Privacy Policy

Privacy Policy

This Privacy Policy explains how personal data is processed by the websites www.pentel.de, www.pentel.eu and www.pentel-shop.eu, as well as by the company Pentel Bürobedarf-Handelsgesellschaft mbH as a trading partner.

We, Pentel Bürobedarf-Handelsgesellschaft mbH, take the protection of our customer’s personal data very seriously. We treat your personal data as confidential, and in accordance with both data protection legislation and the provisions of this Privacy Policy.

Below you will find information about how Pentel Bürobedarf-Handelsgesellschaft mbH collects and uses personal data, focusing in particular on the kinds of data collected during your visit to our website and how this data is used. Section XI of our Policy tells you about the rights you are granted by the EU General Data Protection Regulation (GDPR) and how you can exercise these rights.

  1. Name and contact details of the controller

The ‘controller’, as defined by the GDPR and other national data protection legislation enacted by EU and EEA member states, as well as other regulations governing data protection, is as follows:

Pentel Bürobedarfs-Handelsgesellschaft mbH
Lademannbogen 143
22339 Hamburg
Germany

Tel.: +49 40 538091-0
Email: info@pentel.de

Website: www.pentel.de

  1. Name and contact details of the Data Protection Officer

If you have any questions about the processing of your personal data or require other information about data protection, please feel free to email our Data Protection Officer (DPO) at datenschutz@pentel.de. You can also write to them at our company address, marking your letter for the attention of our DPO.

III. General information about data processing

  1. Scope of personal data processing

As a general rule, we collect and use personal data about the users of our website only insofar as this is necessary to provide a fully functional website, which also includes providing related content and services. The routine collection and use of personal data from our users occurs only after obtaining consent from these users. One exception is in cases where consent cannot be obtained beforehand for practical reasons and the processing of data in such cases is allowed by the provisions of applicable law.

  1. Legal basis for the processing of personal data

Insofar as we obtain consent for processing operations involving the personal data of a data subject, point (a) of art. 6(1) of the GDPR serves as the legal basis for the processing of personal data.

In cases where the processing of personal data is necessary for the fulfilment of a contract and the data subject is the party to this contract, point (b) of art. 6(1) of the GDPR serves as the legal basis. This also applies to processing operations required in order to take steps prior to entering into a contract.

If the processing of personal data is required for the fulfilment of a legal obligation to which our company is subject, point (c) of art. 6(1) of the GDPR serves as the legal basis.

In cases where the vital interests of the data subject or some other natural person make the processing of personal data necessary, point (d) of art. 6(1) of the GDPR serves as the legal basis.

If processing is necessary to protect the legitimate interests of our company or a third party, and the interests or fundamental rights and freedoms of the data subject do not override these aforementioned legitimate interests, point (f) of art. 6(1) of the GDPR serves as the legal basis.

  1. Data erasure and duration of storage

The personal data of the data subject is erased or made unavailable once the purpose of data storage no longer applies. In addition, personal data may continue to be stored if such a retention is provided for by EU or national legislation—including Regulations, laws or other legislative instruments—and the controller is subject to this legislation. The personal data is also made unavailable or erased if a retention period prescribed by the aforementioned standards expires, except in such cases where there is a need for the continued storage of the data for reasons of contract conclusion or contractual fulfilment.

  1. Provisioning of the website and creation of log files/pixels
  2. Description and scope of data processing

Each time our website is accessed, our systems collect data and information automatically from the device or computer accessing our website. These data items may include the following:
– The web page that referred you to our site (referrer URL)
– The website or file that you requested
– Browser type and version
– The operating system you are using
– The type of device you are using
– Date and time of day of your visits to individual web pages
– IP address in an anonymised format (only used to identify the accessing location)

  1. Legal basis for data processing

The legal basis for the temporary storage of the log files is point (f) of art. 6(1) of the GDPR.

  1. Purpose of data processing

The temporary storage of the IP address is necessary to enable the outward delivery of the web page to the user’s computer. The log files are otherwise used solely for the purposes of error detection and resolution, as well as for statistical purposes and the technical optimisation of the web presence, including assuring its security and stability, and ensuring you are provided with a user experience of the highest quality.

These purposes also grant us a legitimate interest in data processing pursuant to point (f) of art. 6(1) of the GDPR.

  1. Duration of storage

All data is erased once it is no longer required to achieve the purpose for which it was originally collected. In the case of storing data in log files, data is erased after no more than eight weeks. While storage beyond this point in time is possible, in this case the user’s IP addresses are erased or made unrecognisable so that any association with the accessing client is no longer possible.

  1. Opportunities for objection and remediation

Data must be collected in order to provide the website to the user and data must be recorded in log files in order to operate the website. Website users are not therefore granted an opportunity to object to these activities.

  1. Use of cookies
  2. Description and scope of data processing

Our websites may make use of cookies. Cookies are not harmful to your PC and cannot contain viruses. We use cookies to make our website more secure, more efficient and more user-friendly. Cookies are small text files that are stored in the user’s web browser or stored by this web browser on the user’s computer system. When a user accesses a web page, a cookie may be accordingly stored on the user’s operating system. This cookie contains a specific character string that enables the unambiguous identification of the browser if this browser accesses the web page at a later date. Some of our website features depend on being able to identify the accessing browser even when the user switches from one page to another.

Unless otherwise stated by the specific provisions as set out in section VI of this Privacy Policy (‘Google Analytics’), the cookies we use do not store or transfer any kinds of personal data. The cookies used are technical in nature, and are required for the use of our websites and also to improve usability. If their use is blocked, our websites may become unusable (whether in whole or in part).

  1. Legal basis for data processing

The legal basis for the processing of personal data when making use of cookies is point (f) of art. 6(1) of the GDPR.

  1. Purpose of data processing

The purpose of using technically essential cookies is to simplify the use of the websites for users and to improve the user experience. Some of the features of our websites cannot be offered without the use of cookies. For these features, it is essential that the browser remains identifiable even after a page change.

The user data collected by technically essential cookies is not used to create user profiles. Analytics cookies are used only for the purpose of improving the quality of our website and its content. These analytics cookies enable us to find out how the website is used, so as to continuously improve our services. These purposes also grant us a legitimate interest in the processing of personal data pursuant to point (f) of art. 6(1) of the GDPR.

  1. Duration of storage, opportunities for objection and remediation

Cookies are stored on the user’s computer and their data is sent from this computer to our page. As the user, you therefore have full control over the use of these cookies. You can change the settings in your web browser to deactivate or restrict the use and storage of cookies. Many online advertising cookies can be managed by visiting the US website www.aboutads.info/choices or the EU page www.youronlinechoices.com/uk/your-ad-choices/. Any cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that some or all of the features on our website may no longer be usable (in full).

  1. Google Analytics
  2. Description and scope of data processing

We may utilise the web analysis service Google Analytics, a web analysis service provided by Google Inc. (‘Google’), to analyse the use of Pentel websites by the user. This service uses cookies. These cookies are text files that are stored on your computer and which enable the analysis of the use of the website by its visitors. The information generated by the cookie about your use of this website (including your IP address) is usually transferred to a Google server in the US and stored there. Pentel only uses Google Analytics with the extension ‘_anonymizeIP()’ or ‘ga(‘set’, ‘anonymizeIp’, true)’: this means that IP addresses are only processed once they have been truncated to avoid being associated with real people. As a result of this IP anonymisation, the IP address is shortened beforehand by Google within EU member states or other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and truncated there. Google will use the information generated on behalf of Pentel in order to analyse the use of Pentel’s websites, to provide Pentel with reports about the activities of users visiting Pentel’s websites, and to provide other services associated with website usage and internet usage. Google will also share this information with third parties if this is required by law or insofar as Google commissions such third parties with the processing of this data. Google will not associate the user’s IP address with other data held by Google.

  1. Legal basis for data processing

The legal basis for the processing of personal data when making use of cookies is point (f) of art. 6(1) of the GDPR.

  1. Duration of storage, opportunities for objection and remediation:

Consent to data collection and storage by Google Analytics can be withdrawn with future effect at any time. To do so, users have the option of downloading a browser plugin published by Google. This plugin is available for various browser versions and the link
https://tools.google.com/dlpage/gaoptout?hl=en

can be used to download this plugin. As an alternative to installing the browser add-on or when using browsers on mobile devices, please click this link to prevent the collection of Google Analytics data on this website in the future (the opt-out only works for this browser and only on this domain). This stores an ‘opt-out cookie’ on your device. If you delete the cookies in this browser, you will need to visit this link again.

For further information about the use of data for advertising purposes by Google, as well as options for settings and objecting to this use, please see the Google Privacy Policy at https://policies.google.com/privacy?hl=en-GB

Information sent is erased automatically after 14 months. This erasure operation is carried out once a month, after the retention period has expired.

VII. Google Ads and remarketing

  1. Description and scope of data processing

Alongside conversion tracking, we also use the Google AdWords remarketing feature. This is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). If you have already visited our websites and expressed an interest in our services, this remarketing feature means that you will be shown interest-based advertising messages the next time you use the Google search engine or access websites belonging to the Google Display Network.

These made-to-measure advertising banners are enabled by the use of cookies. Cookies are text files that your web browser saves to your computer when you access one of our websites. In this case, Google will store a cookie in your browser when you visit Google services or websites within the Google ad network. This cookie can be used to log your visits. This cookie is subsequently used to uniquely identify your web browser but is not used to identify you personally.

For more information about Google remarketing and the associated privacy policy, please visit: https://policies.google.com/technologies/ads

  1. Legal basis for data processing

The legal basis for the processing of personal data when making use of cookies is point (f) of art. 6(1) of the GDPR.

  1. Duration of storage, opportunities for objection and remediation:

You can deactivate the use of cookies by Google and, as a result, withdraw your consent for us to use the Google AdWords/Google remarketing service. To do this, please visit the following link, and then download and install the plugin provided by this link: https://support.google.com/ads/answer/7395996

The use of third-party cookies can also be switched off by visiting the deactivation page provided by the Network Advertising Initiative (NAI). Many online advertising cookies can be managed by visiting the US website www.aboutads.info/choices or the EU page www.youronlinechoices.com/uk/your-ad-choices/. Any cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that some or all of the features on our website may no longer be usable (in full).

VIII. Social media plugins

  1. Inclusion of social media plugins

Our websites make use of social plugins (‘plugins’) from social networks. In consideration of data protection concerns, we have deliberately decided not to activate plugins from social networks by default on our websites. Instead, we utilise a solution known as ‘Shariff’. Shariff lets you, the user, decide whether to send data to operators of a particular social network and what kind of data you want to share. When you visit our websites, data is therefore never sent or shared automatically to or with social networks such as Facebook or Pinterest. Your web browser only makes a connection to the servers of the social network in question when you actually click the respective button. Accordingly, when you click the respective button (‘Share’), you give your consent for your web browser to make a connection to the servers of the social network in question and to transfer usage data to the respective operators of this social network. This always applies—whether or not you have an account with the social network. One option to avoid making any association with your social network account is to log out of your account before using our website, i.e. before you click the corresponding button.

We have no influence on the nature and scope of the data that is then collected by the social networks in question. To find out more about the purpose and scope of data collection, and the further processing and usage of this data by the social network(s) in question, as well as your related rights and options for settings to protect your privacy, please consult the privacy policies provided by the respective social network(s).

The above applies to our use of the following social media plugins:

  1. a) Use of Facebook social plugins

Our website uses social plugins (‘plugins’) from the social network facebook.com, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA (‘Facebook’). Facebook’s legal representative for all users outside the USA and Canada is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook’s social plugins can be identified by their use of one of the Facebook logos (white ‘f’ on a blue tile, the wording ‘Like’ or a ‘thumbs-up’ icon) or the additional text ‘Facebook Social Plugin’. A list of Facebook’s social plugins together with their designs can be viewed here: developers.facebook.com/docs/plugins/.

To find out more about the purpose and scope of data collection, and the further processing and usage of this data by Facebook, as well as your related rights and options for settings to protect your privacy, please consult the Facebook Privacy Policy: www.facebook.com/about/privacy/.

Other settings and options for objecting to the usage of data for advertising purposes can be found in the Facebook Profile settings: www.facebook.com/settings.

  1. b) Use of Instagram plugins (such as the ‘Instagram’ button)

We use social plugins (‘plugins’) on our website from the social network Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA).

To find out more about the purpose and scope of data collection, and the further processing and usage of this data by Instagram, as well as your related rights and options for settings to protect your privacy, please consult the Instagram Privacy Policy: http://instagram.com/about/legal/privacy/.

You can change your privacy settings on Instagram on the account settings page: https://www.instagram.com/accounts/privacy_and_security.

  1. c) Use of Pinterest plugins

We use social plugins (‘plugins’) on our website from the social network Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA).

To find out more about the purpose and scope of data collection, and the further processing and usage of this data by Pinterest, as well as your related rights and options for settings to protect your privacy, please consult the Pinterest Privacy Policy: https://policy.pinterest.com/en-gb/privacy-policy.

  1. d) YouTube

On our website, we link to a web service provided by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, CA 94043, USA (‘YouTube’), so as to provide access to product videos hosted by YouTube.

Google has agreed to be bound by the terms of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. For further information about the use of data for advertising purposes by Google (including YouTube), as well as options for settings and objecting to this use, please see the Google Privacy Policy at https://policies.google.com/privacy?hl=en-GB.

  1. e) Google Maps

On our website, we link to a web service provided by Google Maps, so that you can view our location on the map provided by this service and can therefore find us more easily.

Your browser may transfer personal data to Google as a result of this usage.

Google has agreed to be bound by the terms of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. For further information about the use of data for advertising purposes by Google, as well as options for settings and objecting to this use, please see the Google Privacy Policy at https://policies.google.com/privacy?hl=en-GB.

  1. Legal basis for data processing

The legal basis for the processing of personal data when making use of cookies is point (f) of art. 6(1) of the GDPR or your consent as given to us in accordance with point (a) of art. 6(1) of the GDPR. For details of the purposes of processing, please see the information supplied by the respective provider.

  1. Duration of storage, opportunities for objection and remediation:

For information about the use of data for advertising purposes by social media providers, as well as options for settings and objecting to this use, please see the stated websites for the individual social media providers.

  1. Contact form and email contact
  2. Description and scope of data processing

The websites operated by Pentel may include contact forms that can be used for contacting Pentel via an electronic channel. If a user makes use of such a form, the data entered into the form fields will be sent to Pentel via an automatically generated email and saved on Pentel’s servers.

Following the sending of the message, no further data from the user is stored apart from the data entered by the user, their message, and the time and date of receipt.

In order to process this data, your consent is obtained as part of the form submission process and you are referred to this Privacy Policy.

Alternatively, contact can also be made by using the email address provided. In this case, the user’s personal data as supplied in the email will be stored.

Data is not shared with third parties as part of this process. All data is used exclusively for the processing of the communication.

  1. Legal basis for data processing

The legal basis for processing the data is point (a) of art. 6(1) of the GDPR, with the user’s consent having been obtained.

The legal basis for processing the data provided by sending an email is point (f) of art. 6(1) of the GDPR.

If the contact via email is intended to conclude a contract, then an additional legal basis is provided for processing by point (b) of art. 6(1) of the GDPR.

  1. Purpose of data processing

Personal data is processed from the contact form for the sole purpose of handling the contact request. In the case of a contact request sent via email, this supplies a legitimate interest for the processing of this data.

Any other types of personal data processed during the form submission process serve to prevent misuse of the contact form and to safeguard the security of our IT systems.

  1. Duration of storage

All data is erased once it is no longer required to achieve the purpose for which it was originally collected, i.e. once the circumstances make it clear that the matter in question has been adequately clarified. If legal retention periods apply to the correspondence (cf. German Commercial Code section 257 and German Fiscal Code section 147), we will erase it on expiry of these mandatory retention periods.

  1. Opportunities for objection and remediation

Users may withdraw their consent to the processing of personal data at any time. If a user contacts us by email, they can withdraw their consent to the storage of their personal data at any time. In such a case, further communication will no longer be possible. In this case, all personal data stored in the context of this contact request will be erased. This does not affect our obligations to abide by statutory retention periods.

  1. Electronic newsletter
  2. a) Description and scope of data processing

After completing a registration procedure, you can subscribe to our newsletter, which provides you with tailor-made emails containing information about interesting trade fairs, news from our company, invitations to customer events, and so forth. We need only your email address to send you the newsletter: all other details are voluntary. You have the right to withdraw your consent to being sent these personalised messages or newsletter at any time.

The following data items are also collected during registration:
– IP address of the accessing computer
– Date and time of registration
– Date and time of the declaration of consent
– Confirmation that the checkbox was checked
– Date and time of the user’s click on the confirmation link and the link in the confirmation email

In order to process this data, your consent is obtained as part of the registration process and you are referred to this Privacy Policy.

If you purchase goods or services on our website and provide us with your email address when doing so, we may subsequently use this email address to send you a newsletter. In this case, the newsletter will only be sent as a direct marketing mail and used to advertise our own similar goods or services.

Data is not shared with third parties as part of the data processing that is involved with sending newsletters. The data is used only for the purpose of sending the newsletter.

  1. b) Legal basis for data processing

The newsletter is sent as a result of the user registering to receive it on the website provided for this purpose.

The legal basis for processing the data after the user has registered to receive the newsletter is point (a) of art. 6(1) of the GDPR, with the user’s consent having been obtained.

If a newsletter is sent as a result of the sale of certain goods or services, then the legal basis for sending the newsletter as a result of the sale of goods or services is section 7(3) of the German Act against Unfair Competition (UWG) and point (f) of art. 6(1) of the GDPR.

  1. c) Purpose of data processing

The user’s email address is recorded in order to send the user the newsletter.
The collection of other personal data as part of the registration procedure is intended to avoid misuse of the services and of the email address supplied by the user.

  1. d) Duration of storage

All data is erased once it is no longer required to achieve the purpose for which it was originally collected. The user’s email address is therefore stored for as long as the user has an active subscription to the newsletter.

  1. e) Opportunities for objection and remediation

The newsletter subscription can be cancelled by the subscribed user at any time. An unsubscribe link is provided for this purpose in each newsletter sent. You can also contact us at the address provided in our Legal Notice.

Doing so also allows you to withdraw your consent to our storage of the personal data we collected from you during the registration procedure.

  1. Rights of the data subject

In cases where your personal data is processed, you are a ‘data subject’ as defined by the GDPR and you are granted the following rights vis-à-vis the controller:

  1. Right to access

You have the right to obtain from the controller confirmation as to whether or not we are processing personal data where you are the data subject.

If this kind of processing is taking place, you have the right to obtain the following information from the controller:

  1. a) The purposes for which the personal data is being processed.
  2. b) The categories of personal data that are being processed.
  3. c) The recipients or categories of recipient to whom the personal data where you are the data subject have been or will be disclosed.
  4. d) The envisaged period for which the personal data where you are the data subject will be stored or, if specific details are not available, the criteria used to determine the storage period.
  5. e) The existence of a right to request from the controller rectification or erasure of personal data concerning you as a data subject, or a right to restrict the processing of such personal data or a right to object to such processing.
  6. f) The right to lodge a complaint with a supervisory authority.
  7. g) All available information concerning the origin of the data, if the personal data is not collected directly from the data subject.
  8. h) The existence of automated decision-making, including profiling, referred to in art. 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain information about whether the personal data concerning you as a data subject is being transferred to a third country or an international organisation. In this context, you can request to be informed about the appropriate safeguards in accordance with art. 46 of the GDPR in connection with this transfer.

  1. Right to rectification

You are granted a right to the rectification and/or completion of incomplete data vis-à-vis the controller, in cases where your personal data that is processed is inaccurate or incomplete. The controller must make such rectifications without undue delay.

  1. Right to restriction of processing

Under the following conditions, you can request the restriction of processing for the personal data affecting you as a data subject:

  1. a) If you contest the accuracy of the personal data concerning you as a data subject for a period enabling the controller to verify the accuracy of the personal data.
  2. b) If the processing is unlawful and you oppose the erasure of the personal data, and request that the use of this personal data is restricted instead.
  3. c) If the controller no longer needs the personal data for the purposes of the processing, but you require this data for the establishment, exercise or defence of legal claims.
  4. d) If you have objected to processing pursuant to art. 21(1) of the GDPR pending the verification of whether the legitimate grounds of the controller override your own grounds.

If the processing of the personal data affecting you as a data subject is restricted, then this data, with the exception of its storage, can only be processed as follows: with your consent being given; or for the establishment, exercise or defence of legal claims; or to protect the rights of another natural person or legal entity; or for reasons of an important public interest of the European Union or of an EU Member State.

If processing has been restricted according to one or more of the abovementioned provisions, you will be informed by the controller before the restriction(s) is/are lifted.

  1. Right to erasure (‘right to be forgotten’)
  2. a) Compulsory erasure

You can request that the controller erases personal data concerning you as a data subject without undue delay. The controller is accordingly obliged to erase this data without undue delay if one of the following grounds applies:

(1) The personal data affecting you as a data subject is no longer needed for the purposes for which it was collected or otherwise processed.

(2) You withdraw the consent you gave, on which the processing was based according to point (a) of art. 6(1) of the GDPR or point (a) of art. 9(2) of the GDPR, and there is no other legal basis for the processing.

(3) You object to the processing pursuant to art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to art. 21(2) of the GDPR.

(4) The personal data affecting you as the data subject has been unlawfully processed.

(5) The personal data affecting you as a data subject must be erased in order to ensure compliance with a legal obligation in European Union or EU Member State law to which the controller is subject.

(6) The personal data affecting you as a data subject has been collected in relation to the offer of information society services pursuant to art. 8(1) of the GDPR.

  1. b) Sharing information with third parties

If the controller has made the personal data affecting you as a data subject public and the controller is obliged to erase this data pursuant to art. 17(1) of the GDPR, the controller shall take the following steps: the controller shall—taking into account the available technology and implementation costs for reasonable measures (including technical measures) required to do so—inform the controllers who are processing the personal data that you, as the data subject, have requested the erasure by such controllers of all links to this personal data, as well as all copies or replications of this personal data.

  1. c) Exceptions

A right to erasure is not granted in the following cases:

(1) If processing is required to exercise the right to freedom of expression and information.

(2) If processing is required for compliance with a legal obligation that requires processing by European Union or EU Member State law to which the controller is subject or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller.

(3) If processing is required for reasons of public interest in the area of public health, in accordance with points (h) and (i) of art. 9(2) as well as art. 9(3) of the GDPR.

(4) If processing is required for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with art. 89(1) of the GDPR, insofar as the right referred to in section (a) above is likely to render impossible or seriously impair the achievement of the objectives of that processing.

(5) If processing is required for the establishment, exercise or defence of legal claims.

  1. Right to information

If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is required by law to notify all recipients to whom personal data about you has been disclosed about this rectification, erasure or restriction of processing, except in cases where this notification proves to be impossible or would involve a disproportionate amount of effort on the part of the controller.

You have the right to obtain information about these recipients from the controller.

  1. Right to data portability

You have the right to receive the personal data concerning you as a data subject that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was originally provided, in the event that

(1) processing is based on consent being given pursuant to point (a) of art. 6(1) of the GDPR or point (a) of art. 9(2) of the GDPR, or because of a contract pursuant to point (b) of art. 6(1) of the GDPR, and

(2) processing involves the use of automated procedures.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible, and where exercising this right of data portability does not adversely affect the rights and freedoms of others.

This right to data portability is not granted if the processing of personal data is required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  1. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data about you, where such processing is based on point (e) or (f) of art. 6(1) of the GDPR; this right also includes profiling based on these provisions.

The controller will no longer process the personal data affecting you as a data subject unless this controller can demonstrate compelling legitimate grounds for this processing that override your interests, rights and freedoms, or where this processing is required for the establishment, exercise or defence of legal claims.

If the personal data affecting you as a data subject is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data affecting you as a data subject for this kind of marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data affecting you as a data subject will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object by automated means using technical specifications.

  1. Right to withdraw consent as given under data protection law

You have the right to withdraw your consent as given under data protection law at any time. Withdrawal of consent does not affect the legitimacy of processing completed on the basis of this consent until the point in time of withdrawal.

  1. Automated individual decision-making, including profiling

You have the right to object to being affected by a decision taken solely on the basis of automated processing (including profiling), where such a decision produces legal effects that concern you or affects you in a similar and significantly detrimental way. This does not apply if such a decision

(1) is necessary for entering into, or the performance of, a contract between you and the controller;

(2) is authorised by European Union or EU Member State law to which the controller is subject, and this law also lays down suitable measures to safeguard your rights and freedoms, and your legitimate interests; or

(3) is based on your explicit consent.

Such decisions must not be based on special categories of personal data referred to in art. 9(1) of the GDPR, however, unless point (a) or (g) of art. 9(2) of the GDPR applies, and suitable measures have been taken to safeguard your rights and freedoms, and your legitimate interests.

In the cases outlined in (1) and (3) above, the controller must implement suitable measures to safeguard your rights and freedoms, and your legitimate interests. These measures include at least the right to obtain human intervention on the part of the controller, and to express your own point of view, and to contest the decision.

  1. Right to lodge a complaint with a supervisory authority

Without prejudice to other legal remedies provided under administrative law or by a court order, you have the right to lodge a complaint with a supervisory authority, whether in the member state of your place of residence, your workplace or the place of the alleged violation, if you believe that the processing of your personal data was done in violation of the provisions of the GDPR.

The supervisory authority with whom the complaint is lodged informs the plaintiff about the progress and results of the complaint, including the possibility of obtaining an effective judicial remedy on the basis of art. 78 of the GDPR.

XII. Legal warning re unsolicited mail

The operators of this website expressly prohibit the use of contact details provided in accordance with German law (‘Impressumspflicht’) for the purpose of sending any advertising or information materials not expressly requested. The operators of this website expressly reserve the right to take legal action in the event of receiving unsolicited advertising information such as ‘spam’ mail.

XIII. Date and revisions

This Privacy Policy was published on 29 January 2019. We reserve the right to update this Privacy Policy in due course, so as to improve data protection and/or adjust its provisions to changes in government policy or relevant legislation.