Name and address of the controller
The controller within the meaning of the General Data Protection Regulation of the EU (GDPR) and other national data protection laws of the Member States, as well as other data protection provisions:
Partio GmbH & Co. KG
10178 Berlin Germany
Manager: Vitalij Kungel
Fax: +49 30 208 478 250
Email: [email protected]
HRA 46240 B, Local Court of Berlin-Charlottenburg
VAT ID: DE281524963
Contact details of the data protection officer:
Data protection officer
E-Mail: [email protected]
1. General information relating to data processing
1.1. Scope of personal data processing
We generally only collect and use our users’ personal data to the extent necessary for providing a functioning website and for our content and products and services. Our users’ personal data are routinely collected and used only after the user’s consent has been obtained. An exception is made in cases where it is not possible to obtain the consent beforehand for factual reasons and processing of the data is permitted by statutory provisions.
Personal data are only collected if you voluntarily communicate that to us in the context of your order. We exclusively use the data you have provided to process and complete your order unless you have given further consent. Upon complete processing of the contract and full payment of the purchase price, your data will be blocked for further use and deleted after the retention period for tax and business records has expired insofar as you have not explicitly consented to further use of your data.
1.2. Sharing of personal data
When sending packages and delivering shipments, we share your name, address, phone number and email address with our contracted shipping providers – and any processors – so they can effect delivery and communicate with you about the arrival and coordination of the delivery.
The legal basis for the data processing involved in this is Article 6 (1a) GDPR, provided you have given us your express consent. To the extent that the data processing is necessary to perform the contractually agreed delivery of goods, the legal basis is Article 6 (1b) GDPR. Furthermore, the legal basis for the data processing involved in this is Article 6 (1f) GDPR (balancing interests based on our interest in providing smooth delivery at the best times possible for you).
We delete all the aforementioned data no later than when the statutory warranty period ends, unless we are otherwise obligated or entitled to save the data beyond this by the applicable law.
In order to process payments, we share your payment data with the designated financial institution and/or with the payment service selected in the ordering process.
1.3. Use of personal data when Klarna is selected as the payment option
If you have selected Klarna’s payment services such as Klarna invoice or Klarna instalment purchase as the payment option, you have consented to us collecting and passing on the following personal data that we need to process the purchase on account and carry out an identity check and credit check, such as first name and last name, address, date of birth, gender, email address, IP address, phone number, as well as the data required to complete the purchase on account that are associated with the order, such as the number of articles, article number, invoice amount and taxes as a percentage. Transmission of this data takes place so Klarna can issue an invoice and perform an identity check and credit check to process your purchase with the invoice processing you have selected. According to the German Federal Data Protection Law, Klarna has a justified interest in the transmission of the buyer’s personal data in this context and requires same in order to obtain information for the purpose of performing an identity check and credit check from credit reference agencies. In Germany, this may be one of the following credit reference agencies:
1. Bürgel Wirtschaftsinformationen GmbH & Co. KG, Postfach 5001 66, 22701 Hamburg
2. Creditreform Boniversum GmbH, Hellersbergstrasse 11 41460 Neuss
3. Deltavista GmbH, Freisinger Landstr. 74 80939 München
4. Arvato Infoscore Consumer Data GmbH and Infoscore Consumer Data GmbH,
Rheinstrasse 99, 76532 Baden-Baden
5 SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden
In the context of the decision on the establishment, execution or termination of the contractual relationship, Klarna also collects and uses information about the buyer’s payment history, as well as probability values regarding their performance in the future, in addition to an address check. Klarna calculates these scores on the basis of a scientifically recognised statistical, mathematical procedure. To this end, Klarna will use your address data among others. In the event that this calculation shows that you are not creditworthy, Klarna will inform you immediately.
Payment by instant transfer (Sofort) (Klarna)
We also offer the option of paying by instant transfer. All you need to do this is your account number, BIC or bank sort code and the PIN and TAN numbers of your online banking account. As part of the ordering process, you will automatically be directed to the secure payment form of Sofort GmbH. You will receive a confirmation of the transaction immediately afterwards. After that, the amount will be credited directly to our account. Anyone with an activated online banking account set up for the PIN/TAN procedure may use Sofort instant transfer as a payment option. Please note that there are a few banks that still do not support payment by instant transfer.
Withdrawal of consent to the use of personal data vis-à-vis Klarna
1. You may withdraw your consent to the use of personal data vis-à-vis Klarna any time. However, Klarna may perhaps continue to be authorised to process, use and transmit the personal data to the extent required for contractual payment processing by Klarna’s services, by law or by a court or an authority.
2. Of course, you can obtain information any time about the personal data stored by Klarna. This right is guaranteed by the German Federal Data Protection Law. In the event that you as the buyer wish to obtain this information or inform Klarna about changes relating to the stored data, you can contact Klarna at [email protected].
1.4. Payment processing using PayPal
1.5. Legal basis for the processing of personal data
To the extent that we obtain the consent for the processing procedures of personal data from the data subject, Art. 6 (1) (a) of the General Data Protection Regulation of the EU (GDPR) serves as the legal basis.
During the processing of personal data, which is necessary for the performance of a contract, the contracting party of which the data subject is, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing procedures needed to carry out pre-contractual measures. To the extent that personal data need to be processed to comply with a legal obligation that is binding on our company, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If the processing is needed to protect a legitimate interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not override the first-mentioned interests, Art. 6 (1) (f) GDPR shall serve as the legal basis for the processing.
1.6. Deletion of data and duration of storage
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases. The data may be stored beyond the foregoing if provided for by the European or national legislator in legal Union regulations, laws or other regulations which the controller is subject to. Blocking or deletion of the data shall also take place if a storage period prescribed by the aforementioned standards expires, unless there is a necessity to continue to store the data in order to enter into a contract or perform a contract.
2. Provision of the website and creation of log files
2.1. Description and scope of data processing
Each time our website is viewed, our system automatically collects data and information about the computer system of the accessing computer.
The following data are collected in this process:
1. Information about the type of browser and the version used
2. The user’s operating system
3. The user’s Internet service provider
4. The user’s IP address
5. Date and time of the access
6. Websites from which the user’s system has accessed our website
7. Websites that are accessed from our website by the user’s system
The log files contain IP addresses or other data permitting association with a user. This may be the case, for example, if the link to the website from which the user accesses the website or the link to the website from which the user transfers contains personal data.
The data are also stored in the log files of our system. The user’s IP addresses or other data permitting an association of the data with a user are not affected by the foregoing. Storage of this data together with other personal data of the user does not take place.
2.2. Legal basis for the data processing
Article 6 (1) (f) GDPR serves as the legal basis for the temporary storage of the data and the log files.
2.3. Purpose of the data processing
The temporary storage of the IP address by the system is needed to permit delivery of the website to the user’s computer. To do this, the user's IP address must be stored for the duration of the session.
Storage in log files takes place in order to ensure the website’s ability to function. In addition, the data helps us optimize the website and ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this process.
Our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR also lies in these purposes.
2.4. Duration of storage
The data shall be erased without undue delay when they are no longer necessary in relation to the purpose for which they were collected. In the event of collection of the data to provide the website, this is the case when the respective session is ended.
In the event that the data are stored in log files, this will be the case after not later than seven days. Storage extending beyond that limit is possible. In this case, the user's IP address will be erased or masked, so that it can no longer be associated with the viewing client.
2.5. Option of objection and removal
Collection of the data for provision of the website and storage of the data in log files is essential for the operation of the website. Therefore, the user has no option of objection.
3.1.1. Description and scope of data processing (analysis of surfing behaviour)
1. Search terms entered
2. Frequency of page views
3. Use of website functions
The data collected in this way are pseudonymised by technical precautions. Therefore, it is no longer possible to associate the data with the user viewing the website. The data are not stored together with other personal data of the users.
3.1.2. Description and scope of the data processing (shopping cart function)
Some cookies are persistently stored on your computer to enable us to recognize your computer on your next visit (persistent cookies). Our partners are not permitted to collect, process or use personal data by means of cookies through our website. Most browsers accept cookies by default. You can allow or disallow temporary and persistent cookies independently of each other in the security settings. If you deactivate cookies, certain functions on our website may not be available to you and some websites may not be displayed correctly. Temporary cookies must be allowed in order to use our shopping cart! The data stored in our cookies are not linked to your personal data (name, address, etc.). We will not link the data stored in our cookies with your personal data (name, address, etc.) without your explicit consent.
3.2. Data collection by the use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information collected may include information about the operating system, the browser, your IP address, the website you viewed previously (the referrer URL) and the date and time of your visit to our website. The information on the use of our website created by this text file is transmitted to a Google server in the USA and stored there. Google will use this information to analyse your use of our website, to compile reports on the website activity for the website operator and to provide other services associated with the use of the website and use of the Internet. If required by law or to the extent that third parties process data on Google's behalf, Google will also pass this information on to such third parties. This use will take place in an anonymized or pseudonymised form. You can obtain more detailed information concerning this directly from Google. Please click here.
3.3. Legal basis for the data processing
3.4. Purpose of the data processing
Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the use of the analysis cookies, we learn about how the website is used, so that we can constantly optimise our products and services.
Our legitimate interest in processing personal data pursuant to Art. 6 (1) (f) GDPR also lies in these purposes.
3.5. Duration of storage, option of objection and removal
The transmission of flash cookies cannot be disallowed in the settings of the browser, but this can be done by changing the settings of the flash player.
4.1. Description and scope of data processing
You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input mask are transmitted to us.
In addition, the following data are collected during the registration:
1. The IP address of the accessing computer
2. Date and time of the registration
As part of the registration process, your consent is obtained and reference is made to this data privacy statement for the purpose of processing the data.
The data are exclusively used to deliver the newsletter.
We use the MailChimp mailing list provider to send our newsletter. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA (“Rocket”). Rocket is governed by the so-called “Privacy Shield framework”, a data privacy agreement between the European Union and the United States.
The data stored during registration is transmitted to Rocket and stored by Rocket. The data entered during registration is not transmitted to other third parties. After you have registered, MailChimp will send you an email confirming your registration. Furthermore, MailChimp provides diverse analysis options relating to how the delivered newsletter is opened and used, such as the number of users an email was sent to, whether emails were rejected and whether users unsubscribed from the list after receiving an email. However, these analyses are only group related and are not used by us for any individual analysis. MailChimp also uses the Google Analytics analysis tool by Google, Inc. and incorporates it in the newsletter in some circumstances. You can find more details on Google Analytics in this data privacy statement under “Data collection by the use of Google Analytics.”
You can find more information about data privacy at MailChimp under: http://mailchimp.com/legal/privacy/.
We use the service provider (contract processor) GetResponse to send out mail-outs and our newlstters. GetResponse Sp.z o.o., ul. ARKONSKA 6/A3, 80-387 GDANSK, Poland, processes your personal data on our behalf. To do this, GetResponse stores your data. GetResponse offers us options for analysis on how the newsletters are opened and used. Your data are not passed on to third parties as a condition of receiving our newsletter and GetResponse acquires no rights to pass them on.
As a service provider, GetReponse processes – as a minimum – data at every interaction on:
- your IP address;
- the date;
- the subject line in your email
- the response times to your server request;
- the time of the server request;
- your email address.
GetResponse Landing Page
Content played via GetResponse can also be hosted on a landing page by GetResponse. For you as the user, this means that you are led to a GetResponse subpage by clicking on a link from a mail-out or newsletter. This option enables us to provide you with a seamless user experience and to host our studies and articles (and if necessary, to display these for you).
GetResponse collects and stores the following data stores the following data each time a file is requested from its website:
- your IP address;
- the website from which each file was requested;
- the name of the file;
- the date and time of the request;
- the quantity of data transmitted and
- a report on the success of the request.
These access data are used solely in non-personalised form in order to continually improve the internet offer and for statistical purposes. Among other things, this website uses Google Analytics and cookies to analyse these data. You can find more information on data protection by GetResponse at: https://www.getresponse.de/email-marketing/legal/datenschutz.html.
4.2. Legal basis for the data processing
If the user has given his or her consent, Art. 6 (1) (a) GDPR forms the legal basis for the data processing after registration for the newsletter by the user.
4.3. Purpose of the data processing
The user's email address is collected for delivery of the newsletter.
The collection of other personal data as part of the registration process serves to prevent abuse of the services or of the email address used.
4.4. Duration of storage
The data shall be erased without undue delay when they are no longer necessary in relation to the purpose for which they were collected. Accordingly, the user's email address shall be stored as long as the subscription to the newsletter is active.
4.5. Option of objection and removal
The subscription to the newsletter can be cancelled any time by the user concerned. There is a corresponding button on the website under Newsletter for this purpose.
5.1. Description and scope of data processing
On our website, we offer users the opportunity to register by providing personal data. In the process, the data are entered in an encrypted input mask, transmitted to a service provider and stored. The following data are collected as part of the registration process:
3. Form of address, first name, last name
The following data are stored at the time of registration:
1. The user’s IP address
2. Date and time of the registration
As part of the registration process, the user's consent to processing of this data is obtained.
5.2. Registration using single sign-on technology (Facebook, Google and Amazon)
We offer you the opportunity to register for our service with single sign-on technology. Additional registration is thus not possible. You are guided to the desired page of the single sign-on technology provider where you can log in with your user ID. As a result, the profile information that has been stored here for you is connected to our service. The connection enables us to automatically obtain the following information from the respective provider: first name, last name, email address, user ID and gender.
Of these data, we exclusively use your first name, last name, email address, user ID and your gender. This information is essential for the conclusion of a contract, so we can identify you.
Please refer to the information on data privacy of Amazon EU S.à r.l. for more information on Amazon Sign-On and privacy settings.
5.3. Legal basis for the data processing
If the user has given his or her consent, Art. 6 (1) (a) GDPR forms the legal basis for the data processing.
If the registration is for the purpose of performing a contract, the contracting party of which is the user, or of carrying out pre-contractual measures, Art. 6 (1) (b) GDPR forms an additional legal basis for the data processing.
5.4. Purpose of the data processing
Registration by the user is necessary for the performance of a contract with the user or to carry out pre-contractual measures.
The registration data are used for the purpose of processing the order in our online shop
5.5. Duration of storage
The data shall be erased without undue delay when they are no longer necessary in relation to the purpose for which they were collected.
This is the case for the data collected during the registration process for the purpose of performing a contract or carrying out pre-contractual measures if and when they are no longer needed to perform the contract. Even after the contract has been completed, it may be necessary to store the contracting party’s personal data in order to comply with contractual or legal obligations.
5.6. Option of objection and removal
As the user, you have the option at any time of cancelling the registration. You may have the stored data concerning you changed at any time.
Cancellation by email or post:
Partio GmbH & Co. KG
10178 Berlin Germany
Fax: +49 30 208 478 250
Email: [email protected]
If the data are needed to perform a contract or carry out pre-contractual measures, premature erasure of the data is only possible to the extent that the erasure does not violate any contractual or legal obligations.
6. Contact form, comment function, telephone and email contact
6.1. Description and scope of data processing
There is a contact form on our website that can be used to contact us electronically. If the user makes use of this opportunity, the data entered in the input mask are transmitted to us and stored. These data comprise:
1. Order number
2. Phone number
3. First and last names
5. Model codes
The following data are also stored at the time the message is sent:
1. The user’s IP address
2. Date and time of the registration
For the purpose of processing the data, your consent is obtained and reference is made to this data privacy statement as part of the registration process.
Alternatively, you can contact us by using the email address provided. In this case, the user’s personal data transmitted with the email will be stored.
The data are exclusively used to process the conversation.
You can also reach us by phone. If you give us permission at the start of the phone call, we'll record our conversation. We will use the information shared during the call to train our customer support agents and for quality assurance of our call centre. The recording will be deleted after a maximum of 6 months, unless longer storage is legally required or permitted. Your consent is the legal basis for the recording in accordance with article 6 (1)(a) of the GDPR.
6.1.1. Data collection, processing and use for the Trustpilot review platform
We offer the option of using the review service of www.trustpilot.de to write reviews on our service, which is subject to Trustpilot’s terms and data privacy provisions, published under https://uk.legal.trustpilot.com/end-user-privacy-terms and https://uk.legal.trustpilot.com/end-user-terms-and-conditions. When you write a review (you would need to register) on Trustpilot, your review will be published on our website, as well as on the websites of Trustpilot and their partners.
We pass on your email address, first name and last name, as well as the order number we have generated to Trustpilot A/S, Pilestræde 58, 5th Floor, 1112 Copenhagen, Denmark ([email protected]) for the purpose of use by Trustpilot. Trustpilot sends invitations to review to you on our behalf. Processing takes place on the basis of Article 6 (1) (f) GDPR and the legitimate interest in obtaining user reviews, thus creating a basis of trust for the use of the website. You have the right to object to this processing of personal data concerning you on the basis of Art. 6 (1) (f) GDPR for reasons arising from your specific situation at any time.
6.1.2 Ratings with comment function and star rating system
We offer the possibility to make a public evaluation of our products and services on our websites. For this purpose we collect and use the following personal data: Name, e-mail address, time of the submitted evaluation and country name. If you participate in the star rating system, we calculate an overall score based on our feedback scale, whereby awarding of all stars means the best rating. In the comment function, your rating can be published on our websites with your initials or the nickname you have chosen. The data processing within the scope of the rating procedures serves the purpose of giving users the opportunity to rate our service on the Internet. In addition, potential new customers should receive reliable experience reports in this way, which provide information on the quality of our products and services.
The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO out of a justified interest in receiving user ratings and thus creating a trustworthy basis for using the website. You have the right to object to the processing of your personal data in accordance with Art. 6 (1) f DSGVO at any time for reasons arising from your particular situation. Data processing and transmission is based on our legitimate interests in accordance with Art. 6 (1) lit. f) DSGVO. Our legitimate interest is to make evaluations of our sales transparent for other customers and to verify that they are based on the respective purchases. The data will be deleted as soon as they are no longer required for the purpose of their collection.
6.2. Legal basis for the data processing
If the user has given his or her consent, Art. 6 (1) (a) GDPR forms the legal basis for the data processing.
Art. 6 (1) (f) GDPR forms the legal basis for processing the data transmitted while an email is being sent. If the email contact is aimed at concluding a contract, Art. 6 (1) (b) GDPR forms an additional legal basis for the data processing.
6.3. Purpose of the data processing
Processing of the personal data from the input mask is exclusively for the purpose of processing the contact process. If we are contacted by email, the necessary legitimate interest in processing the data also lies in this contact.
The other personal data processed during the sending process serve to prevent abuse of the contact form and to ensure the security of our information technology systems.
6.4. Duration of storage
The data shall be erased without undue delay when they are no longer necessary in relation to the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user is ended. The conversation is ended when the circumstances indicate that the matter concerned is finally resolved.
The personal data collected additionally during the sending process will be erased after not later than a period of seven days.
6.5. Option of objection and removal
The user has the option of withdrawing his or her consent to the processing of the personal data at any time. If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In that case, the conversation cannot be continued.
Cancellation by email or post:
Partio GmbH & Co. KG
10178 Berlin Germany
Fax: +49 30 208 478 250
E-mail: [email protected]
All the personal data stored in the course of the contact process will be erased in this case.
7. Push notifications using Google Firebase
We offer cost-free push notification service on our website. You can subscribe to this service by clicking on the “Allow” button. The subscription can be cancelled at any time in your browser settings.
8. Social Media
Our sites use functions of Google +1. They are provided by Google, Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Collection and disclosure of information: With the help of the Google +1 button, you can share information worldwide. You and other users receive personalised content from Google and our partners through the Google +1 button. Google stores both the information that you have voted +1 for a piece of content and information about the site you were viewing when you clicked +1. Your +1s can be displayed as information with your profile name and photo in Google services, such as in search results or your Google profile, or in other places on websites and advertisements on the Internet. Google records information about your +1 activities to improve Google services for you and others. In order to use the Google +1 button, you need a public Google profile that is visible worldwide, which must at least contain the name that was selected for the profile. This name is used by all Google services. In some cases, this name can also replace another name that you have used when sharing content using your Google account. The identity of your Google profile can be shown to users who know your email address or have other identifying information about you available.
Plugins of the social network, Facebook, operated by Facebook, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated into our website. The Facebook plugins can be recognised by the Facebook logo or the “Like” button on our page. You can find an overview of the Facebook plugins here: developers.facebook.com/docs/plugins/.
When you visit our website, the plugin establishes a direct link between your browser and the Facebook server. This informs Facebook that you have visited our website with your IP address.
If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our website to your Facebook profile. This allows Facebook to assign your visit to our website to your user account.
Please note that we as the operator of the website do not receive any information about the transmitted data or the use of such data by Facebook. You can find more information about this subject in Facebook’s Data Policy at https://www.facebook.com/privacy/explanation.
If you do not want Facebook to be able to assign the visit to our website to your Facebook user account, please log out of your Facebook user account.
Functions of the Twitter service have been integrated into our website. These functions are offered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users.
You can modify your Twitter privacy settings in your account settings at https://twitter.com/settings/account.
Functions of the Instagram service have been integrated into our website. These functions are offered by Instagram, Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can click the Instagram button to link the content of our website to your Instagram profile. This allows Instagram to assign your visit to our website to your user account. We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or how it is used by Instagram.
Our website contains social plugins by the Pinterest social network, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you visit a site containing such a plugin, your browser will establish a direct connection to Pinterest’s servers. The plugin transmits this log data to Pinterest’s servers in the USA. This log data may include your IP address, the address of the websites visited that likewise contain Pinterest features, type of browser and settings, date and time of the request, how you use Pinterest, and also cookies.
On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also allows free viewing, rating and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, but also music videos, trailers and videos made by users through the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each access to one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, causes the Internet browser on the information technology system of the data subject to be automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component of YouTube. You can find more information about YouTube at https://www.youtube.com/intl/en-GB/yt/about/. During the course of this technical procedure, YouTube and Google gain knowledge about which specific sub-page of our website was visited by the data subject.
If the data subject is logged in on YouTube, when a sub-page containing a YouTube video is accessed, YouTube will recognise which specific sub-page of our website the data subject has visited. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will always receive information through the YouTube component that the data subject has visited our website, if the data subject is simultaneously logged in on YouTube at the time of the access to our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want the transmission of such information to YouTube and Google, they can prevent the transmission by logging out of their YouTube account prior to accessing our website.
9. Rights of the data subject
The following list comprises all the rights of the data subjects pursuant to GDPR. Rights that are not relevant for one’s own website do not need to be mentioned. In that regard, the list can be shortened.
If your personal data are processed, you are the data subject within the meaning of GDPR and you have the following rights vis-à-vis the controller:
9.1. Right to information
You may request confirmation from the controller about whether personal data concerning you are being processed by us.
If such processing is taking place, you can request information from the controller about the following:
1. The purposes for which the personal data are being processed;
2. The categories of personal data that are being processed;
3. The recipients or the categories of recipients to whom the personal data concerning you were disclosed or are yet to be disclosed;
4. The planned duration of the storage of the personal data concerning you or, if it is not possible to obtain specific information about this, the criteria for determining the duration of storage;
5. The existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to objection to this processing;
6. The existence of a right to complain to a supervisory authority;
7. All available information about the origin of the data, if the personal data were not collected from the data subject;
8. The existence of automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
You also have the right to request information about whether the personal data concerning you are being transferred to a third country or an international organization. In this regard, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
9.2. Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are incorrect or incomplete. The controller shall carry out the rectification without undue delay.
9.3. Right to restriction of processing
You may request restriction of processing of the personal data concerning you under the following conditions:
1. If you dispute the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
2. The processing is unlawful and you reject erasure of the personal data and instead request restriction of the use of the personal data;
3. The Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
4. If you have objected to the processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where processing of the personal data concerning you has been restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of the processing was restricted in accordance with the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.
9.4. Right to erasure
9.4.1. Obligation to erase
You may demand that the controller erase the relevant personal data without undue delay, and the controller is obligated to promptly erase the data if one of the following applies:
1. The personal data concerning you are no longer necessary in relation to the purpose for which they were collected or otherwise processed.
2. You withdraw your consent on which the processing is based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal ground for the processing.
3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
4. The personal data concerning you have been unlawfully processed.
5. The personal data concerning you have to be erased to comply with a legal obligation under Union or Member State law to which the controller is subject.
6. The personal data concerning you were collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.
9.4.2. Information to third parties
If the controller has made the personal data concerning you public and is obligated to erase them pursuant to Art. 17 (1) GDPR, the controller, taking account of available technology and the cost of implantation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject request the erasure by such controllers of any links to, or copy or replication of, those personal data.
There is no right to erasure if the processing is necessary
1. To exercise the right of freedom of expression and information;
2. To comply with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. For reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;
4. For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, to the extent that the right referred to in subsection (3) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. To establish, exercise or defend legal claims.
9.5. Right to notification
If you have claimed the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obligated to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you were disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed of these recipients by the controller.
9.6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to have these data transmitted to another controller without hindrance from the controller to which the personal data were provided, if
1. The processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or a contract pursuant to Art. 6 (1) (b) GDPR and
2. The processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another if this is technically feasible. This may not adversely affect the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
9.7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR; including profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.
In the context of the use of information society services, you have the opportunity – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.
9.8. Right to withdraw the declaration of consent regarding data privacy
You have the right to withdraw your declaration of consent regarding data privacy at any time. A withdrawal of consent does not affect the lawfulness of any processing done up to the time of withdrawal.
9.9. Automated individual decision-making, including profiling
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
1. Is necessary to enter into or perform a contract between you and the controller;
2. Is authorised by Union or Member State law to which the controller is subject, and these legal provisions also lay down suitable measures to safeguard your rights and freedoms and legitimate interests, or
3. Is based on your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR unless Art. 9 (2) (a) or (g) GDPR apply and suitable measures have been taken to protect your rights and freedoms and legitimate interests.
In the cases referred to in sections 1 and 3, the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.
9.10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you are of the opinion that the processing of personal data relating to you violates the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.