Privacy statement of DKV Euro Service GmbH + Co. KG
Table of Contents
II. Data Controller / Data Protection Officer / Supervisory Authority
IV. General Principles / Information
V. Data categories
VI. Data processing in connection with deliveries and services of DKV
VII. Data processing concerning suppliers/service partners/service providers
VIII.Data processing for the fulfillment of legal obligations
IX. Data processing for newsletter/advertisement/marketing/press work
X. Data processing in the context of the provision of our homepage
XI. Rights of the data subject
XII. Alterations of the Data Protection Declaration, Language Versions
DKV, Rating, (hereinafter also we/us) is responsible for the Internet platforms of DKV EURO SERVICE GmbH + Co. KG, for short: "DKV".
Below, we would like to inform you comprehensively and in detail about how we shall protect your privacy, and how personal data is processed within the framework of our websites and/or our online platforms. Personal data will be deleted as soon as possible and will never be used for advertising purposes, or be passed on, without your consent.
If the information provided below is insufficient or incomprehensible, please do not hesitate to contact our data protection officer under the contact details given in Section II.
II. Data Controller / Data Protection Officer / Supervisory Authority
III. Definitions of the Terms Used
The definitions and terms used within this Privacy Notice are governed by the Regulation (EU) 679/2016 on the protection of natural persons with regard to processing of personal data, free movement of such data and the repealing of Directive 95/46/EC (hereinafter "General Data Protection Regulation" or "GDPR") as well as by the Federal Data Protection Act (“BDSG”). This applies, in particular, for the definitions made in Art.s 4 and 9 GDPR.
Please note that the GDPR as well as the BDSG only apply to the processing of data of natural persons. The data of legal entities (e.g. a limited liability company, a public limited company or a cooperative association etc.), are – in general – not subject to and therefore not protected by data protection law , exempt where traders as natural person are affected, so-called one-man company (“Ein-Mann-GmbH”) exists or personal data of employees of legal entities are subject of a processing.
IV. General Principles / Information
1. Scope of the processing of personal data
In general, we only collect and process personal data if it is necessary for providing and making available our services, for the the fulfilment of contracts as well as for providing our web and online platforms (including mobile apps) or if the collection and/or processing of personal data for other purposes is permitted by another legal basis.
2. Legal bases
Insofar as personal data is processed on the basis of the data subject's consent, Article 6 (1), letter a GDPR forms the legal basis for the processing.
In cases where personal data is processed for the performance of a contract to which the data subject is a party, Article 6 (1), letter b GDPR forms the legal basis; this also applies to processing necessary for the implementation of precontractual measures.
If personal data is processed in order to comply with a legal obligation to which we are subject, Article 6 (1), letter c GDPR forms the legal basis. If processing of personal data is necessary in order to protect vital interests of the data subject or any other natural person, Article 6 (1), letter d GDPR forms the legal basis.
If processing takes place in order to protect a legitimate interest of our company or a third party, and this interest is outweighed by the data subject's interests or basic rights or basic freedoms, Article 6 (1), letter f GDPR forms the legal basis of the processing.
If processing of personal data takes place in the context of a so-called change of purpose, i.e. data is processed for other purposes than for the purposes for which it has been collected in the first place, Art. 6(4) GDPR is the legal basis
In cases where special categories of personal data within the meaning of Art. 9 GDPR are processed, the express consent of the data subject pursuant to Art. 9(2) lit. a in conjunction with Art. 6(1) lit. a GDPR and/or a permission pursuant to Art. 9(2) lit. b-j GDPR is the legal basis for the processing.
3. Enforcement of claims / legal compliance
We reserve the right to process personal data for enforcing claims within the scope of our legitimate interests pursuant to Art. 6(1) lit. f GDPR; this includes, in particular, a transfer of data to a General Credit Protection Agency (e.g. “Schufa”) (see Section VI.1.4), authorities and/or courts. In addition, personal data might be processed and/or transferred in the fulfilling of legal or regulatory obligations (e.g. disclosure to authorities etc.); in this case, Art. 6(1) lit. c GDPR is the legal basis.
4. Obtaining consent / right to revoke
Consent declarations in the meaning of Art. 6 (1) lit. a GDPR will be obtained in writing, in text form or electronically. If a consent shall be obtained electronically, it will be granted by ticking a opt-in-check box; the granting of the consent will be documented electronically, In the case of electronic consent, the so-called double opt-in procedure (https://www.onlinemarketing-praxis.de/glossar/double-opt-in) may be used to identify the user, as far as legally required.
Right to revoke: Please note that consent once given may be - in whole or in part - revoked at any time with effect for the future. The lawfulness of the processing that has taken place until such revocation shall remain unaffected. If you wish to revoke your consent, please use the contact details provided in Section II (data controller or data protection officer).
5. Possible recipients of personal data
In order to provide our web and/or online platforms, we shall sometimes use third-party service providers, who will, when rendering their services, operate on our behalf and in accordance with our directives (commissioned processor). These service providers may receive personal data or come into contact with personal data when rendering their services and will constitute third parties or recipients within the meaning of the GDPR.
In such cases, we ensure that our service providers have taken adequate security measures, that suitable technical and organizational measures are in place and that any processing complies with the requirements of the GDPR and guarantees the safeguarding of the data subject's rights (see Art. 28 GDPR).
If personal data is transferred to third parties and/or recipients outside of a data processing in the meaning of Art. 28 GDPR, we ensure that this transfer complies with the requirements of GDPR and will be conducted only if a corresponding legal basis exists (e.g. Art. 6(4) GDPR; see also Section IV.2).
6. Processing of data in so-called third countries
In principle, the processing of your personal data will take place within the EU or the European Economic Area ("EEA").
Merely in exceptional cases (e.g. in connection with the calling-in of service providers for rendering web analysis services) may information be transmitted to so-called "third countries". "Third parties" are countries that are outside of the European Union and the Agreement on the European Economic Area. Therefore, it cannot be automatically assumed that the level of data protection in those countries is adequate and corresponds to the standards in the EU.
Prior to transmitting any information that also includes personal data, we shall ensure that an adequate level of data protection is guaranteed in the respective third country or at the respective recipient in the third country. This may ensue from a so-called "adequacy decision" of the European Commission or be safeguarded by using the so-called "EU standard contractual clauses". In the case of recipients in the USA, compliance with the principles of the so-called "EU-US Privacy Shield" may also ensure an adequate level of data protection. On request, we shall be happy to make available further information on suitable and adequate safeguards for adherence to an adequate level of data protection; the contact details can be found at the beginning of this Data Privacy Statement. Additionally, information on the participants in the EU-US Privacy Shield can be found here www.privacyshield.gov/list.
7. Data deletion and storage period
Personal data of data subjects will be deleted as soon as they are no longer required for the respective purpose of processing. Instead of deletion, data may, if necessary, be stored with restrictions on processing if provided for by European or national legislators in EU ordinances, laws or other regulations to which our company is subject, in particular e.g.
• in order to meet statutory storage obligations (e.g. the General Fiscal Law (“Abgabenordnung - AO”) or the German Commercial Code (“Handelsgesetzbuch – HGB”), currently 6 to 10 years) and/or
• if a legitimate interest in the storage of data exists (e.g. for the purpose of legal defense within the scope of the statute of limitations (Art. 195 ff. German Civil Code ("BGB"), currently 3 up to 30 years).
In this case, Art. 6(1) lit. c respectively lit. f GDPR are the legal basis. Data shall be deleted at the latest when the storage period specified by the principles stated below expires, unless further storing of the data is necessary for the conclusion of a contract or for other purposes (e.g. legitimate interests according to Art. 6(1) lit. f GDPR).
8. Rights of the data subject
The GDPR grants certain rights to the data subjects, i.e. persons affected by the data processing (so-called data subjects rights, in particular Art. 12 to 22 GDPR). The individual rights of the data subjects are specified in Section XI. If you wish to exercise one or more of these rights, you may contact us at any time. For that purpose, please use the contact details provided above in Section II.
V. Data Categories
Regarding the categories of personal data affected, we differ between (i) Master Data, (ii) Performance Data, (iii) Third Party Data as well as – if relevant– (iv) special categories of personal data within the meaning of Art. 9 GDPR.
Master Data are data concerning your company and/or your person, which you provide in the context of the preparation and/or the conclusion of a contract. We usually retrieve such data from our contract forms. This includes in particular data such as company name, surname, first name, address, birthday, email address, phone number, fax as well as bank and account details. You may submit further data such as your mobile number, your preferred language for correspondence or further interests and preferences to us. This data category is altogether referred to as "Master Data".
2. Performance Data
Performance data are data arising from the execution respectively the fulfillment of a contract and are processed for contract implementation, billing, management, further development or marketing of our offers, services and deliveries. Such data often have no direct reference to a natural person, but a personal reference could be established, so that such data are deemed personal data. Depending on the services ordered or provided, Performance Data includes in particular (i) data required for providing contract offers (including financing offers), (ii) data required for the provision of services (e.g. LEO number, license plate, names of employees), (iii) payment and billing data or (iv) data/information required for the processing of customer enquiries and complaints.
3.Third Party Data
In general, personal data will be collected directly from you. However, it is possible that we do not collect personal data directly, but receive it from third party companies and/or contractual partners, e.g. within the framework of separate contracts (so-called Third Party Data). Such Third Party Data about your company/your person can be, for example, address data, billing data from third parties (e.g. from our service partners), credit information or similar.
VI. Data processing in connection with deliveries and services of DKV
We process personal data in accordance with the relevant data protection provisions, in particular the GDPR and the BDSG (“Federal Data Protection Act”). As far as data protection law is applicable, we process any data collected from you and/or your company in connection with our services as follows:
1. Purpose and legal basis of the processing
We collect and process personal data for the following purposes and on the following legal bases:
1.1. Services (equipment/services/toll processing)
Master Data, Performance Data and Third Party Data – including data from our customers, service partners and their employees’ and staff’s data – for the purpose of contract initiation, contract conclusion and the provision of our services, as far as such processing is necessary for this purpose. This includes in particular data processing for the purpose of provision/delivery of equipment (e.g. fuels, oils, lubricants, electricity), the provision of services (e.g. garage services, car wash etc) or the processing of toll payments, including the billing of our services.
Art. 6(1) lit. b GDPR respectively Art. 6(1) lit. f GDPR (legitimate interests) are the legal basis for the abovementioned data processing between the parties involved; legitimate interests exist in the provision of services to the customers within the delivery chain.
1.2. Legitimation Objects (LEO‘s)
If legitimation objects (LEO’s) are provided within the scope of a contractual relationship for the purpose of cashless acquisition or cashless use of services, these objects can be individualized and made available to the customer on request, using Master Data as well as Performance Data, both customer and vehicle related (e.g. using the license plate number and/or employee-name). Legal basis for this is Art. 6(1) lit. b GDPR; for further information on the provision and use of LEO’s, including any restrictions, please refer to our General Terms and Conditions.
1.3. Resale by authorized partners
Subject to the conclusion of a corresponding reseller contract, DKV offers partner companies the option to resell DKV services in their own name and on their own account. In this case, we use Master Data, Performance Data and Third Party Data of the partner companies for the purpose of contract initiation, contract conclusion as well as for the provision of services to our partner companies, including the invoicing of our services. Legal basis for this is Art. 6(1) lit. b GDPR.
The resale usually takes place within the scope of an „extended“ chain delivery transaction; this means that each time a partner company's customer purchases goods and/or services from a DKV service partner, the DKV service partner or its service station sells goods and/or services to DKV. Subsequently, DKV sells the goods and/or services at the same time to the partner company which then finally sells the goods and/or services to its customers; the provision of the services required for the fulfillment of the respective contracts is made directly to the partner company’s customer. In this respect, the partner company is responsible for the data processing necessary for the resale of goods and services to its customers in accordance with the data protection laws applicable.
In the event that DKV provides additional services within the scope of the reseller contract in specific cases (e.g. issuing, individualization, dispatch of LEO’s) and processes personal data of the partner company’s customers in this connection, this shall be carried out within the scope of a data processing agreement (Art. 28 GDPR); nonwithstanding, the provision or invoicing of services related to the respective contractual relationship considering the „extended“ chain delivery shall always be at the partner's own responsibility.
1.4. Credit check/credit agencies/credit rating
We reserve the right to request and to process credit information from credit agencies based on the personal data collected by us within the scope of the contractual relationship. In addition, we reserve the right to transfer and process data to credit rating agencies for the purpose of determining creditworthiness or default risks - in particular in the cases specified in Section 31 (2) BDSG - within the scope of legitimate interests of our company and/or third parties; e.g. if payments due have not been paid.
All such data processings and transfers will be conducted on the basis of Art. 6 para. 1 lit. f GDPR, as far as that is necessary to safeguard our legitimate interests or the legitimate interests of third parties to be protected against bad debts and provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
Please note that credit rating agencies themselves may process and use the received data for own scoring purposes in order to provide their contractual partners in the European Economic Area and in Switzerland as well as, if necessary, in further third countries (if there is a European Commission decision on their appropriateness) with information about e.g. the creditworthiness of customers. The respective rating agency is responsible for such data processing in accordance with GDPR; if you have any questions regarding data processing by such agencies, you must contact them directly; we will be happy to provide you with the relevant contact details on request.
Based on the data made available to the credit agencies as well as on the customer’s payment behaviour, DKV carries out its own (credit rating) scoring. This scoring is carried out within the framework of automated processing in compliance with data protection provisions of Art. 22 GDPR as well as Art. 31 BDSG; the credit rating is carried out by an external service provider, Prof. Dr. Schumann AG, who works for DKV within the scope of an order processing in accordance with Art 28 GDPR. Address data is not processed in the context of the credit rating. Legal basis for the performance of DKV’s own credit rating is Art. 6(1) lit. f in conjunction with Art. 22(2) lit a GDPR.
1.5. Invoicing of deliveries and services
For the purpose of invoicing our services, we use Master Data provided by the customer, Performance Data necessary for billing (e.g. purchased equipment, used services etc.) as well as Third Party Data in specifc cases (e.g. if customers acquire equipment via DKV third service partners or if we acquire third party claims (e.g. toll operators) for the purpose of a (uniform) invoicing to the customer)). Legal basis for such processing is Art. 6 (1) lit. a GDPR (contract fulfillment/performance of precontractual measures) as well as Art. 6 (1) lit. f GDPR (legitimate interests).
1.6. Assignment of claims/factoring/collection
If customers order deliveries and services directly from toll operators and/or service partners, we reserve the right to acquire the resulting claims from them for the purpose of uniform accounting and invoicing by way of a purchase of claims with assignment. After assignment, these claims shall be asserted against the customers in DKV’s own name and own account as part of a uniform invoicing procedure. Legal basis for the assignment and the data processing necessary for the debt collection is Art. 6(1) lit. b GDPR (contract fulfillment), otherwise Art. 6(1) lit. f GDPR (legitimate interests) – insofar as the customer agrees to this in the contract with the toll operator and/or service partner; the legitimate interest lies within the provision of a uniform invoice as well as a simplified debt collection.
Moreover, we reserve the right to assign to third parties or have third parties assert unsettled claims, which have not been paid by customers after a corresponding reminder. For this purpose, we may transfer personal data to respective assignees and/or service providers. The legal basis for such processing, including its transfer, is Art. 6(1) lit f GDPR (legitimate interests). The legitimate interest of DKV in such assignment and data transfer is that these service providers have the necessary competence to effectively claim open receivables in or out of court (e.g. via payment plan agreements). This helps to avoid long-term legal disputes, while reducing bad debt losses and increasing the collection rate, thus improving DKV’s liquidity and solvency.
If you are of the opinion that your interest in the protection of your personal data outweighs our legitimate interest in such assignment, you have the right to object to the processing of your personal data for the aforementioned purpose (regarding the right to object see Section X 6). After assignment, the responsiblity for data processing for the purpose of debt collection according to data protection lies with the respective service provider in the sense of GDPR; for any queries regarding data processing by these service providers, please contact them directly (see above).
1.7. Enforcement of claims/compliance with legal obligations
We reserve the right to use personal data for the enforcement of claims in and out of court. Art. 6(1) lit. b GDPR (contract performance/implementation of pre-contractual measures) respectively Art. 6(1) lit. f GDPR (legitimate interests) are the legal basis for such processing. Data can also be processed and/or transferred for the purpose of fulfilling legal or statutory obligations (e.g. information to authorities etc.); in that case Art. 6(1) lit. c GDPR is the legal basis for such processing.
2. Electronic customer accounts (Cockpit / TO-Manager)
For the use of certain services and/or benefits, we provide our customers with the possibility to set up an electronic user account. When registering and setting up such account, the following personal data („mandatory information“) will be collected and stored:
• user name
• corporate email address of the user, first name, last name, title,
• company (where relevant),
• address, country, state and location of the company.
At the time of registration, (i) the user’s IP address as well as (ii) date and time of the registration are stored.
Moreover, voluntary information, e.g. phone number, fax number, mobile number or details about the company such as number of employees, line of business or fleet size, can be submitted. Information required for registration purposes is marked as a mandatory field in the input mask by an asterisk. Without the complete and truthful completion of all mandatory fields, registration cannot take place. The registration is only completed when you confirm the link contained in an e-mail we send to you after the complete filling in of all mandatory fields. On an anonymous basis, this information can be used, among others, for improving our services.
2.1. Purpose and legal basis
A user registration takes place for the purpose of access restriction and/or access control to selected contents and services, which we only make available to registered users within the scope of our websites and/or online offers. Such registration can also take place for the purpose of providing selected content and services to registered users as part of the contract fulfilment and/or to implement pre-contractual measures.
The legal basis for the processing of data for the purpose of registration is Art. 6 para. 1 lit. a GDPR, if the user has given his consent. If registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the legal basis for such processing is Art. 6 (1) lit. b GDPR. If the registration is required for the purpose of access restriction and/or access control, the protection of legitimate interests may also be the legal basis (Art. 6 para. 1 lit. f. GDPR); the legitimate interest is to restrict access in order to protect the content and information developed by DKV against an unauthorized usage.
2.2. Data deletion and storage period
If the registration takes place in the context of a contract fulfillment or for the inplementation of pre-contratual measures (Art. 6(1) lit b GDPR), the registration data will be stored for the duration of the respective order or contract relationship and will be deleted or blocked after expiry of the respective contract or notice period, taking into account Section IV.7.
If the registration is not related to a contract fulfillment or the implementation of pre-contractual measures, the registration data will be deleted as soon as the registration is dissolved, altered or deleted by the user, taking into account Section IV.7.
2.3. Opt-out and removal option
You as a user have always the possibility to dissolve or delete your registration at any time. You can also change your stored personal data at any time. If your data is (still) necessary for the fulfillment of a contract or the implementation of pre-contractual measures, a deletion of your data is only possible if there are no contractual or legal obligations that prevent such deletion.
3. Possible recipients of data/persons authorized to access data
In the context of providing our services including the processing of personal data relating thereto, our employees have access to data for the purposes stated in Section V on the basis of the so-called "need-to-know principle". This means that the group of persons authorized to access data is limited to those employees deemed necessary to fulfil the respective processing purpose.
In order to fulfil the purposes mentioned in Section VI, data may also be transferred and processed by (technical) service providers, subcontractors, vicarious agents and/or service partners of DKV, in particular in the context of the contract fulfillment (e.g. „extended“ chain delivery transactions, service chains, toll processing). Furthermore, data can be transferred in the context of payment transactions (e.g. to banks, payment service providers) and/or for the implementation of financing. Data can also be transferred to courts, attorneys, credit agencies (Inkassounternehmen) and/or public institutions for the purpose of enforcing claims and/or meeting legal obligations (e.g. reporting obligation, follow-up obligations in the event of product warning or similar), see also Section IV.3.
With regard to possible recipients of data and the overall organization of access authorizations in our company, please see also Section IV.5 above.
4. Data processing outside the EEA
Data processing outside the European Union (EU) and/or the European Economic Area (EEA) may take place e.g. in case of deliveries and services to customers outside the EEA, e.g. .in case of purchase of equipment in Russia or Belarus. Such data processing is permissible according to Art. 49 GDPR, especially according to Para 1 lit. b and/or lit. c GDPR. If Art. 49 GDPR does not apply and DKV is responsible for the data processing on site in accordance with data protection law applicable, DKV will take the measures mentioned in Section IV.6 to ensure an appropriate level of data protection. On request, we are happy to provide you with further information.
5. Data deletion, storage periods, right of withdrawal and objection
If the processing of personal data takes place in connection with the fulfillment of a contract or in order to carry out pre-contractual measures (Art. 6 (1) lit. b GDPR), (personal) data will be stored for the duration of the respective order or contractual relationship and will be deleted or blocked after expiry of the contract or notice period (taking into account the storage periods mentioned in Section IV.7).
6. Obligation to provide personal data (so-called mandatory information)
Data, which is necessary for the initiation, conclusion or implementation of a business relationship, including the fulfillment of related contractual obligations and/or which we are obliged to collect, is mandatory information. Mandatory information is marked with an asterisk in our forms. Without providing this data, it is possible that we may not be able to provide a contract and/or service or only provide it to a limited extent; we reserve the right to refuse contract conclusion if mandatory information is not provided.
7. Automated decision making/profiling pursuant to Art. 22(1) and /4) GDPR
Except for DKV’s own credit ratings (see Section VI.1.4), we generally do not use fully automated decision making procedures within the meaning of Art. 22 GDPR to establish and/or conduct business relationships. Should we use such procedures in future or in other cases, as far as required by law, we will inform you separately. We will not create profilings on the basis of the data collected and processed by us.
VII. Data processing concerning suppliers/service partners/service providers
We process personal data of suppliers and/or service providers (hereinafter „suppliers“) who are natural persons and whose services we commission and/or use on a contractual basis only for the purpose of fulfilling or performing a contract. This might concern Master Data, Performance Data as well as Third Party Data. The legal basis for such data processing is Art. 6 (1) lit. b GDPR (fulfilment of contract/implementation of pre-contractual measures).
Furthermore, we reserve the right to process our suppliers’ personal data for the purpose of enforcement of claims within the scope of legitimate interests pursuant to Art. 6 (1) lit. f GDPR. This includes in particular the disclosure of data to credit rating agencies (see Section VI.1.4), consultants and/or lawyers, authorities and/or courts. Data may also be processed and/or disclosed for the purpose of fulfilling legal or statutory obligations (e.g. information to authorities, etc.); the legal basis for such processing is Art. 6 (1) lit. c GDPR.
Please note that data protection law may not apply for suppliers who are legal entities (see definition of personal data in Art. 4 (1) GDPR).
VIII. Data processing for the fulfillment of legal obligations
As a company we are subject to several legal obligations (e.g. Tax laws, Commercial Code, Money Laundering Act etc.) which may make it necessary to process your data in oder to meet legal and statutory obligations (e.g. information to authorities etc.). In these cases, Art. 6(1) lit. c GDPR is the legal basis.
We determine in individual cases and on a case-by-case basis, whether we can enter into business relations with you, taking into account:
• the EU regulation no. 2580/2001 and no. 881/2002,
• the German Money Laundering Act,
• the UK Bribery Acts,
• the US sanctions list (e.g. the Denied Persons Lits (DPL) the Bureau of Industry and Security (BIS), the Specially Designated Nationals and Blocked Persons List (SDN-List) of the Office of Foreign Assets Control (OFAC) and Entity Lits of the US Bureau of Industry and Security – Department of Commerce) as well as
• the list of „Ineligible firms & individuals“ of the World Bank.
IX. Data processing for newsletter/advertisement/marketing/press work
We only process personal data for the purpose of advertising or marketing activities (e.g. newsletter), the conduct of customer satisfaction surveys as well as press and public relations (hereinafter „marketing“) if a corresponding consent or another legal basis, which allows the processing even without consent; exists. In further detail:
1. Newsletter registration
If you would like to take advantage of our newsletter service, we need your valid email address. In order to check whether you are the owner of the email address provided respectively whether its owner agrees to receive newsletters, we will first of all send an automated email to the provided email address that contains a newsletter registration link. Only after the confirmation of that registration link i.e. by klicking on it, we will add your email address to our mailing list (so-called double opt-in). We do not collect any further data beyond the email address and the data required for the confirmation of the registration link.
Your data will be processed for the purpose of sending the newsletter you have requested. The legal basis for this processing is Art. 6(1) lit. a GDPR or Art. 7 UWG („Law against unfair competition“, see below). You can unsubscribe from the newsletter at any time; the statements on the right of withdrawal of consent pursuant to Section IV.4 shall apply addoitionally.
2. Processing of personal data for advertising and marketing purposes/customer surveys
We process your personal data for advertising and maketing purposes as well as for customer satisfaction surveys if a consent or another legal basis, wich allows the advertising and marketing approach even without consent, exists. As far as legally permissible, we reserve the right to address customers for advertising purposes on the basis of publicly accessible data and/or third-party data, which they get from publicly accissible sources (e.g. data from directory media, the internet, company homepages, public registers etc.). In detail:
• Legal basis for advertising and marketing measures on the basis of an explicit consent is Art. 6 (1) lit. a GDPR; Section IV.4 shall apply accordingly.
• Legal basis for data processing for the purpose of direct advertisement by direct letter-mail is Art. 6 (1) lit. f GDPR (legitimate interests); the legitimate interest here is to address potential customers for the purpose of direct advertising for our products and services.
• Legal basis for advertising and marketing measures by telephone is Art. 7(2) no. 2 UWG; in case of consumers, explicit consent is mandatory; in case of other market participants, at least a presumed consent is required; regarding the explicit consent requirement see above and Section IV.4.
• For advertising and/or marketing measures via email for the purpose of direct advertisement for similar goods or services, Art. 7(3) UWG is the legal basis, provided that we (i) received your email address in connection with the selling of our products or services, (ii) you did not object to the use of your email address for direct advertising and (iii), at the time of collecting your email address and at every use, we clearly inform you that you may at any time object to the use of your email address for marketing purposes (for the right to object see Section XI.6).
Depending on the respective legal basis for the advertising measure, we store and use personal data for the purpose of advertisement for an indefinite period of time (consent or legitimate interests) until you object to such usage of your data or you revoked you respective consent.
You may at any time with effect for the future revoke your consent to the processing of your personal data. You can at any time object to a processing on the basis of legitimate interests; a right of objection exists in particular in the case of profiling in accordance with Art. 21 GDPR. In case of a revocation and/or objection, the personal data will no longer be processed for the respective purpose. This shall not apply if the processing of data is still required for the purpose of contract fulfillment (Art. 6(1) lit. b GDPR), mandatory storage obligations and/or if data is still necessary in the context of legitimate interests (Art. 6(1) lit. b GDPR), e.g. in the event of an objection against advertising, the processing of data in a so-called blacklist to prevent further advertising measures.
On request, we are happy to provide you with further information about our handling with data for marketing purposes and/or the sources of our data; please contact us via the contact details in Section II.
3. Press and public relations
For the purpose of press and public relations activities, we collect and process Master Data, Performance Data and Third Party Data of journalists and/or press representatives. This may include in particular the provision of press information, the processing of press requests, the addressing of press representatives or the organization of (press) events. The legal basis for such data processing is Art. 6 (1) lit. b GDPR (fulfilment of contract/implementation of pre-contractual measures), as far as the data processing is necessary to fulfill a corresponding agreement and/or in the context of a concrete request. In addition, the data may processed in the context of legitimate interests pursuant to Art. 6(1) lit. f GDPR; in this case, the legitimate interest is the conducting of press and public relations activities in favour of the brands and trademarks of the DKV Goup.
X. Data processing in the context of the provision of our homepage
In the context of the provision of our homepages and/or online platforms, we process personal data as follows:
1. Data processing for the provision of our website/collection of log files
When a user visits our website, our system automatically processes data and information from the accessing device/computer system in an automated manner. The following data is processed (hereinafter "Log Data"):
• information on the type of browser and the version used
• the user's operating system
• the user's Internet service provider,
• the user's IP address
• date and time of access,
• websites from which the user's system accesses our website,
• websites accessed by the user's system via our website,
• the user's movements on our website (e.g. clickrates, duration of use); the so-called log data do not allow a personal reference to the user.
1.1. Purpose and legal basis
The collection and processing of Log Data (in particular the IP address) take place for the purpose of making available to the user the content on our website, i.e. for the purpose of communication between the user and our web- or online platform. The IP address is temporarily stored for the duration of the respective communication process. This is necessary for addressing the communication between the user and our web and/or online platform and/or for using our web and/or online platform. Art. 6 (1) lit. b GDPR and/or Section 96 TKG [Telecommunications Act] and/or Section 15 (1) TMG [Telemedia Act] - for the duration of your website visit – are the legal basis for such data processing.
Any processing and storage of the IP address in log files beyond the communication process take place for the purpose of ensuring the functionality of our web and online platforms, optimizing these platforms and ensuring the security of our IT systems. Art. 6 (1), lit. f GDPR (protection of legitimate interests) and/or Section 109 TKG are the legal basis for any storage of the IP address for these purposes beyond the communication process.
1.2. Data deletion and storage period
We will delete data as soon as they are no longer necessary for attaining the purpose for which we processed it. In case of data collection for providing the website, the data will be deleted when the respective session - the website visit - has ended. Any further storage of Log Data, including the IP address, for the purpose of system security shall take place for a period of no more than seven days after the user's access to the website has ended. Following the expiration of the aforementioned seven-day storage period, further processing and/or storage of Log Data will be possible and permissible if the users' IP addresses are deleted or masked to such an extent that it is no longer possible to allocate the Log Data to an IP address. This applies except for further processing of data in the cases listed below (e.g. cookies etc.)
1.3. Possibility of objection and removal
The processing of Log Data for the provision of the website, including the storage of Log Data in log files within the aforementioned limits, is essential for the operation of our website. Therefore, the user has no possibility to object to it. This shall not apply to the processing of Log Data for analysis purposes, c.f. Section X.3–(depending upon the respective analysis tool used and the type of data analysis (personal / anonymous / pseudonymous)).
We differentiate between (i) Essential Cookies, (ii) Performance Cookies, (iii) Functional Cookies and (iv) Cookies for Marketing Purposes:
(i) Essential Cookies
These cookies are necessary for the operation of our website and cannot be deactivated in your system. These cookies will generally only be set as a response to your actions that correspond to a service request, such as specifying your privacy settings, logging in or filling out forms (e.g. language settings, information on the PC/device used and its settings or log in information). You can configure your browser so that it blocks cookies or so that you will get notifications about these cookies. However, certain parts of the website will not work after blocking such cookies. These cookies do not store any personal data.
(ii) Performance Cookies
These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They support us to evaluate which websites are most popular, which ones are the least used and how the visitors move on our website. All information collected by these cookies is aggregated and therefore anonymous. If you deactivate these cookies, we are not able to detect when you visited our website.
(iii) Functional Cookies
By means of such cookies, we are able to provide extended functionalities and personalized service on our website. Such cookies may be set by us or by third parties whose services we use on our website. If you do not allow these cookies, some or all of these services may not function properly.
(iv) Cookies for Marketing Purposes
These cookies can be set by our marketing partners via our website. They use them to create a profile with your interests and to show you relevant advertisements on other websites. These cookies do not directly store personal data but they are based on a unique identification of your browser and internet device; the related data processing can take place outside the European Economic Area (EEA). If you deactivate them, you will see less targeted advertisements.
The third party providers, who set the respective Cookies based on your consent, are solely responsible for the use of such cookies; we have no possibility or influence to/on its usage and/or the processing of data based on such cookies. You can prevent the placing of third party providers' cookies by taking the measures described in Section X.2.3 and Section IX.3.
2.1. Purpose and legal basis
The purpose of using Essential Cookies is to simplify website usage. They are essential for certain website features, which require the recognition of the browser even after a website change. We use Essential Cookies for the following purposes:
• adopting language settings,
• remembering search terms,
• log-in information.
The user data collected by Essential Cookies is not used for creating profiles. The legal basis for the use of Essential Cookies is Art. 6 (1) lit. b GDPR, as far as there is the possibility to establish a personal link to the user and the use is necessary for the purpose of providing our web and/or online services in the interest of a contract fulfillment. Otherwise Art. 6 (1) lit. f GDPR is the legal basis, since the use is also made to safeguard legitimate interests for the purpose of providing web and/or online services.
Performance Cookies and/or Functional Cookies are used to improve the quality of our website, its content and/or its usability. Because of such cookies, we learn more about the usage of the website, which enables us to optimize our websites continually (see above). With Functional Cookies we improve the user-friendliness of our website, e.g. through personalization; these cookies can be set by us or by third parties whose services we use on our websites. If you deactivate Functional Cookies, our services may not function properly.
The use of the above-mentioned cookies will only take place if the user has given his/her consent. The legal basis for the processing of personal data using such cookies is Art. 6 (1) lit. a GDPR.
2.2. Data deletion and storage period
Cookies are stored on the respective device of the user (smart device / PC) and will be transmitted from there to our websites. We differentiate between so-called permanent cookies and session cookies. Session cookies are stored during the duration of a browser session and will be deleted when the browser is closed. Permanent cookies will not be deleted when the respective browser session ends, but are stored on the user's device for a longer period.
2.3. Possibility of objection and removal
3. Web analysis/use of analysis tools
Such analyses enables us to adapt the design of our websites or optimise content in cases where, for example, we discover that a significant number of visitors uses new technologies or fails to find, or has difficulty finding, an exitsing piece of information.
On our web and online platforms, we carry out the following analyses and use the following web analysis tools:
3.1. Analysis of Log Data
The use of Log Data for analysis purposes takes place exclusively on an anonymous basis; there is neither a link between Log Data and personal data of the user, nor between Log Data and an IP address or a cookie. Therefore, such analysis of Log Data is not subject to the provisions of the GDPR under data protection law.
3.2. Google Analytics / Google 360
For analysing website usage, we use the web analysis service "Google Analytics" respectively Google 360 from Google (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Google AnalyticsBoth tools use "cookies" to analyse the customers' use of the website on a pseudonymous and/or anonymous basis..
The information generated by such cookie concerning your use of the website will be transferred to a Google server in the USA for storage. On this website, IP Anonymization is activated so that your IP address will be shortened prior transfer within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Are. Only in exceptional cases, your full IP address will be transferred to a Google server in the USA and will then be shortened there. On our behalf, Google will use the aforementioned information to evaluate the use of the website, to put together reports on the website activities and to provide the website operator with other services relating to website and Internet usage. The IP address transmitted by your browser within Google Analytics will not be combined with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly. Please note, however, that you may then be unable to use all our website features.
If you do not wish to have your data evaluated by Google Analytics, you have the following options:
• By clicking on the following link, you can install an add-on, which places an opt-out cookie preventing the future collection of your data by Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de
Note: If you delete your cookies, the opt-out cookie will also be deleted and you need to re-activate it, if necessary.
• By downloading and installing the browser plugin available under the link (http://tools.google.com/dlpage/gaoptout?hl=de), you can prevent the processing of data (including your IP address) generated by the Google Analytics cookie relating to your use of the website
• We use Google Analytics for statistical purposes and for evaluating data from AdWords and the double-click cookie. You may deactivate Google Analytics via the Ad Preferences Manager (http://www.google.com/settings/ads/onweb/).
3.3. Google Tag Manager
We partly use the Google Tag Manager on our websites. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The tool itself (which implements the tags) is a cookie-less domain and does not collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.
We also use Facebook-Pixel from Facebook, a social media network of the company Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, for analysing the website usage.
They implement a code on the website, which analyzes the behavior of the users who get to this website via Facebook advertisement. This may be used for improving Facebook advertisement and Facebook collects and stores this data. We cannot view the collected data, we can only use them in the context of advertisement placement. By using Facebook-Pixel codes, cookies are set.
By using Facebook-Pixel, the user’s visit of our website will be reported to Facebook so that the user will see matching advertisement. If you have a Facebook account and you are logged in, your following websites visits will be allocated to your Facebook account. We do not have any influence on this process and we are not responsible for data protection. For further information on the use of Facebook-Pixel for advertising campaigns, plese refer to https://www.facebook.com/business/learn/facebook-ads-pixel.
You can change your settings for advertisements on Facebook via https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, if you are logged into your account. You can manage your preferences regarding user based online advertisement via http://www.youronlinechoices.com/de/praferenzmanagement/. There, you can deactivate or activate many providers at once or change the settings for individual providers. For further information in the Facebook data protection policy, please refer to https://www.facebook.com/policy.php.
3.5. LinkedIn Insight Tag/Pixel
The LinkedIn Insight Tag allows us to collect data for each visit on our website, including URL, Referrer-URK, IP address, device and browser characteristics, timestamp and page views. This data will be encrypted, automatized within seven days and the automated data will be deleted within 90 days. LinkedIn does not disclose any personal data to us, but it provides us with summarized reports about the website target group and the display performance. LinkedIn also offers a retargeting for website visitors so that, with the help of this data, we can display targeted advertisement outside of our website without the member being identified. Members of LinkedIn can configure the usage of their personal data in their account settings.
We use the LinkedIn Insight Tag to get detailed campaign reports and information about the visitors of our website and to serve our advertisement and marketing interests. Being customers of LinkedIn Marketing Solutions, we use the LinkedIn Insight Tag to track conversions, to carry out a retargeting of our website visitors and to earn additional information about the LinkedIn members who check our advertisement. Details about the collection of data (purpose, scope, further processing, use) as well as your rights and setting options, please refer to the data protection information of LinkedIn under https://www.linkedin.com/legal/privacy-policy.
Art. 6(1) lit. f. GDPR is the legal basis for the processing of personal data, i.e. a legitimate interest on our part. Our legitimate interest lies in the above mentioned purposes.
The data will be encrypted, anonymized within seven days and then the anonymized data will be deleted within 90 days. As a user, you may at any time decide about the execution of the Java-Script-Codes via your browser settings. By changing the settings in your internet browser, you can deactivate the Java-Script, limit it or prevent storing. Please note: If the execution of Java-Cript is deactivated, you may no longer be able to use all website features completely.
If you are a member of LinkedIn and you do not want that LinkedIn collects data from you via our website and links your visit with your stored LinkedIn member data, you have to log out of LinkedIn before you visit our website.
You can prevent the execution of the Java-Script-Code necessary for the tool by changing the respective setting in your browser software.
In order to prevent the execution of the Java-Script-Code altogether, you can also install a Java-Script-Blocker, such as e.g. the browser plugin NoScript (e.g. www.noscript.net or www.ghostery.com).
You can also end further tracking by LinkedIn via the Opt-Out provided by us, for more info click here.
3.6. Matomo (PIWIK)
We use the webanalysis tool „Matomo“ (beforehand PIWIK) for the analysis of our website usage. Matomo transfers the usage information generated by the cookie to our servers in Europe and stores them for purposes of usage analysis. The information about your usage of our website generated by the cookie will not be disclosed to third parties.
If you want to object to the usage of cookies and/or analyis by Matomo, you have the following option: You can prevent the collection by Matomo by setting the Opt-Out-Cookie, which will prevent the future collecion of your data by Matomo when visiting our website (however, certain features of our website might not be usable completely).
Please note: If you delete your cookies, this might also delete the Opt-Out-Cookie and you might have to reactivate it.
4. Marketing / Layout / Social Media PlugIns
On our web and online platforms, we offer you to register for our newsletter; the information in Section IX applies accordingly. Furthermore, advertisment tools and Social Media PugIns are used. In detail:
4.1. Web Fonts
For uniform representation of fonts, we use Web Fonts provided by Monotype GmbH (fonts.com respectively fast.fonts.net). When you access our website, your browser downloads the necessary fonts in the browsercash in order to correctly display the website content.
For this purpose, your browser has to connect to the servers of fonts.com. Thereby, Monotype GmbH registers that your IP address accessed our website. We use Fonts.com’s Web Fonts for a uniform display of our online platforms. This corresponds to a legitimate interest within the meaning of Art. 6(1) lit. f. GDPR. If your browser does not support Web Fonts and/or you have blocked Web Fonts in your browser, your computer will use a standard font.
For further information about Web Fonts please refer to https://www.fonts.com/info/legal and the Data Protection Declaration of Fonts under https://www.fonts.com/info/legal/privacy/ and the data protection declaration of Monotype GmbH: https://www.monotype.com/legal/privacy-policy/.
4.2. Google Maps
On our websites, we partially incorporate maps from the service Google Maps of Google LLC via API. In order to fully display the content in your browser, Google has to collect your IP address; otherwise, Google can not deliver/display the incorporated map content. In the event of contract fulfillment, Art. 6(1) lit. b GDPR is the legal basis for such data processing as well as Art. 6(1) lit. f GDPR in the context of a legitimate interest while using our website as the IP address is necessary for displaying the content. Regarding this processing, we cooperate with Google on the basis of a contract about the shared responsibility according to Art 26 GDPR, which can be referred to under https://privacy.google.com/intl/de/businesses/mapscontrollerterms/. Please note that Google has its own Data Protection Regulations, which are indepentent from ours. We take no responsibility or liability for these regulations and procedures. For further information about the data processing by Google, please refer to the Google Data Protection Regulation under https://www.google.de/intl/de/policies/privacy/.
4.3. Google Remarketing
We use the Remarketing Technology of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).
Through this technology, users, who already visited our website and/or online platforms and who are interested in our services, will be addressed again with targeted advertisement on the websites of the Google Partner Networks. The display of advertisement is carried out via cookies. With the help of these cookies, the user behavior on our websites can be analyzed and then be used for targeted product recommendation and interest based advertisement. Google does not merge the data collected in the context of remarketing with your personal data. Google uses pseudonymization in the context of remarketing.
By using our services, you agree to the processing of the collected data by Google in the manner and for the purpose described herein. Please note that Google has its own Data Protection Regulations, which are independent to ours. We take no responsibility or liability for these regulations and procedures.
4.4. jsDelivr CDN
On our websites, we partly use a so-called "Content Delivery Network" (CDN) from jsDelivr. A CDN is a service that helps us to deliver content of our online offer, especially large media files, such as graphics or scripts, faster with the help of regionally distributed servers connected via the internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN. For this purpose, the browser you use must connect to the servers of the CDN. As a result, this browser is informed that our website has been accessed via your IP address.
4.5. Interest based Online Advertisement
In the context of optimizing our online advertisement, we work together with Delta Projects Deutschland GmbH through the anonymous collection and processing of your usage behavior in response to predicted interests. For this purpose, our partner sets cookies on your device on our behalf (see above Section X.2) in order to collect your user data anonymously when you visit our website or click on our online advertisement. By this means, we can analyze the use of online advertisment and provide you with advertising displays, which might be intersting for you and might suit your preferences. In no case, personal data will be stored (such as name, addresss, email address). IP addresses will be anonymized so that a personal reference is excluded.
Interest based online advertisement is delivered by the named service provider. If you do not want to receive user based advertisement displays, you can prevent the data collection by dectivating the cookies (see explanations in Section X.2.3) or by deactivating the setting of an Opt-Out-Cookie.
4.6. Social Networks / Social Media Plugins
We incorporated plugins of several social media networks on our websites. These plugins provide different features whose subject and scope will be defined by the operators of the social networks. We use a 2-click-procedure for a better protection of your personal data. By clicking the button directly next to the respective plugin, the plugin will be activated which will be marked by a color change of the plugin button from grey to colorful. Afterwards, you can use the respective plugin by clicking on the plugin button. Please note that the IP address of your browser session can be linked to your own profile on the respective social media network if you are logged in at this time. Equally, a visit of our website can be linked to your social media network profile if it recognizes you through a previously set social network cookie that is still present on your computer
Please note that we are not the providers of the social media networks and that we do not have any influence on their data processing. For further information, please refer to the following links or addresses:
We incorporate plugins of the social media network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA on our websites.You recognize the Facebook plugins by the Facebook logo or the „Like“ button on our website. For an overview on the Facebook plugins, please refer to: http://developers.facebook.com/docs/plugins/.
If you activate the plugin, your browser will be directly linked to the Facebook server. Thereby, Facebool receives the infomation that you visited our site with your IP address.
Please note that we as provider of the website do not have any knowledge about the content of the transferred data and their usage by Facebook and that we are not responsible for the data processing by Facebook. For further information, please refer to the Facebook Dara Protection Declaration under http://de-de.facebook.com/policy.php.
We incorporate features of the social media network LinkedIn on our websites. These features are provided by LinkedIn Ireland Limited, 77 Sir John Rogerson’s Quay, Dublin 2, Ireland. In this process, data is transferred to LinkedIn. Please note that we as provider of the website do not have any knowledge about the content of the transferred data and their usage by LinkedIn. For further information please refer to the LinkedIn Data Protection Declaration under: http://www.linkedin.com/static?key=privacy_policy.
On our websites we incorporate features of Xing provided by XING AG, Gänsemarkt 43, 20354 Hamburg. If you activate and use the plugin, your browser is establishing a direct link to the servers of Xing. The content of the plugin will be directly transferred to your browser, which then incorporates it on the website. By activating the plugin, Xing gets the information that you visited the respective website of our online platform. If you are logged in, Xing can allocate your visit to your Xing account. For further information on the purpose and scope of the data collection, the following data processing and use of the data by Xing as well as your rights and setting possiblitities in this respect, please refer to the Xing Data Protection Regulations.
5. Contact form and email contact
On our website, you can find a contact form, which the user can use for electronic contacting. If the user submits this contact form, the data entered in the input mask will be transferred to us and then stored by us:
• fleet size
• first name*
• last name*
• availability times
• phone number*
• email address*
• message field
• zip code*
*mandatory information, which are necessary for the registration, are marked with an asterisk as mandatory field (in the input mask).
At the time of sending the message, the following data will also be processed and stored:
• the user’s IP address
• date and time of the sending
Alternatively, you can also contact us via the indicated email address. In this case, all data transferred with the email will be stored. In no case, data will be transferred to third parties, except, when we have to resort to third parties for the processing of the request.
5.1. Purpose and legal basis
Data will only be processed for the purpose of the processing of the respective request respectively the respective user request. All further data collected during the sending process serve to prevent a misuse of the contact form and to ensure the security of our information technology systems.
If the data processing takes place for the purpose of the fulfillment of a customer order or a customer request, Art. 6(1) lit. b GDPR is the legal basis, no matter whether the contacting takes place via the contact form or via email. In case of the existence of a user consent, Art. 6(1) lit. a GDPR is the legal basis for the processing. Legal basis for the collection of additional data during the sending process is Art. 6(1) f. GDPR; the legitimate interest lies in the prevention of misuse and ensuring system security (see Section IV.2).
5.2. Data deletion and storage period
Data will be generally deleted as soon as we do no longer need it for attaining the purpose for which we collected it. In respect to the personal data from the input mask of the contact form and the data sent by email, we will delete the data when the respective communication with the user has ended and/or the user's enquiry has been answered definitively. The communication shall be deemed ended, or the enquiry definitively answered, if it is evident from the circumstances that the matter concerned has been definitively resolved. If continued storage of the data is necessary for the reasons specified in Section IV.7, the data shall be stored and blocked instead of being deleted.
Data collected additonally during the sending process will be deleted as soon as they are no longer necessary for the purpose of their collection.
5.3. Right to object and removal
The user has the option of discontinuing the communication with us and/or withdrawing his/her enquiry and objecting to the corresponding use of his/her data at any time. In such case, all communication is stopped and all personal data stored in the course of contact with the user will be deleted, subject to further storage of the data for the reasons mentioned in Section IV.7.
XI. Rights of the Data Subject
According to GDPR, the user is entitled to the following rights of the data subject:
1. Right to information (Article 15 GDPR)
You have the right to request information on whether or not we process personal data concerning you. If our company processes personal data concerning you, you are entitled to information on
Furthermore, you are entitled to information on whether your personal data is the subject-matter of an automated decision as defined by Article 22 GDPR, and, if so, what decision-making criteria are taken as a basis for such automated decision (logic), and what effects and implications this automated decision could have for you.
If personal data is transferred to a third country outside of the scope of application of the GDPR, you are entitled to information on whether and, if so, under what guarantees an adequate level of protection, within the meaning of Art.s 45 and 46 GDPR, has been safeguarded at the data recipient in the third country.
You have the right to demand a copy of your personal data. In principle, we provide data copies in electronic form, unless specified otherwise. The first copy will be free of charge; we may request an appropriate fee for further copies. The provision of such data copies is subject to the rights and freedoms of other persons possibly affected by the transfer of the data copy.
2. Right to correction (Article 16 GDPR)
You have the right to request that we correct your data insofar as your data is incorrect, inapplicable and/or incomplete; this right to correction includes the right to make your data complete by means of supplementary statements or notifications. Correction and/or supplementation will take place promptly, i.e. without culpable delay.
3. Right to deletion (Article 17 GDPR)
You have the right to demand that we delete your personal data insofar as
No right to delete personal data exists if
Deletion shall take place promptly, i.e. without culpable delay. If we have made personal data public (e.g. on the Internet), we shall, if this is technically possible and can be reasonably expected, ensure that third-party data processors are also informed of the deletion request, including the deletion of links, copies and/or replications.
4. Right to restriction of processing (Article 18 GDPR)
You have the right to have the processing of your personal data restricted in the following cases:
We will process personal data, whose processing has been restricted at your request, only (i) with your consent, (ii) for asserting, exercising or defending legal claims, (iii) for protecting the rights of other natural persons or legal entities or (iv) for reasons of important public interest- except for storage. If a processing restriction is lifted, you will be informed thereof.
5. Right to data portability (Article 20 GDPR)
Subject to the following provisions, you have the right to request that the data concerning you be surrendered in a commonly used electronic, machine-readable data format. The right to data transfer includes the right to transmit the data to another data controller. On request, we shall therefore - insofar as technically possible - transmit data directly to a data controller designated, or yet to be designated, by you. The right to data transfer applies only to data provided by you and requires that the processing take place on the basis of consent or for the implementation of a contract and be carried out with the aid of automated procedures. The right to data transfer under Article 20 GDPR does not affect the right to data deletion under Article 17 GDPR. The data will be transferred only insofar as no rights or freedoms of other persons could be impaired as a result of the data transfer.
6. Right to object (Article 21 GDPR)
If we process personal data for the performance of tasks that are in the public interest (Art. 6(1), lit. e GDPR) or for the protection of legitimate interests (Art. 6(1), lit. f GDPR), you may at any time, with effect for the future, object to the processing of your personal data. If you exercise your right to object, we shall refrain from all further processing of your data for the aforementioned purposes, unless
You may object to the usage of your data for direct advertising at any time, with effect for the future; this shall also apply to profiling, if it relates to direct advertising. If you exercise your right to object, we shall refrain from all further processing of your data for direct advertising.
7. Prohibition of automated decisions / Profiling (Article 22 GDPR)
Decisions that entail a legal consequence for you or materially impair you will not be based exclusively on automated processing of personal data, including profiling. This will not apply insofar as such automated decision
In principle, decisions based exclusively on automated processing of particular categories of personal data are impermissible, unless Article 22 (4) in conjunction with Article 9 (2), letter a or letter g GDPR apply, and appropriate measures for protecting your rights, freedoms and legitimate interests have been taken.
8. Legal protection options / Right to complain to the supervisory authority
If you have any complaints, you may at any time turn to the relevant supervisory authority of the European Union or its Member States. For our company, the supervisory authority specified in Section II is the relevant supervisory authority.
XII. Alterations of the Data Protection Declaration, Language Versions
1. We reserve the right to alter the data protection declaration in irregular intervals and will inform you about the significant changes and the impact they will have on the use of your personal data. You have access to the respective current version on our websites under the link “data protection”.