Data privacy policy according to GDPR

Your trust in the correct handling of your data is am important prerequisite for the success of our web presence. The collection, processing (data storage, alteration, transmission, blocking and deletion) and use of your data takes place exclusively under compliance with the applicable data protection regulations. With this data protection statement we would like to inform you as to how your data is processed when using our website.

I. Name and address of the responsible party

The responsible party as defined by the General Data Protection Regulation and other national data privacy laws of EU member states as well as other data privacy regulations is:

nobilia-Werke J. Stickling GmbH & Co. KG
Waldstraße 53-57
33415 Verl
Germany
Phone: + 49 (0) 5246 508 0
Email: info@nobilia.de
Website: www.nobilia.de

II. Name and address of the data protection officer

The responsible party's data protection officer is:

Data Protection Officer
c/o nobilia-Werke J. Stickling GmbH & Co. KG
Waldstraße 53-57
33415 Verl
Germany
Phone: + 49 (0) 5246 508 0
Email: datenschutz@nobilia.de

III. General information on data processing

1. EXTENT OF THE PROCESSING OF PERSONAL DATA

As a rule we only collect and use the personal data of our users insofar as this is required for providing a functional website as well as our content and services. In general, our users' personal data is only collected and used with our users' consent. An exception applies in cases in which the factual situation makes it impossible to request consent before processing the data or processing the data is permitted by legal provisions.

2. LEGAL FOUNDATION FOR PROCESSING PERSONAL DATA

If we request the consent of the affected person for processing personal data, Art. 6 section 1 (a) of the EU data protection regulation (GDPR) serves as a legal foundation.

If we process personal data for the purpose of executing a contract of which the affected person is a party, Art. 6 section 1 (b) GDPR serves as a legal foundation. This also applies to processing required for pre-contractual measures.

If processing is required to maintain a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the affected person do not override the aforementioned interest, Art. 6 section 1 (f) GDPR serves as a legal foundation for processing.

3. DATA ERASURE AND STORAGE PERIOD

The personal data of the affected person is deleted or blocked, as soon as the purpose of storage is no longer valid. Beyond this point, storage is permissible, if European or national lawmakers have provided for this possibility in EU regulations, laws or other directives to which the responsible party is subject. The data is also blocked or deleted, when a mandatory retention period specified by the above-mentioned standards expires, unless further storage of the data is required for concluding or executing a contract.

4. SOCIAL MEDIA

As part of our online offer we have included links to the social networks Pinterest, Instagram and Houzz. You will recognise the links by the corresponding logo of each provider. By clicking on the link, the corresponding social media site will open, to which our data privacy statement does not apply. For details regarding the valid terms on these linked sites, please refer to the respective data privacy statements of the corresponding individual providers; these can be found at:

Pinterest: https://policy.pinterest.com/en/privacy-policy
Instagram: https://help.instagram.com/155833707900388
Houzz: https://www.houzz.co.uk/privacyPolicy

Prior to accessing the corresponding links there is no transmission of personal information to the respective provider. When you access the linked site, this simultaneously provides the basis for data processing by the respective provider.

IV. Provision of the website and creation of log files

1. DESCRIPTION AND EXTENT OF DATA PROCESSING

Any time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

(1) information about the browser type and version used,
(2) the user's operating system,
(3) the public IP address of the user,
(4) date and time of access,
(5) websites from which the user's system has accessed our website,
(6) transferred data volume and
(7) notification, whether the request was successful.

This data is also saved in the log files of our system. This data is not saved together with other personal data of the user.

2. LEGAL FOUNDATION FOR DATA PROCESSING

The legal foundation for temporary storage of the data and the log files is Art. 6 section 1 (f) GDPR.

3. PURPOSE OF DATA PROCESSING

Temporary storage of the IP address by the system is required to permit provision of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

The data is stored in log files to ensure the function of the website. In addition, we use this data to optimise our website and safeguard the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

The above-mentioned purposes constitute our legitimate interest in processing this data according to Art. 6 section 1 (f) GDPR.

4. STORAGE PERIOD

The data is deleted as soon as it is no longer required for the purpose for which it was collected. If data was collected to provide the website, this is the case as soon as the associated session is terminated.

Moreover, we save the following access data in the log files:

(1) the site from which you visit us or the name of the requested file,
(2) date and time of the request,
(3) the transferred data volume,
(4) notification, whether the request was successful,
(5) the public IP address of the requesting computer,
(6) referring URLs,
(7) type of browser used,
(8) operating systems used.

This data is processed for the purpose of permitting use of our website (establishing a connection), for system security, for technical administration of the network infrastructure and to optimise our web presence. Data is not disclosed to third parties nor is there any other utilisation. A personalised user profile is not created.

If data is saved in log files, it is deleted after no more than 30 days. Further storage is possible. In this case, the IP addresses of the user are deleted or made unidentifiable, so that it is no longer possible to associate them with the accessing client.

5. OPTION OF OBJECTION AND ERASURE

Collecting the data to provide the website and storing the data in log files is absolutely necessary for operating the website. This means that the user has no option to object.

V. Use of cookies

1. DESCRIPTION AND EXTENT OF DATA PROCESSING

Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie can be saved on the operating system of the user. This cookie contains a characteristic sequence of characters, which permits clear identification of the browser when the website is accessed again.

We use cookies to make the website more user-friendly. Some elements of our website require that the accessing browser can be identified even after changing sites. The following data is saved and transferred in the cookies:

(1) User data in memo
(2) User data in kitchen online planner
(3) User data in kitchen configurator
(4) User data in digital showroom
(5) User data in e-magazines

Moreover, our website uses cookies permitting an analysis of the users' browsing behaviour. The following data can be transferred through these:

(6) Resource access incl. the accessing, anonymised IP address for tracking and marketing purposes

Technological measures are used to pseudonymise the user data collected in this manner. The data is not saved together with any personal data of the user.

When accessing our site, the user is informed of our use of cookies for tracking and marketing purposes as well as the personal data used in this context and is asked for consent to this use. At this point, the user is also informed of our data privacy policy.

2. LEGAL FOUNDATION FOR DATA PROCESSING

The legal foundation for processing personal data by using technically necessary cookies is Art. 6 section 1 (f) GDPR.

The legal foundation for processing personal data by using cookies for analysis purposes is Art. 6 section 1 (f) GDPR.

3. PURPOSE OF DATA PROCESSING

a) Technically necessary cookies

The purpose of using technically necessary cookies is to facilitate use of our website for the user. Some functions of our website cannot be provided without using cookies. For these functions it is required for the browser to be recognised even after changing sites. The following applications require cookies:

(1) nobilia.de memo function
(2) kitchen online planner
(3) kitchen configurator
(4) digital showroom
(5) e-magazines

The user data collected by technically required cookies is not used to create user profiles.

b) Tracking cookies

Tracking cookies are used to improve the quality of our website and its content. These cookies provide us with information on how our website is used, which allows us to continually improve our web presence.

c) Marketing cookies

Marketing cookies are used to show you customised content based on your interests.

(1) Google Analytics

We use Google Analytics for statistical evaluation. Google Analytics is a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA. Joint data processing in accordance with Art. 26 GDPR applies, with data processing primarily being performed by Google. The information generated by the cookies about your use of this website will generally be transmitted to a Google server in the USA and stored there. This means that both Google and government bodies in the USA have access to your personal data. Google may use the data for any purpose of its own, such as creating a profile and linking it to other available information.- However, within member states of the European Union or other states party to the European Economic Area Agreement, your IP address will first be abbreviated. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. Google will use the generated information on our behalf in order to evaluate your use of the website, to compile reports on website traffic, and to provide us with other services relating to the use of the website and the internet. You may refuse storage of cookies by selecting the appropriate settings on the website or in your browser. Please note, however, that in this case you may not be able to use the full range of functions on this website. You may also prevent Google from collecting and processing the data generated by the cookies relating to your use of the website (including your IP address) by clicking on the following link and downloading and installing the browser plug-in provided: https://tools.google.com/dlpage/gaoptout?hl=en.

For further information on this matter, visit https://tools.google.com/dlpage/gaoptout?hl=en or https://marketingplatform.google.com/intl/en_uk/about/ (general information on Google Analytics and data privacy). Please note that "anonymizeIp();" was added to the Google Analytics code on our website to anonymise IP addresses by deleting the final 8-bit byte.

If you wish to prevent use of the Google Analytics function, you can adapt any previously made settings at the bottom of the website under “Change data privacy settings”.

(2) Google Tag Manager

This website uses the Google Tag Manager. The Google Tag Manager is a solution which allows marketers to manage website tags through a user interface. The Tool Tag Manager itself (which implements the tags) is a cookie-free domain and does not collect personal data. However, the tool triggers the use of other tags, which may collect data. Google Tag Manager does not access this data. If the function was deactivated on the domain or cookie level, this deactivation applies to all tracking tags implemented through Google Tag Manager.

For further information on the Google Tag Manager, visit: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

(3) Google Conversion

We use the service offered by Google Ads Conversion in order to promote our attractive product range on external websites using advertisements (“Google Ads”). Based on the data of the promotional campaign, we can determine exactly how successful individual promotional measures are. Our interest in doing so is to show you ads that are relevant to your interests and to make our website more interesting to you.

Google Conversion Tracking is an analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Provided that your habitual place of residence is in the European Economic Area or in Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the data controller responsible for your data. This means Google Ireland Limited is the Google-affiliated company responsible for processing your data and adhering to all applicable data privacy laws.

These ads are delivered by Google via the “ad server”. For this purpose, we use ad server cookies, which permit analysis of specific parameters to determine success, such as frequency of ads being displayed and users clicking on ads. If you access our website by clicking on a Google ad, Google Ads will save a cookie on your device.

These cookies allow Google to recognise your web browser. If a user visits specific pages on the website of an Ads client and the cookie saved on the user’s computer has not expired, Google and the client will be able to see that the user has clicked on the ad and was forwarded to this page. A different cookie is assigned to each Ads client. This means cookies cannot be tracked via the websites of Ads clients. Our company itself does not collect or process personal data through the above-mentioned promotional measures. We only receive statistical analyses provided by Google. These analyses show us which of the promotional measures we have used are particularly effective. We do not receive any other data through use of these promotional measures. Most importantly, we cannot identify users with this information.

Google follows strict standards to protect this data - for instance, only those sites that contain the Google Conversion code are recorded. The recorded data is encrypted and only used on secure servers. For further information, refer to the Google data privacy policy at: https://policies.google.com/privacy?hl=en-US

(4) Google Remarketing

We use the Remarketing function within the Google Ads service. The Remarketing function allows us to show users of our website ads based on their interests on other websites of the Google advertising network (“Google Ads” in Google searches or on YouTube or other websites).

For this purpose, the user’s interaction with our website is analysed, e.g. which offers did the user show interest in, in order to show users targeted ads on other sites even after they have visited our website. To enable this function, Google saves a number in the browser of users who have visited specific Google services or websites in the Google display network. This number, referred to as a “cookie”, records the visits by this user. The number serves for unambiguous identification of a web browser on a specific device, not for identification of a person, as personal data is not saved.

For further information, refer to the Google data privacy policy at: https://policies.google.com/privacy?hl=en-US

(5) Facebook Pixel

This website uses the remarketing function “Custom Audiences” provided by Facebook Inc. (“Facebook”). This function makes it possible to show users of our website interest-based ads (“Facebook ads”) when they visit the social network Facebook or any other websites using this function. Our interest in using this function is to show you ads that are relevant to your interests in order to make our website more interesting to you.

Your browser automatically establishes a direct connection with the Facebook server based on the use of this marketing tool. We do not influence the extent and further use of data collected by Facebook through use of this tool and will therefore provide information based on our own level of knowledge: Integration of Facebook Custom Audiences allows Facebook to see that you have accessed the respective page on our website or have clicked one of our ads. If you are registered with a Facebook service, Facebook can associate this visit with your account. Even if you are not registered with Facebook or are not logged in, it is possible for the provider to find out and save your IP address and other identifying features.

Logged-in users can deactivate the “Facebook Custom Audiences” function under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

For further information regarding data processing by Facebook, visit https://www.facebook.com/about/privacy.

(6) Pinterest Conversion Tracking

Our website uses the Conversion Tracking technology of the social network Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland), which allows us to show relevant ads and offers on Pinterest to users of our website who showed interest in our content/offers and are also Pinterest users. For this purpose, our websites contain a “conversion tracking pixel” of Pinterest, which lets Pinterest know that you have visited our website and which products in our product range you showed interest in. You can deactivate data collection for the purpose of targeted advertising on Pinterest at any point in your account settings on Pinterest under https://www.pinterest.com/settings.

For further information on the Pinterest Conversion Tracking technology, visit https://help.pinterest.com/en/business/article/track-conversions-with-pinterest-tag.

(7) CookieFirst consent management

On our website for the "digital showroom" we use the CookieFirst system (Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018DH, Amsterdam, Netherlands), which allows us to request consent from website users to use specific cookies on their device and manage these in compliance with the data privacy regulations.

For further information regarding the CookieFirst consent management system, visit https://cookiefirst.com.

(8) Matomo

On the online kitchen planner website, we use the software “Matomo” (www.matomo.org), a service of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, for marketing and optimisation purposes, provided you have given your consent. Matomo stores cookies on your device to permit analysis of your use of the online kitchen planner. Matomo stores:

- the time of the user’s previous visit,
- clicked or downloaded files,
- clicked links to external domains,
- the session ID (provided a registration was made, see VIII. of this data privacy policy),
- the IP address, with 2 bytes of the IP address being masked (anonymised IP address),
- the site speed,
- the page URL,
- the number of user visits,
- user agent (transmits the browser and the operating system used),
- time zone,
- the time of the user’s first visit,
- the date and time of the visit,
- the page title,
- the page from which the user has accessed our website (referrer URL)
- which browser is used with which plugins and which screen resolution is used,
- usage data (time of stay and views),
- device information (operating system, browser, language),
- geographic location.

For further information on Matomo’s terms of use and the data privacy policy, visit: https://matomo.org/privacy/

(9) Publitas

On our e-magazine website we use the Publitas technology (Publitas.com B.V., Zeeburgerpad 5, 1018 AH, Amsterdam, Netherlands), which allows us to present PDF documents as e-magazines online with supplementary information.

For further information, refer to the Publitas data privacy policy at: https://www.publitas.com/de/privacy/.

(10) Usercentrics

Consent management for consent management platform “Usercentrics”

Our website and Extranet use the technology of Usercentrics (Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany). When using this website and the embedded consent management platform, your consent data is processed. This allows us to ask for the consent of our website users for the use of specific cookies on your device and to manage it in a manner that is compliant with all relevant data protection regulations.

For further information on UserCentrics consent management technology, visit: https://usercentrics.com/

(11) Microsoft Advertising (formerly Bing Ads) Conversion Tracking

We use Microsoft Advertising Conversion Tracking (Microsoft Corporation, One Microsoft Way Redmont, WA 98052-6399, United States of America) on our website in order to use the advertising means of external websites to draw attention to our products. Based on the data of the promotional campaign, we can determine exactly how successful individual promotional measures are. Our interest in using this function is to make our website more interesting for you and to show you ads that are relevant to your interests. No personal information about the users’ identity is shared. Measuring this data allows us to further optimise advertising campaigns.

For further information on Microsoft Conversion Tracking, visit: https://privacy.microsoft.com/de-de/privacystatement  

(12) Outbrain

We have integrated Outbrain into this website. The provider is Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011, USA (subsequently referred to as “Outbrain”). If you access a website into which Outbrain is integrated, Outbrain creates a pseudonym user profile (user ID) in which the content that you have viewed or read is saved. Our website or other websites into which Outbrain is integrated can then recommend further content that corresponds to your interests or display ads. For this purpose, your device type, your IP address, your browser type, websites that you visited and articles that you read, time of access and the device ID are saved and collated in your user ID. We also use the Outbrain pixel. When you access our website, we can use this pixel to determine whether you already have an Outbrain user ID. Advertisers from the Outbrain network can therefore measure the effectiveness of the campaigns in this way. If consent has been obtained, the aforementioned services are used exclusively on the basis of Article 6, point 1(a) of the GDPR and section 25 of the German telecommunication and telemedia data protection act (TTDSG). Consent can be revoked at any time. If no consent has been obtained, this service is used on the basis of Article 6, point 1(f) of the GDPR; the website owner has a legitimate interest in analysing the user behaviour in order to optimise their web offering and their advertisements.

For more information, see the Outbrain data privacy statement at:
https://www.outbrain.com/legal/privacy#privacy-policy.

Furthermore, the following link provides you with a list of all cookies used by Outbrain:
https://www.outbrain.com/privacy/cookies/.

If you wish to view or edit your interest profile with Outbrain, click the following link:
https://my.outbrain.com/recommendations-settings/home.

(13) Mouseflow

This website uses Mouseflow: a website analytics tool that provides session replays, heatmaps, funnels, form analyses, feedback surveys and similar features/functions. Mouseflow can record your clicks, mouse movements, scrolling, form completion (keystrokes) in non-excluded fields, pages visited and their content, time spent on the website, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first-time/returning), referrer, anonymised IP address, location (city/country), language and similar metadata. Mouseflow does not collect information on pages where it is not installed, nor does it track or collect information outside of your web browser. If you wish to opt out, you can do so at https://mouseflow.com/opt-out. If you would like to receive a copy of your data or have it corrected or deleted, please contact us first or, as a second option, Mouseflow at privacy@mouseflow.com.

Further information can be found in Mouseflow's privacy policy at https://mouseflow.com/legal/company/privacy-policy/
You can find more information about Mouseflow and GDPR at https://mouseflow.com/legal/gdpr/

4. STORAGE PERIOD, OBJECTION AND ERASURE OPTIONS

Cookies are saved on the user's computer and transmitted from this computer to our website. This means you as a user have full control over the use of cookies. By changing the settings in your web browser you can deactivate or restrict transmission of cookies. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of our website to their full extent.

VI. Registration

1. DESCRIPTION AND EXTENT OF DATA PROCESSING

On our website (nobilia Extranet) we offer specialist retailers the option of registering by entering their personal data. This data is entered in the input mask, transmitted to us and stored. Data is not disclosed to third parties. The following data is collected during the registration process:

(1) Customer number
(2) Company
(3) Street and house number
(4) Post code, town and country
(5) Phone and fax number
(6) Website
(7) First name and last name of the contact person, their department, phone and fax number and e-mail address

During the registration process, the user is asked to consent to the processing of this data.

2. LEGAL FOUNDATION FOR DATA PROCESSING

The legal foundation for processing data when the user has given consent is Art. 6 section 1 (a) GDPR. If registration is for the purpose of a contract of which the user is a party or to perform pre-contractual measures, Art. 6 section 1 (b) GDPR represents an additional legal foundation.

3. PURPOSE OF DATA PROCESSING

Registration of the user is required to provide certain content and services on our website. The registered user can activate e-mail transmission of confirmed orders, is granted access to our order information system, delivery times, service information and information on news and seminars.

4. STORAGE PERIOD

The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for the data collected during registration, when registration to our website is cancelled or modified.

5. OPTION OF OBJECTION AND ERASURE

As user, you have the option of cancelling your registration at any time. You can have the stored personal data related to your person changed at any time. You can initiate both correction and erasure of data yourself under the menu item "My account".

VII. Contact form and e-mail contact

1. DESCRIPTION AND EXTENT OF DATA PROCESSING

Our website contains a contact from used for getting in contact with us electronically. If a user uses this option, the data entered in the input mask is transmitted to us and stored. This data is:

(1) First name and last name
(2) E-mail address
(3) Company
(4) Street and house number
(5) Post code, town and country
(6) Phone and fax number

In addition, the following data is saved at the time when the message is sent:

(7) IP address
(8) User agent
(9) Time of contact

With regard to processing this data, the data privacy policy is referenced prior to transmission.

As an alternative, it is possible to use the provided e-mail address to get in contact. In this case, the user's personal data transmitted by e-mail is saved.

No data is disclosed to third parties in this context. The data is only used for processing the conversation.

2. LEGAL FOUNDATION FOR DATA PROCESSING

The legal foundation for processing this data is Art. 6 section 1 (f) GDPR.

3. PURPOSE OF DATA PROCESSING

We only process this personal data to process your enquiry and send any information you may have requested or answer your questions. As you are contacting us, this also constitutes the legitimate interest in processing this data.

Any other personal data processed during the transmission process is used to prevent misuse of the contact form and safeguard our information technology systems.

4. STORAGE PERIOD

The data is deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input mask of the contact form and the personal data transmitted by e-mail, this is the case when the respective conversation with the user is completed. The conversation is completed, when the circumstances indicate that the matter in question is completely settled.

5. OPTION OF OBJECTION AND ERASURE

The user has the option to withdraw consent to processing of their personal data at any point. The user can object to storage of their personal data at any point by contacting us by e-mail at datenschutz@nobilia.de. However, in this case, the conversation cannot be continued.

In this case, all personal data saved when the user contacted us is deleted.

VIII. Online planner

1. DESCRIPTION AND EXTENT OF DATA PROCESSING

On our online kitchen planner website we use the technology provided by GO-2B AG (Carl-Bertelsmann-Straße 103, 33332 Gütersloh, Germany), which makes it possible to create 3D plans for kitchens. Once a kitchen plan is complete, you have the option to register in order to save the kitchen you have planned and access it again at a later time. The following data is collected during the registration process for the online kitchen planner:

(1) E-mail address
(2) First name and last name (optional)
(3) Country (optional)
(4) Contact request (optional)

During the registration process we will ask you for your consent to process this data. With regard to processing this data, you will be referred to this data privacy policy prior to registration.

2. LEGAL FOUNDATION FOR DATA PROCESSING

The legal foundation for processing this data is Art. 6 section 1 (a) GDPR.

3. PURPOSE OF DATA PROCESSING

User registration is required to link the kitchen plan to the user in question. The registered user will be granted access to the kitchen plans they have previously completed and can access them and continue planning at any time.

4. STORAGE PERIOD

The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for the data collected during registration when registration to our website is cancelled or modified.

5. OPTION OF OBJECTION AND DELETION

As user, you have the option of cancelling your registration at any time. You can change your stored personal data at any time. You can initiate both correction and erasure of your data yourself in the menu.

VIII. Rights of the affected person

If personal data related to your person is processed, you are the affected person as defined by GDPR and you have the following rights toward the responsible party:

1. RIGHT OF ACCESS

You can request a confirmation by the responsible party indicating whether we are processing personal data related to your person.

If this is the case, you can demand information on the following:

(1) the purposes for which your personal data is processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to which the personal data was disclosed or will still be disclosed;

(4) the planned duration of storage of your personal data or, if specific information cannot be given, criteria for determining the duration of storage;

(5) the existence of a right to correction or deletion of your personal data, a right to limitation of processing by the responsible party or a right to object against this processing;

(6) the existence of a right to submit a complaint to a supervisory authority;

(7) all available information about the origin of the data, if the personal data is not collected from the affected person;

(8) the existence of automated decision making including profiling in accordance with Art. 22 section 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the extent and envisaged effect of such a manner of processing on the affected person.

You have the right to request information from us on whether the relevant personal data is transmitted to a third country or to an international organisation. In this context, you can demand to be informed about appropriate safeguards in accordance with Art. 46 GDPR in the context of this transmission.

2. RIGHT TO RECTIFICATION

You have the right to demand that the responsible party rectify and/or complete any personal data related to your person, if this data is incorrect or incomplete. The responsible party must make the correction as soon as possible.

3. RIGHT TO RESTRICTION OF PROCESSING

Under the following circumstances, you can demand that processing of your personal data be restricted:

(1) If you dispute the correctness of your personal data, namely for a period of time which makes it possible for the responsible party to check that your personal data is correct;

(2) If processing is illegitimate and you do not wish for your personal data to be deleted and instead request restriction of the use of your personal data;

(3) If the responsible party no longer requires your personal data for processing purposes, but you still require the data for asserting, exercising or defending legal claims

(4) If you have filed an objection based on Art. 21 section 1 GDPR and it is not yet clear whether the responsible party's legitimate interests override yours.

If processing of your personal data was restricted, your personal data may only - with the exception of storage - be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural person or legal entity or for reasons of important public interest of the European Union or a member state.

If processing was restricted according to the above-mentioned prerequisites, the responsible party will inform you before this restriction is lifted.

4. RIGHT TO ERASURE

a) Erasure obligation

You have the right to have personal data referring to your person deleted immediately and the responsible party is obligated to delete this data immediately, if one of the following reasons applies:

(1) The personal data referring to your person is no longer required for the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which processing was based in accordance with Art. 6 section 1 (a) or Art. 9 section 2 (a) GDPR and there is no other legal foundation for processing.

(3) Based on Art. 21 section 1 GDPR, you object to the processing of your data and there are no overriding legitimate reasons for processing, or you object to the processing based on Art. 21 section 2 GDPR.

(4) The personal data related to your person was processed illegitimately.

(5) Erasure of your personal data is required to meet a legal obligation according to European Union law or the law of EU member states, to which the responsible party is subject.

(6) The personal data related to you was collected based on offered information society services according to Art. 8 section 1 GDPR.

b) Transmission to third parties

If the responsible party has published the personal data related to your person and is obligated to delete it according to Art. 17 section 1 GDPR, the responsible party will take adequate measures, including of a technical nature, taking into account the available technology and its implementation cost, to inform those responsible for data processing, who are processing the personal data in question, that you as the data subject have demanded that they delete all links to this personal data or copies and duplicates of this personal data.

c) Exceptions

There is no right to erasure, if processing is required

(1) for exercising the right to free speech and information;

(2) to meet a legal obligation which requires processing according to European Union law or the law of one of its member states, to which the responsible party is subject, or to fulfil a task that is in the public interest or a task of official authority assigned to the responsible party;

(3) for reasons of public interest with regard to public health according to Art. Art. 9 section 2 (h) and (i) as well as Art. 9 section 3 GDPR;

(4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 section 1 GDPR, provided that the right to erasure is expected to make achieving these aims of processing impossible or to severely impact them, or

(5) to assert, exercise or defend legal claims.

5. RIGHT TO INFORMATION

If you have exercised your right to correction, erasure or restriction of processing against the responsible party, the responsible party is obligated to report this correction or erasure of data or processing restriction to all recipients to whom your relevant personal data has been disclosed, unless this proves to be impossible or involves disproportionate effort.

You have the right to request that the responsible party inform you about these recipients.

6. RIGHT TO OBJECT

You have the right to object to processing of personal data related to your person at any time for reasons based on your specific situation, if this processing is based on Art. 6 section 1 (e) GDPR; this also applies to profiling based on these provisions.

The responsible party will not continue to process the personal data related to your person, unless the responsible party can prove interests worthy of protection for this processing which override your interests, rights and freedoms, or if processing is for the purpose of asserting, exercising or defending legal claims.

If the personal data related to your person is being processed for the purpose of targeted advertisement, you have the right to object to the processing of the personal data related to your person for the purpose of this type of advertising at any point; this also applies to profiling related to such targeted advertisement.

If you object to the processing of your personal data for the purpose of targeted advertising, your personal data will no longer be processed for this purpose.

You have the option of exercising your right to object in the context of use of information society services - irrespective of directive 2002/58/EC - by means of automated processes using technical specifications.

7. RIGHT TO WITHDRAW THE DECLARATION OF CONSENT UNDER DATA PROTECTION LAW

You may withdraw your declaration of consent under data protection law at any point. Withdrawal of your consent does not affect the legitimacy of the data processing performed up to that point based on your consent.

8. RIGHT TO FILE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Without prejudice to other legal remedies based on administrative law or court decisions, you have the right to file a complaint with a supervisory authority, especially in the member state that is your location, the location of your workplace or the location of the alleged breach, if you believe that processing of your personal data violates GDPR.

The supervisory authority with which the complaint has been filed informs the complainant about the status and result of the complaint including the option of legal remedy according to Art. 78 GDPR.

The responsible supervisory authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Germany
Phone: +49 (0) 211 38424-0
Fax: +49 (0) 211 38424-10
Email: poststelle@ldi.nrw.de

Data privacy statement

Online data privacy statement

You can always retrieve the current version of this data privacy statement online under the link Data Privacy and print it out.

Data privacy protection pdf download