Privacy Policy - socialbnb Travel Blog

Privacy Policy

Thank you for your interest in our website. The protection of your personal data is important to us. We comply with the statutory provisions on data protection and data security.

In particular, we are subject to the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act in the version applicable since 25.05.2018 (FDPA) and the Telemedia Act (TMA). Accordingly, we are entitled in particular to collect and use personal data to the extent necessary to enable you to use our website at www.socialbnb.org, including all services and functions contained therein.

Below you will find information on what personal data we collect when you use our website and the services and functions contained therein, and how we use it and for what purposes.

I. Name and address of the person responsible

The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Nils Lohmann
Vitalisstr. 67
50827 Cologne
Phone: +49 151 12608767
E-mail: info@socialbnb.de
Website: www.socialbnb.org

II. General information on data processing

  1. Scope of the processing of personal data
    As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.
  2. Legal basis for the processing of personal data
    Insofar as we obtain consent from the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
    When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
    Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.
    In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d GDPR serves as the legal basis.
    If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.
  3. Data deletion and storage period
    The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

III. Provision of the website and creation of log files

  1. Description and scope of data processing
    Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer.
    The following data is collected in this process:
  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Web page from which the request comes
  • browser
  • Operating system and its interface
  • language and version of the browser software

We cannot assign this data to specific persons. We do not combine this data with other data sources.
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR.

  1. Purpose of data processing
    The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage also takes place in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
    These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
  2. Duration of storage
    The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Beyond that, the data is deleted after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
  3. Possibility of objection and elimination
    The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

IV. Use of cookies

a) Description and scope of data processing
In addition to the data mentioned above, cookies are stored on your computer when you use this website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which we receive certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective. This website uses the following types of cookies, the scope and functionality of which are explained below:

Cookie & Cookie Groups

Essential:
Essential cookies enable basic functions and are necessary for the proper functioning of the website.

Hubpsot
Name: Hubspot
Provider: Owner of this website
Purpose: Stores visitor preferences selected in Hubspot’s cookie box.
Cookie Name: Hubspot
Cookie duration: 1 year

Statistics:
Statistics Cookies collect information anonymously. This information helps us understand how our visitors use our website.

Google Analytics
Name: Google Analytics
Provider: Google LLC
Purpose: Cookie from Google for website analytics. Generates statistical data about how the visitor uses the website.
Privacy policy: https://policies.google.com/privacy
Cookie Name: _ga,_gat,_gid
Cookie duration: 2 years

In addition to these persistent cookies, there are also transient cookies.

Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

Persistent cookies, on the other hand, are deleted automatically after a specified duration, which may differ depending on the cookie. You can configure these persistent cookies according to your wishes via our cookie banner, which is displayed to you when you access our website for the first time as well as when you access our website after automated or manual deletion of the cookies and which also refers to this privacy policy, and, for example, refuse to accept third-party cookies. We would like to point out that in such cases you may not be able to use all the functions of this website.

b) Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 p.1 lit. a,c and f GDPR.

c) Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. In addition, we need to use cookies in order to comply with our legal obligations or accountability obligations under the GDPR. For these, it is necessary that the browser is recognized even after a page change. The user data collected through technically necessary cookies are not used to create user profiles. Analysis cookies are used for the purpose of improving the quality of our website and its content. They are only set with the consent of the user (Art. 6 para. 1 p.1 lit.a GDPR). Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. These purposes are also our legitimate interest in processing the personal data according to Art. 6 para. 1 p.1 lit. f GDPR.

d) Duration of storage, possibility of objection and elimination
Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. In addition, you also have the above-mentioned configuration options via the cookie banner displayed when you call up our website and via the button located in this data protection declaration, with which you as a user can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.

V. Newsletter

  1. Description and scope of data processing
    On our website there is the possibility to subscribe to a free newsletter. In doing so, the data from the input mask is transmitted to us when you register for the newsletter.
    We verify your consent to receive our newsletter by e-mail by using the so-called double opt-in procedure. This means that we first request active confirmation of your consent to receive the newsletter by e-mail to the e-mail address you provided in the course of subscription before we start sending it. We use the confirmation information to document and, if necessary, prove your consent.
    Furthermore, we may also send you our newsletter without your consent, subject to special conditions. In the context of existing customer relationships, we are in fact legally permitted to advertise the sale of similar goods and services by e-mail without having obtained your consent. No data will be passed on to third parties in connection with the processing of data for the dispatch of newsletters. The data is used exclusively for sending the newsletter.
  2. Legal basis for data processing
    The legal basis for the processing of data after registration for the newsletter is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.
  3. Purpose of data processing
    The collection of the user’s e-mail address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
  4. Duration of storage
    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user’s e-mail address will be stored as long as the subscription to the newsletter is active.
  5. Possibility of objection and removal
    The subscription to the newsletter can be cancelled by the affected user at any time without incurring any costs other than the transmission costs according to the prime rates. For this purpose, a corresponding link can be found in each newsletter.
    The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent. If you revoke your consent, we will delete this data and no longer send you newsletters

VI. Web analysis by Google Analytics

  1. Description and scope of data processing
    1. We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics sets cookies on the computer after your consent (for cookies see already above) and allows us to analyze your use of our website. The information generated by the cookies about your use of our website (including your IP address) is usually transmitted to a Google server in the USA and stored there. However, by activating IP anonymization (On our website, Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymized collection of IP addresses), Google will truncate the user’s IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA in exceptional cases and shortened there. For those cases in which personal data is transferred to the USA, this is done on the basis of the standard contractual clauses of the European Commission.
      This information is used by Google on our behalf to evaluate your use of our website, to compile reports on website activity for us and to provide other services related to the use of our website and the Internet. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. The IP address determined by Google Analytics is not merged with other data from Google.
    2. Legal basis for data processing
      The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 (1) p. 1 lit. a GDPR.
    3. Purpose of the data processing
      The processing of users’ personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. By anonymizing the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.
    4. Duration of storage
      The data is deleted as soon as it is no longer required for our recording purposes.
    5. Possibility of objection and removal
      You can revoke your consent at any time by changing the setting in our Consent Management Tool.

VII. Use of Facebook Pixel

    1. Description and scope of data processing

Our site uses the so-called “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA or Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of the Facebook pixel, it is possible to determine certain visitors to our website as a target group for the display of ads (so-called Facebook ads) and thus to display the ads placed by us only to those Facebook users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interests in certain topics, products or services determined on the basis of the websites visited).
When you visit our pages, a direct connection is established between your browser and the Facebook server via the pixel. Facebook thereby receives the information that you have visited our site with your IP address. If you are logged into your Facebook account, Facebook can assign the visit to our pages to your user account.
In addition, we maintain an online presence, so-called fan page, on Facebook in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there.
When using the fan page or the pixel procedure, your data may be processed outside the area of the European Union. This may result in risks for you because, for example, it may make it more difficult to enforce your rights. For cases in which personal data is transferred to the USA, Facebook invokes the standard contractual clauses of the European Union after the discontinuation of the EU-US Privacy Shield.
Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616. The processing of data by Facebook is described in Facebook’s data usage policy: https://www.facebook.com/policy.php, which also contains general information about Facebook Ads.

2. Legal basis for the processing of personal data

The legal basis for the use of the Facebook Pixel is Art. 6 para. 1 p. 1 lit. a GDPR, i.e. your consent given via our cookie banner or consent management tool for the data processing described.
In addition, on the basis of an agreement on joint processing of personal data pursuant to Art. 26 GDPR in conjunction with the declaration deposited under this link https://www.facebook.com/legal/terms/page_controller_addendum.

3. Purpose of the data processing

With the help of the Facebook pixel, we want to ensure that our ads correspond to the potential interest of the users of our website and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the ads for statistical and market research purposes, as well as the economic operation of our online presence, in which we see whether users were redirected to our website after clicking on an ad (so-called conversation).

4. Duration of storage

We would like to point out that we, as the provider of the pages, receive no further knowledge of the content of the transmitted data as well as its use by Facebook. For more information, please refer to Facebook’s privacy policy at https://de-de.facebook.com/policy.php and specifically for the Fanpage: https://www.facebook.com/legal/terms/information_about_page_insights_data.

5. Possibility of objection and removal

  1. You can revoke your consent at any time by changing the settings in our cookie banner or consent management tool.
    You can also object to the collection by the Facebook pixel and the use of your data to display ads within Facebook. To adjust which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there for the settings of usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are done in a platform-independent manner, which means that they are applied to all devices, such as desktop computers or mobile devices.
    You can further opt-out of the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the U.S. website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

VIII. Use of Facebook plug-ins (Like button), Facebook sign-in and Facebook fan page.

  1. Description and scope of data processing

Plug-ins of the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA or Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are integrated on our pages. You can recognize the Facebook plug-ins by the Facebook logo or the “Like” button (“Like”) on our site. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/
When you visit our pages, a direct connection is established between your browser and the Facebook server via the plug-in. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of our pages on your Facebook profile. This allows Facebook to associate the visit to our pages with your user account.
It is possible to log in to our site with the Facebook sign-in. If you choose this option, Facebook receives information about the use of our site, the login time, IP address and your approximate geographical location.
In addition, we maintain an online presence, so-called fan page, on Facebook in order to be able to communicate with customers, interested parties and users active there and to inform them about our services there.
When using the fan page or the plug-ins, your data may be processed outside the area of the European Union. This may result in risks for you because, for example, it may make it more difficult to enforce your rights. In cases where personal data is transferred to the USA, this is done on the basis of the EU standard contractual clauses.

  1. Legal basis for the processing of personal data
    The legal basis for the use of Facebook plug-ins or Facebook Sign In is Art. 6 para. 1 p. 1 lit. a GDPR.
    If you are asked by Facebook for consent to the described data processing, the legal basis for the processing is Art. 6 para. 1 p. 1 lit. a GDPR.
    Additionally, on the basis of an agreement on joint processing of personal data pursuant to Art. 26 GDPR in conjunction with the declaration deposited under this link https://www.facebook.com/legal/terms/page_controller_addendum.
      1. Purpose of the data processing
        Facebook plug-ins facilitate the sharing of content on the social platform.
        If content is posted by users on Facebook, we reach more potential customers through this. In addition, a so-called reach analysis may be possible for us.
        Furthermore, user data is usually processed by Facebook for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the user’s interests. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles.
      2. Duration of storage
        We would like to point out that we, as the provider of the pages, do not obtain knowledge of the content of the transmitted data as well as its use by Facebook. For more information, please refer to Facebook’s privacy policy at https://de-de.facebook.com/policy.php. As well as specifically for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data
      3. Possibility of objection and removal
        If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.
        An opt-out option is available at: https://www.facebook.com/settings?tab=ads

IX. Use of Instagram

  1. Description and scope of data processing
    On our pages, functions of the service Instagram are integrated. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
  2. Legal basis for the processing of personal data
    The legal basis for the use of Instagram is Art. 6 para. 1 p. 1 lit. a) GDPR.
  3. Purpose of the data processing
    The use of Instagram facilitates the sharing of content.
    If content is posted by users on Instagram, we reach more potential customers through this. In addition, the use of Instagram serves us to further publicize and disseminate our company and the services offered.
  4. Duration of storage
    We would like to point out that we, as the provider of the pages, do not receive any knowledge of the content of the transmitted data as well as its use by Instagram.
    For more information, please refer to the privacy policy of Instagram: instagram.com/about/legal/privacy/
  5. Possibility of objection and removal
    If you do not want Instagram to be able to associate the visit to our pages with your Instagram user account, please log out of your Instagram user account.

X. Use of LinkedIn

  1. Description and scope of data processing
    Our website uses plug-ins of the career network LinkedIn. The operator of the pages is LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.
    Each time one of our pages is accessed that are equipped with a LinkedIn plug-in, a connection to the LinkedIn servers is established. In doing so, the LinkedIn server is informed which of our pages you have visited. If you are logged into your Linked-In account, you enable LinkedIn to assign your surfing behavior directly to your personal profile. In cases where personal data is transferred to the USA by LinkedIn, this is done on the basis of the standard contractual clauses of the European Commission.
    For more information on the handling of user data, please see LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy
  2. Legal basis for the processing of personal data
    The legal basis for the use of LinkedIn is Art. 6 para. 1 p. 1 lit. a) GDPR.
  3. Purpose of the data processing
    By using LinkedIn, we have the possibility of an appealing presentation of our online offers and effective information and communication with users. By using it, we can further publicize and disseminate our company and the services we offer and thus further expand our network. We hope to reach more potential customers.
    In addition, we also hope to obtain information about interactions with our website and use the data for market research and advertising purposes, taking into account the presumed interests of users.
  4. Duration of storage
    We would like to point out that we, as the provider of the pages, do not obtain knowledge of the content of the transmitted data as well as its use by LinkedIn.
  1. Possibility of objection and removal
    You can revoke your consent at any time by changing the settings in our consent management tool. Note that your revocation will have no effect on the lawfulness of the data processing up to that point.
    If you do not want LinkedIn to be able to associate your visit to our pages with your LinkedIn user account, please log out of your LinkedIn user account.

XI. Rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against the controller:

  1. Right of information

You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing is taking place, you may request information from the controller about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information on the origin of the data, if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

  1. Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

  1. Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims; or

(4) if you have objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the controller’s legitimate grounds override your grounds.

If the processing of personal data concerning you has been restricted, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

  1. Right to erasure
  2. a) Obligation to erasure

You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

(4) The personal data concerning you have been processed unlawfully.

(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6) The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

  1. b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

  1. c) Exceptions

The right to erasure does not exist to the extent that the processing is necessary

(1) for the exercise of the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

(5) for the assertion, exercise or defense of legal claims.

  1. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against the controller to be informed about these recipients.

  1. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that.

(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and

(2) the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  1. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.

  1. Right to revoke the declaration of consent under data protection law.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9 Automated decision in individual cases including profiling.

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permitted by legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests; or

(3) is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

  1. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

XII. Changes to this Privacy Policy

The further development of the Internet and our Internet offering may also affect the handling of personal data. We therefore reserve the right to amend this data protection declaration in the future within the framework of the applicable data protection laws and, if necessary, to adapt it to modified data processing. The current version of the data protection declaration is always available under the heading “Data Protection” or “Privacy Policy”.