this context as to how the user can disable the storage of cookies in the browser settings. They therefore regulate the handling of cookies themselves. For authorisation, rejection, inspection and deletion please use the help function of your browser.
2. Cookie management
The cookie consent tool “CookieFirst” is implemented on our website. CookieFirst is provided by Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42a, 1018DH, Amsterdam, The Netherlands. The consent tool enables us to show you a list of cookies categorised according to function groups, to explain the purpose of individual cookies and to inform you about the associated storage period. To display the consent tool, a necessary technical cookie must be stored in your web browser.
When you visit our website for the first time, CookieFirst appears as a pop-up window in your web browser. You can activate the relevant cookies by clicking on the corresponding button. Please note that strictly necessary cookies, which are essential for the technical operation of the website, are pre-activated and cannot be deactivated. Browser. You can also use the cookie consent tool to subsequently check and change your cookie settings or cancel your selection in the corresponding cookie category. The above-mentioned operator of the consent tool also offers a cancellation option. You can also prevent your data from being processed by cookies by using the appropriate browser plug-ins or by making the appropriate settings in your web.
Your data is processed based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest in using the consent tool lies in the fulfilment of the legal requirements imposed on us by data protection law .
3. Data processing with Google Analytics 4
Our website uses Google Analytics 4, a web analytics service provided by Google Inc. (“Google”). This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The information generated by the cookies about your use of the website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymity is activated on our website, your IP address will first be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and truncated there in exceptional cases.
On behalf of the operator of this website, Google uses the information generated by the cookies to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. If you visit a Google Display Network website, Google uses a cookie to store a number in the user’s browser. This number is used to record your visits. It is used to uniquely identify a web browser on a specific computer and not to identify a person. The user’s browser can then be assigned to a demographic category based on the websites visited, such as a specific gender, age group or parental status. In addition, some websites provide demographic information that users share on certain websites, for example on social networks. Google may also use demographic attributes derived from Google profiles. The IP address transmitted by your browser as part of Google Analytics is not linked to other Google data.
The use of Google Analytics 4 is based on your voluntary and explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. We only use Google Analytics with your express consent, which we obtain from you via our cookie banner on our website.
The transfer of your data to the USA takes place in accordance with Art. 45 para. 1 GDPR, based on an adequacy decision of the European Commission, namely the EU-US Data Privacy Framework.
By transferring your personal data to the USA, it cannot be ruled out that it will be exposed to access by the relevant domestic authorities there for control and monitoring purposes, without you being able to assert sufficient legal recourse against them.
You can prevent the storage of cookies by selecting the appropriate settings in your browser software. However, please note that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
4. Data processing with Google Ads
Our website uses Google Ads. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with the parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Using Google Ads, we place adverts on external websites with Display Network to promote our offers. The aim of this advertising is to show you adverts that are tailored to your interests.
We also use the additional application “Google Conversion Tracking” and “Google Remarketing” with Google Ads. Google Conversion Tracking is a process that enables us to measure the success of our advertising campaigns. It involves assigning a technical provision, e.g. an ID, to the adverts. This allows us to determine how a user interacts after clicking on our advert and whether one of our services is used. With the data collected and in connection with Google Analytics, we can measure the efficiency of an advertising campaign and manage the advertising measures in a more targeted manner. Google Remarketing, on the other hand, enables us to create targeted adverts for you and to address you again later on another website. This is done by means of cookies set when you visit our website, which are used by Google to record and pseudonymise your usage behaviour when you visit various websites.
The advertising material is delivered by Google to so-called “ad servers”. For this purpose, we use ad server cookies, which provide us with certain parameters for measuring the success of an advertising campaign. If you access our website via a Google advert, an ad server cookie is set in your web browser or computer, which stores the corresponding analysis values in the cookie.
The legal basis for processing your data is your voluntarily and expressly given consent in accordance with Art. 6 para. 1 lit. a GDPR. The cookie is therefore only installed based on your express consent.
The transfer of your data to the USA takes place in accordance with Art. 45 para. 1 GDPR based on an adequacy decision of the European Commission, namely the EU-US Data Privacy Framework.
By using Google Ads, your browser automatically establishes a connection with the Google server. We have no influence whatsoever on the scope and further use of the data collected by Google when using this tool. The information is therefore provided according to our current state of knowledge: By integrating the above-mentioned tools, Google receives the information that you have accessed the corresponding part of our website or clicked on the advert from us. If you are registered with a Google service, Google can assign the visit to your account. If you are not registered with Google or have not logged in to your Google service, it is still possible that the provider will find out your IP address and other personal data about you, store it and use it for other purposes. By transferring your personal data to the USA, it cannot be ruled out that it will be subject to access by the authorities located there for control and monitoring purposes, without you being able to provide sufficient legal recourse against this.
You can prevent the tracking process in various ways :
iii) by setting your web browser accordingly to block third-party cookies;
ii) by deactivating cookies for conversion tracking. This requires setting your browser to block cookies from the domain www.googleadservices.com (https://www.google.de/settings/ads). Please note that this setting will be deleted once you delete your cookies;
iii) by deactivating the interest-based adverts of the providers that are part of the self-regulation campaign “About Ads”; accessible via the link http://www.aboutads.info/choices. Please note that this setting will be deleted if you delete your cookies;
iv) by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. Please note, however, that in this case you may not be able to use all functions of this website to their full extent.
5. Data processing with the Google Tag Manager
The Google Tag Manager manages website tags via an interface. The Google Tag Manager tool, which implements the tags, is a cookie-free domain and does not collect any personal data.
6. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 (f) GDPR.
The legal basis for the processing of personal data using cookies for analytical purposes is Art. 6 para. 1 (a) GDPR.
7. Purpose of the data processing
The purpose of using technically necessary cookies is to simplify use of websites for users. Some features of our website are not offered without the use of cookies. In this case, it is necessary that the browser be recognised even after changing the page.
We require cookies for the following applications:
(1) Shopping cart
The user data collected by technically necessary cookies shall not be used to create user profiles.
Analysis cookies are used to improve the quality of our website and its content. Using analysis cookies, we learn how the site is used and can constantly optimise our service.
For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 (f) GDPR.
8. Duration of storage, objection option and removal option
Cookies are stored on the user’s computer and transmitted to our site. Therefore, as a user you have full control of the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website’s features in full.
VI. MyFonts Web Fonts
Our website uses fonts provided by the company MyFonts Inc, 600 Unicorn Park Drive, Woburn, MA 01801, USA. When you access the website, data is also retrieved from a MyFonts server, which allows MyFonts to obtain information about your IP address and browser type. In doing so, MyFonts also learns, among other things, that you have accessed the font via our website. Some browsers allow you to restrict or modify the data transmitted to the server. Whether this is possible depends on the manufacturer of the browser used. Even if MyFonts only needs the transmitted information, in particular the IP address, to deliver the content retrieved, it is beyond our knowledge and influence whether and to what extent MyFonts also evaluates or stores this information statistically. Further information on data protection at MyFonts can be found under the following link: https://www.myfonts.com/info/terms-and-conditions.
VII. Data processing with Meta Ads (Facebook Ads)
Our website uses Meta Ads. This is a service provided by Meta Platforms Inc, 1 Hacker Way, Menlo Park, California 94025, USA. By integrating the so-called ” Meta pixel” on our website, it is possible for us to display our advertising measures (“Meta Ads”) to users of the social network Facebook and to measure and evaluate the success of our advertising campaigns (“conversion tracking”).
The Meta pixel is a JavaScript code snippet that enables us to track the activities of visitors to our website. We use the Meta pixel to create specific target groups and display adverts to relevant people. The target group is determined when Facebook categorises visitors to an online offer as a target group for the display of ads by storing a cookie text file on the user’s device. The conversion API or marketing API is a server-side event tracking tool. This tracking is called conversion tracking. The Meta pixel and the conversion API collect and process event data for this purpose. This may contain information about the actions and activities of visitors to our website. The Meta pixel may also contain data on the HTTP header (such as the IP address), pixel-specific data (such as the pixel ID), information on buttons clicked by visitors to the website and other personal event data.
Your browser automatically establishes a connection with the Meta server through the marketing tools used. We have no influence on the scope and further use of the data collected by Meta while using this tool. The information is therefore provided according to our current state of knowledge: By integrating the Meta pixel, Meta receives the information that you have accessed the corresponding website of our Internet presence or have clicked on an advert from us. If you are registered with a Meta service (such as Facebook), Meta can assign the visit to your account. Even if you are not registered with Facebook and are not logged in, it is still possible for Meta to find out your IP address and other personal data about you and use it to create a profile as well as for its own purposes.
Processing is carried out based on your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
The data collected is stored on Meta’s servers, including those in the USA. According to its own information, Meta has imposed a standard that corresponds to the former EU-US Privacy Shield and has agreed to comply with applicable data protection laws when transferring data internationally. The transfer of your data to the USA is carried out in accordance with Art. 45 para. 1 GDPR based on an adequacy decision of the European Commission, namely the EU-US Data Privacy Framework .
VIII. Google Maps
Our website uses the map service Google Maps. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy findability of the places we indicate on the website. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO.
More information on the handling of user data can be found in the Google data protection declaration: https://www.google.de/intl/de/policies/privacy/.
VIII.2). MapBox:
Our website uses the map service Mapbox for visualisation purposes. The provider is Mapbox, Inc, 740 15th St Nw Suite 500 Washington, DC 20005, USA.
When you use Mapbox, information about the use of this website, including your IP address, is transmitted to Mapbox.
We process your personal data based on your consent in accordance with Art. 6 (1) (a) in conjunction with Art. 7 GDPR. If you refuse your consent, the only consequence will be that the Mapbox service will not be made available to you.
When you use the map function, your data is transmitted to Mapbox. Mapbox may also pass this data on to third parties if this is required by law or if third parties process this data, e.g. on our behalf. It cannot be ruled out that the respective recipients may link your IP address with other data.
It is technically possible that the recipients may be able to identify at least individual users based on the data received. We have no influence on the potential processing of personal data and personality profiles of our website users for other purposes.
We do not know how long the recipients store the above-mentioned data.
The personal data is transmitted to Mapbox Inc. in the USA. The legal basis is the EU-US Data Privacy Framework. According to this framework, the USA can ensure an adequate level of protection for personal data compared to the EU. This agreement addresses all companies that participate in the new data protection framework between the EU and the USA. For all generally available products and services, Mapbox Inc. and its U.S. subsidiaries comply with the EU-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States in reference to the Data Privacy Framework. Mapbox has certified to the Department of Commerce that it adheres to the principles of the Data Privacy Framework with respect to such data. In the event of any inconsistency between the terms in this Notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall take precedence. To learn more about the Data Privacy Framework Programme and to view the Mapbox certification, please visit: https://www.dataprivacyframework.gov/s/
VIII. Career Portal
You can apply for open positions online on our career portal. The portal is operated by the company softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin (hereinafter: softgarden) on our behalf. You can send your application without registration at softgarden. Within the scope of your application you can make entries in various input fields. Mandatory fields will be marked when sending the application. Your application data will be stored at softgarden in a German or French data center. Your data will only be used for the respective application process and will be deleted immediately afterwards, unless an employment contract is concluded. If necessary, we will ask you whether we may store your data for a period of 6 to 12 months for the possible consideration of further vacancies. With your application you agree that the personal data provided by you will be processed by us and the company softgarden for the purpose of fulfilling the application selection process.
IX. Newsletter
1. Description and scope of data processing
You can subscribe to a free newsletter on our website. The data from the contact form is transmitted to us when you subscribe to the newsletter.
The following data is collected during registration:
(1) Email address
(2) Date and time of subscription
During the registration process, your consent is obtained for processing data and reference is made to this data protection declaration.
If you purchase goods or services on our website and provide us with your email address, we may subsequently use it to send you a newsletter. In such a case, only direct marketing of our own similar products or services will be sent via the newsletter.
No data is disclosed to third parties in connection with data processing for sending newsletters. The data will be used exclusively for sending the newsletter.
2. Legal basis for data processing
The legal basis for processing data after the user registers for the newsletter is, if the user’s consent to this has been obtained, Art. 6 Para. 1 (a) GDPR.
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 para. 3 of the Unfair Competition Law (UWG).
3. Purpose of the data processing
The user’s email address is collected in order to deliver the newsletter.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user’s email address will therefore be stored for as long as the subscription to the newsletter is active.
5. Objection and removal option
The subscription to the newsletter can be cancelled by the user at any time. A link to do this can be found in every newsletter.
X. Email contact
1. Description and scope of data processing
You can contact us via the e-mail address provided. In this case, the user’s personal data that is transmitted along with the e-mail will be stored.
The data will not be disclosed to third parties in this context. The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 (a) GDPR if the user has given his consent.
The legal basis for processing the data transferred in the course of sending an email is Article 6 paragraph 1 (f) GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 para. 1 (b) GDPR.
3. Purpose of the data processing
The processing of personal data in the input screen is used by us only for processing the contact. In the event of contact by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is for preventing the misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.
Personal data that was additionally collected during the sending procedure will be deleted at the latest after a period of seven days.
5. Objection and removal option
The user has the option of revoking his or her consent to the processing of personal data at any time. A user who has contacted us by email can object at any time to the storage of his or her personal data. It will not be possible to continue the conversation in this case.
The responsible body within the meaning of the BDSG is simplicity networks GmbH, Heinrich-Hertz-Strasse 2, 59302 Oelde, represented by its Managing Director, Mr Stefan Leewe.
You may at any time and for no fee receive information about the data we have stored about you without stating any further reason. You can also have your data collected by us blocked, corrected or deleted at any time. Furthermore, you can revoke your consent to the collection and use of data given to us at any time without stating any reasons. Please contact the following e-mail addresses: datenschutz@opus-fashion.com or datenschutz@someday-fashion.com with the subject “Data Protection Objection”. We will take care of it immediately. We will be happy to answer any further questions you may have about our data protection policy and the processing of your personal data.
All personal data stored in the course of contacting us will be deleted as a result.
XI. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the data controller:
1. Right to information
You can request that the data controller confirm whether we will process personal data that concerns you.
If such processing takes place, you can request to be informed by the data controller regarding the following information:
(1) the purposes of processing the personal data;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the planned storage duration of personal data concerning you or, if specific information in this respect is not possible, criteria for determining the storage period;
(5) the existence of a right of rectification or deletion of personal data that concerns you or of a restriction on processing by the data controller or of a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data if the personal data has not been collected from the data subject;
(8) the existence of automated decision-making, including profiling, referred to in Article 22 paras. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
You have the right to request information regarding whether your personal information will be transmitted to a third-party country or an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.
2. The right of rectification
You have a right of rectification and/or completion with respect to the data controller if the personal data processed concerning you is incorrect or incomplete. The controller shall make the correction immediately.
3. The right to limitation of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted if:
(1) you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the data controller does not need the personal data for longer than the purposes of the processing, but you need it for the assertion, exercising or defence of legal claims, or
(4) if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.
Where the processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the European Union or of a Member State.
If the processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.
4. Right to deletion
a) Deletion obligation
You may request that the data controller delete the personal data that concerns you immediately, and the data controller will be obliged to delete this data immediately if one of the following reasons applies:
(1) the personal data that concerns you is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 (a) or Art. 9 para. 2 (a) GDPR, and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data that concerns you has been processed unlawfully;
(5) The deletion of personal data is required to comply with legal obligations according to European Union law or the laws of the Member States to which the data controller is subject;
(6) The personal data that concerns you was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
b) Transfer of personal data to third parties
If the data controller has made the personal data concerning you public and is in accordance with Article 17 para. 1 of the GDPR, it shall take appropriate measures, including technical means, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs Persons requesting deletion of all links to such personal data or of copies or replications of such personal data.
c) Exceptions
The right to deletion does not exist insofar as the processing is necessary
(1) to exercise the right of freedom of expression and information;
(2) for the performance of a legal obligation required for processing under European Union law or the law of the Member States to which the data controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the data controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 (h) and (i) and Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.
5. Right to information
If you have exercised your right to have the data controller correct, delete or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
It is your right to have the controller inform you regarding such recipients.
6. Right to data portability
You have the right to obtain your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, insofar as
(1) processing is based on consent pursuant to Art. 6 para. 1 (a) GDPR or Art. 9 para. 2 (a) GDPR or on a contract pursuant to Art. 6 para. 1 (b) GDPR and
(2) the processing is undertaken using automated procedures.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.
7. Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6 para. 1 (e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The data controller will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. The right to revoke the data protection declaration of consent
You have the right at any time to revoke your data protection declaration of consent. The withdrawal of consent shall not affect the lawfulness of processing taking place on the basis of this consent before its revocation.
9. Automated decision in individual cases, including profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
(1) is necessary for the conclusion or fulfilment of a contract between you and the data controller;
(2) is permissible on the basis of legislation of the European Union or the Member States, to which the data controller is subject, and these laws contain adequate measures to safeguard your rights and freedoms, as well as your legitimate interests, or
(3) is undertaken with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on behalf of the data controller, to state his or her own position and to challenge the decision.
10. The right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR.
The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.