I. Name and address of the controller

The controller within the meaning of Art. 4 (7) of EU-Regulation 2016/679, known as the General Data Protection Regulation (GDPR), and other national data protection laws of the member states as well as other data protection regulations is

momox SE
represented by the Management Board Christian von Hohnhorst and Heiner Kroke (Chairman)
Schreiberhauer Straße 30
10317 Berlin, Germany

II. Name and address of the data protection officer

The data protection officer of the controller is

PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 Munich, Germany

This email address is being protected from spambots. You need JavaScript enabled to view it.">This email address is being protected from spambots. You need JavaScript enabled to view it.

III General information on data processing

1. access to information and its storage in terminal equipment.

The use of our application may lead to access to information (e.g. IP address) or storage of information (e.g. cookies) in your end devices and thus to the processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of Section 25 para. 1 sentence 1, para. 2 no. 2 TTDSG (German Telecommunications Telemedia Data Protection Act).

In cases where such a process serves other purposes (e.g. needs-based design of our website), this is only done on the basis of Section 25 para. 1 TDDSG with your consent in accordance with Art. 6 para. 1 lit. a) GDPR. This consent can be revoked at any time with effect for the future.

Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities when using our website.

2. scope of the processing of personal data

In principle, you can visit us (i.e. momox SE Internet services) without telling us who you are. When you visit our website, your browser automatically transmits various data, see below "IV. Provision of the website and creation of log files". This information is analyzed for purely statistical purposes and then deleted. Our services are reserved for visitors of legal age.

Personal data is only collected on our website if you provide it to us voluntarily (e.g. when opening a user account or as part of the order process). We use this data exclusively for the purposes stated in each case, as listed below.

Personal data is only collected on our website and in the corresponding interfaces if you provide it to us voluntarily (e.g. when opening a user account or as part of the ordering process). We use this data exclusively for the purposes specified in the individual case, which are listed below.

Your personal data will not be passed on to third parties, except 

1. if we have expressly stated this in the description of the respective data processing, 
2. if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR,
3. the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the establishment, exercise or defense of legal claims in court and there is no reason to assume that you have an overriding legitimate interest in your data not being transferred,
4. in the event that there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR, and
5. insofar as this is necessary for the fulfillment of contractual relationships with you, pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR.

External service providers who process personal data on our behalf, so-called processors, are contractually bound to us in accordance with Art. 28 GDPR. The processors have been carefully selected by us, have received a specific mandate and are bound by our instructions. The GDPR designates countries outside the European Union/European Economic Area as third countries and regulates the transfer to these countries separately in accordance with Articles 44 to 49 GDPR. We occasionally use processors in third countries. The cooperation with these processors is based on standard data protection clauses in accordance with Art. 46 para. 2 lit. c) GDPR. These clauses oblige the recipient in the third country to process the data in accordance with the level of protection in Europe.

We maintain up-to-date technical measures to ensure the protection of personal data. These measures are adapted to the current state of the art.

If you visit our websites from the app, the data protection information stated there also applies.

3. data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

IV. Provision of the website and creation of log files

1. description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. 

The following data is collected:

1. Information about the browser type, language and version used
2. The user's operating system
3. The user's internet service provider
4. The IP address of the user
5. Date and time/time zone of access
6. Content of the request (specific page)
7. Access status/http status code
8. Websites from which the user's system accesses our website 
9. Websites that are accessed by the user's system via our website
10. Amount of data transferred

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. However, in the event of an error during an interface request, we also log the ID (pseudonymous identification), the IP address and the relevant http request, if used, the e-mail of the requesting user in order to enable subsequent error analysis and rectification.

2. legal basis for data processing

Insofar as our log files involve the processing of personal data, the legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to ensure a smooth connection to the website and to enable users to use our website conveniently. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes.

3. purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the visit. Repeated automated reading of websites (so-called scraping) is also made more difficult by recording the IP address. The storage of data in the event of an error is necessary within the meaning of Art. 6 para. 1 lit. f) GDPR to ensure the functionality of the website.

4. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the IP address, it is truncated, i.e. anonymized, when the respective session has ended. The data is then no longer personally identifiable. The entire log files are deleted after 50 days.

5. right of objection, revocation and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object. 

V. Use of cookies and similar technologies

1. description and scope of data processing

When using our services, usage data is collected as part of so-called "web tracking". This means that the behaviour of certain users can be tracked pseudonymously in order to analyse and personalize our services and to optimize the display of advertising. We use cookies and similar technologies in several places for this purpose. 

What are cookies? Cookies are small text files containing information that are stored on your access device. They are usually used to assign a specific action or preference to a user on a website, but without identifying the user as a person or revealing their identity.  They are used to make our website more user-friendly and effective. Cookies are not automatically good or bad, but it is worth understanding what we use cookies for and being able to make your own decisions and settings. 

Some of the cookies we use are so-called "session cookies", which are automatically deleted when you close your browser. There are also some persistent cookies that we use to recognize you as a visitor. If you do not wish cookies to be installed, you can deactivate the acceptance of cookies in your browser. However, we would like to point out that if you deactivate all cookies, you may not be able to use our website to its full extent. 

In addition to cookies, we also use other technologies to track users. These include pixel tags (also known as "web beacons", "GIFs" or "bugs"). 

What are pixel tags? Pixel tags are transparent one-pixel images that are located on the website. They track, for example, whether a certain area of the website has been clicked on. When triggered, the pixel tag logs a user interaction and can read or set cookies. Since pixels often rely on cookies to function, turning cookies off can affect them. But even if you disable cookies, pixels can still recognize a website visit.

The pixels send information (e.g. your IP address, the referrer URL of the website visited, the time at which the pixel was viewed, the browser used and previously set cookie information) to a web server. This makes it possible to carry out reach measurements and other statistical evaluations which serve to optimize our offer. The data collected in this way is primarily information about the user's technical devices, but may also include data such as IP addresses, log-in information (e-mail address, first and last name, gender, session ID, no password), shopping cart content and interests or information about user behavior (e.g. recently viewed offers or favorites). This data is pseudonymized by technical precautions so that it is not possible to assign the data to the person of the accessing user. 

Cookies and similar technologies may also be set by our advertising partners via our website and data collected by these companies may be processed. You can call up further information on these recipients at any time via the consent manager integrated on our websites under Settings. 

Further information can be found here .

 

2. purposes and legal bases

Technically necessary cookies, Section 25 para. 2 TTDSG, Art. 6 para. 1 lit. f) GDPR

On the one hand, the use of these technologies serves to make the use of our services more pleasant for you. For example, we use session cookies to recognize that you have already visited individual pages of our services, that you have already logged into your user account or to display your shopping cart. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again. The data processed by these cookies is required for the purposes mentioned to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

Consent-based: Analysis and marketing cookies, Section 25 para. 1 TTDSG, Art. 6 para. 1 lit. a) GDPR 

On the other hand, we and third parties use cookies and pixel technologies - subject to your consent - to statistically record and evaluate the use of our website (statistics) and to be able to address our users on third-party websites and our websites again and in a more targeted manner (personalization). 

You can access further information on the specific purposes and legal bases of the technologies used at any time via the Consent Manager integrated on our websites under Settings. 

Once you have given your consent, you can also revoke it at any time with effect for the future. You can call up the Consent Manager again at any time by clicking on Data protection settings at the bottom of our web pages. 

Further information and withdrawal of consent: here .

3. duration of storage

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent (see "Technically necessary cookies" above).

You can view the specific cookie storage period at any time via the Consent Manager integrated on our websites under Settings. 

Once you have given your consent, you can also revoke it at any time with effect for the future. You can call up the Consent Manager again at any time by clicking on Data protection settings at the bottom of our web pages. 

Further information and withdrawal of consent: here .

4. right of objection, revocation and removal

You can reset your browser before or after your visit to our website so that all cookies are rejected or to indicate when a cookie is being sent. By default, the setting of cookies can be managed by the browser program of your browser, also so that no cookies can be set at all or that cookies are deleted again. Your browser may also have a function for anonymous surfing. You can use these functions of your browser yourself at any time. However, if you have deactivated the setting of cookies in your browser by default, our website or our services may not function properly. 

You can use the consent manager integrated on our website to withdraw your consent at any time with effect for the future. You can call up the consent manager again here and at any time by clicking on Data protection settings at the bottom of our web pages.

 If you access our website from several end devices and browsers, you must therefore set the data collection separately and again on each of these devices and in each browser. 

The preference manager YourOnlineChoices.eu offers another convenient option for deactivating cookies

VI. Applicant management 

1. description and scope of data processing

On our website you have the opportunity to find out about vacancies at our locations. If you would like to apply directly, you can do so directly from our site. By clicking on the desired vacancy, you will be redirected to an external applicant portal integrated via a widget. All the data you provide there is only accessible to those responsible for the respective company directly involved in the application process (momox SE, momox Services GmbH, MOMOX Polska Sp. z o.o.) and is treated as strictly confidential.

We use the software of d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg ("d.vinci") for the application process.   

The following data is collected for this purpose:

• Contact details
• Cover letter / CVs
• Certificates / references
• Applicant profiles
• Further applicant data / application documents (e.g. photographs)
• Information in optional form fields

We have concluded an order processing contract with the service provider in which we oblige it to protect the data of our applicants and not to pass it on to third parties.

2. legal basis for data processing

The primary legal basis is Section 26 para. 1 BDSG (German Data Protection Act). In addition, consent in accordance with Art. 6 para. 1 lit. a) GDPR in conjunction with Section 26 para. 2 BDSG can be used as a data protection permission regulation. If the processing of your data is based on consent, you have the right to withdraw your consent at any time with effect for the future.

3. purpose of data processing

Your data will be processed in order to review your application documents, create an applicant profile and, if necessary, initiate further measures as part of an application or recruitment process. If you have given your consent, your data may be included in our talent pool for future positions. 

4. duration of storage

After completion of the application process (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after completion of the application process. If you have consented to being included in our talent pool, we will store your data for a period of one year after the initial rejection. 

5. possibility of objection and removal

You can revoke your consent to the processing of voluntarily provided data at any time with effect for the future. An informal e-mail to the contact details of the controller listed above is sufficient for this purpose. If you are accepted, your application documents will be transferred to your personnel file.

 

VII. Social media plug-ins

1. description and scope of data processing

Below you will find information on the handling of your data that is collected through your use of our social media presence on social networks and platforms. Your data is processed in accordance with the statutory regulations.

1st provider

1.1 Facebook fan page

1.1.1 Responsible body

In the event that the data you transmit to us is also or exclusively processed by Facebook, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, is responsible for data processing within the meaning of the GDPR in addition to us or in our place. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR on joint responsibility for the processing of data (Controller Addendum). The agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

Since personal data is transferred by Meta Platforms Ireland Ltd. in the USA to Facebook Inc. among others, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For this purpose, the provider uses standard data protection clauses in accordance with Art. 46 para. 2 lit. c) GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. If you, as a visitor to the site, wish to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both Facebook and us. You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com

For further details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/

1.1.2 Data protection officer of Facebook

To contact Facebook's data protection officer, you can use the online contact form provided by Facebook at the following link https://www.facebook.com/help/contact/540977946302970.

1.1.3 Data processing for statistical purposes using Page Insights

Facebook provides so-called Page Insights for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This is summarized data that provides information about how people interact with our page. Page Insights may be based on personal data that is collected in connection with a visit or interaction of people on or with our page and in connection with the content provided. Please note what personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes, even if you are not logged in to Facebook or do not have a Facebook account. For example, user profiles can be created from user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies that are stored on your end device. Furthermore, data that is independent of the devices used by the users can also be stored in the user profiles, especially if the users are members of the respective platforms and are logged in to them. The legal basis for processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimized presentation of our offer, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on data collection and further processing by Facebook. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by Facebook. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing deletion obligations, which evaluations and links are made with the data by Facebook and to whom the data is passed on by Facebook. If you wish to avoid the processing of your personal data by Facebook, please contact us by other means. 

1.2 Other social media providers

1.2.1 Responsible body

If your personal data is processed by a provider listed below, this provider is responsible for data processing within the meaning of the GDPR. For the assertion of your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data they collect. If you still need help, please feel free to contact us at any time. We have online presences on the social media platforms of the following providers:

• YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 2, Ireland
• LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
• XING SE, Dammtorstraße 29-32, 20354 Hamburg Germany

 

1.2.2 Data protection officer

Information on how to contact the data protection officer of the other social media providers can be found here:

• Instagram Inc.: https://de-de.facebook.com/help/instagram/155833707900388
• YouTube: To contact YouTube's Data Protection Officer, please contact Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
• LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
• XING SE: //This email address is being protected from spambots. You need JavaScript enabled to view it./">This email address is being protected from spambots. You need JavaScript enabled to view it.

 

1. General information on social media platforms

2.1 Responsible body

The controller for data processing within the meaning of the GDPR is the body named at the beginning of this privacy policy, insofar as data transmitted to you via one of the social media platforms is processed by us. 

2.2 Our data protection officer

If you have any concerns about data processing carried out by us as the controller, you can contact our data protection officer using the contact details given at the beginning of this privacy policy. 

1. General data processing on the social media platforms

3.1 Data processing for market research and advertising

As a rule, personal data is processed on the company website for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. The collected data can be used to create user profiles. These are used to place advertisements inside and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles independently of the devices you use. This is regularly the case if you are a member of the respective platforms and are logged in to them. 

3.2 Data processing and making contact

We collect personal data ourselves when you contact us, for example via a contact form or a messenger service such as Facebook Messenger. Which data is collected depends on the information you provide and the contact details you provide or share. This data is stored by us for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances will we pass the data on to third parties without your consent. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) GDPR and, if applicable, Art. 6 para. 1 lit. b) GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal retention periods to the contrary. We assume that processing is complete if it can be inferred from the circumstances that the matter in question has been conclusively clarified. 

3.3 Data processing for contract processing

If your contact via a social network or other platform is aimed at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the fulfillment of the contract or for the implementation of pre-contractual measures or for the provision of the desired services. The legal basis for the processing of your data in this case is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted if it is no longer required for the performance of the contract or if it is clear that the pre-contractual measures will not lead to the conclusion of a contract in accordance with the purpose of the contact. Please note, however, that it may be necessary to store personal data of our contractual partners even after conclusion of the contract in order to comply with contractual or legal obligations. 

3.4 Data processing based on consent

If you are asked by the respective platform providers for consent to processing for a specific purpose, the legal basis for processing is Art. 6 para. 1 lit. a), Art. 7 GDPR. Any consent given can be revoked at any time with effect for the future.

1. Data transfer and recipients

When visiting and using the platforms listed above, personal data may be transferred to the USA or other third countries outside the EU, which is why further protective mechanisms are required in these cases to ensure the level of data protection of the GDPR. Further information on whether and which suitable guarantees the providers can provide for this can be found in the list below. We have no influence on the processing of your personal data by the provider and how it is handled. We also have no information on this. For further information, please check the privacy policy of the respective provider and, if necessary, use the opt-out / personalization options with regard to data processing by the provider:

• YouTube/Google
  • Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
  • Opt-out: https://adssettings.google.com/authenticated
  • According to its privacy policy, Google uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA and other third countries outside the EU: https://policies.google.com/privacy?hl=de&gl=de
• LinkedIn
  • Privacy policy: https://www.linkedin.com/legal/privacy-policy
  • Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
  • According to its privacy policy, LinkedIn uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA and other third countries outside the EU: https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de
• XING
  • Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
  • Opt-out: https://nats.xing.com/optout.html?popup=1&locale=de_DE
  • According to its privacy policy, XING uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA and other third countries outside the EU: https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person/drittlaender

 

VIII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. right to information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. 

If such processing has taken place, you can request the following information from the controller:

1. the purposes for which the personal data are processed;
2. the categories of personal data that are processed;
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
4. the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage;
5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; 
6. the existence of a right of appeal to a supervisory authority;
7. all available information about the origin of the data if the personal data is not collected from the data subject;
8. the existence of automated decision-making, including profiling in accordance with Art. 22 para. 1 and 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
9. You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. right to rectification 

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

3. right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
4. if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. right to erasure

a) Obligation to delete

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing. 
3. You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR. 
4. The personal data concerning you has been processed unlawfully. 
5. The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject. 
6. The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17 para. 1 GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. 

c) exceptions

The right to erasure does not exist if the processing is necessary

1. to exercise the right to freedom of expression and information;
2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (e.g. retention obligations under commercial or tax law);
3. for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
5. for the assertion, exercise or defense of legal claims.

5. right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the controller.

6. right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
2. the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on lit. e) or f) of Article 6 para. 1 GDPR, including profiling based on those provisions. 

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right under Art. 21 para. 2 and 3 GDPR to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.

8. right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision 

1. is necessary for the conclusion or performance of a contract between you and the controller,
2. is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
3. with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. 

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

IX. Validity of this privacy policy

We reserve the right to change this privacy policy from time to time. The current version is available on our website. If a change significantly restricts the rights of registered users, we will notify them. In addition, the currently available privacy policy is valid for our website users.