Privacy policy

We process your data always in accordance with the legal regulations, in particular with the German Telemedia Act, theRegulation (EU) 2016/679 General Data Regulation (GDPR) of the European Parliament and of the Council of 27 April 2016 onthe protection of individuals withregard tothe processing ofpersonaldata, and on the free movement of such dataand repealing Commission Directive 95/46/EG (Basic Regulation on data protection) and in accordance with the German Federal Data Protection Act, as far as this still applies.

1. General

(1) This data privacy statement gives an overview,which information is collected or stored when you visit our website and how it is used.This statement also explains how to verify the accuracy of the personal information we hold about you and how to delete, block or update such personal information in our database.

(2) Basically, we process personal data of our users only insofar as this is necessary for a functioning website and for our content and services.Further uses are listed in the following regulations.The processing of personal data of our users takes place only with the consent of the useregularly.An exception applies, if it is not possible to obtain prior consent for factual reasons and data processing is permitted by law.

(3) Legal basis for processing of personal data
Insofar as we obtain the consent of the data subject for processing of his or her personal data, Art. 6 (1) (a) GDPR is the legal basis. In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b)GDPRis the legal basis. This also applies to processing operations, which are necessaryfor the implementation of pre-contractual measures. Insofar as data processing is necessary for compliance with a legal obligation, Art. 6 (1)(c)GDPR is legal the basis. In case data processing is necessaryin order to protect the vital interests of the data subject or of another natural person, Art. 6 (1) (d)GDPR is the legal basis. If processing is necessaryto safeguardthe legitimate interests of our company or a third partyandinterestsor fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) (f) GDPRis the legal basis for the data processing.

(4) Erasure of personal data and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is omitted.In addition, such storage may be provided because theEuropean or national legislator set such in EU regulations, laws or other regulations to which the controller is subject.Blocking or deletion of the data also takes place when a storage period prescribed by the regulations mentioned expires, unless there is a need for further data storage for conclusion of a contract or performance of the contract.

(5) Transfer of personal data

If your data is transferred to other companies or subcontractors, this will only be done in compliance with the present data protection regulations and the statutory provisions as well as to fulfil the contractual obligations, e.g. the provider can see corresponding statistical data, if necessary.

Your personal data will not be transferred to third parties outside the company without your explicit consent. External service providers, who process data on our behalf, are contractually obliged.These service providers are especially prohibited from using your data for other than the original underlying purposes.

We will provide third parties with furtherdata thanprovided by you, in particular to such data you have made available to usjust for handling of the contract for internal purposes, only in case of a corresponding statutory obligation or to safeguard legitimate interests.

Due to legal requirements, especially for tax purposes, we may be obliged to store your data beyond the period of your use of our website.However, we will only store the data to the extentrequired, taking into account the statutory provisions.

(6) Data storage location

Your data will be processed on servers located in Germany and thus within the scope of the EU level of data protection.We must point out any exemptions accordingto no. 3 of these regulations.

2. Collection of personal data

a. Collecting general data when visiting the website

(1) If you just visit our website, we only save access data within so-called server log files. This is data your browser makes transmits without any personal connection.

• Browser type and browser version
• Operating system used
• Referrer-URL (previously visited website)
• Websites accessed by the user’s system through our website
• the user’s internet service provider
• Host name of the accessing computer (IP address)
• Date and time of the server access

We are not able to assign these data to specific persons.A collection of this data with other data sources is not done, the data also is deleted after a statistical evaluation.For this purpose, the user’s access to our websites, including the IP address, is stored in the server log files.These log files are prepared monthly for statistical evaluations with an analysis software and then deleted.It is not possible for us to draw conclusions concerning a certain person when using the data.

(2) The legal basis for this data processing is Art. 6 (1)(f) GDPR. On the one hand, legitimate interests arise from the need to present and optimize the content of the website in a technically correct manner. Furthermore, the data collection is necessary to ensure the functionality of the website in case of attacks by third parties and to allow prosecution of such attacks.

(3) The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer.Therefore, the user’s IP address must be stored for the duration of the session.In these purposes, our legitimate interest of data processing is justified in the sense of Art. 6 (1) (f) GDPR.

(4) The data will be deleted as soon as it is no longer necessary for the purpose it was collected for.Incase of data collection for providing the website, this is the case when the respective session is completed.

(5) The date collection for the providing the website and the storage of the data in log files is essential for the operation of the website.As a result, the user has no possibility to object.

b. Collection of personal data on a contractual basis

(1) Some of our website features ask the user to enter personal data, such as name, e-mail or postal address.Entering names and details is voluntary here.The data processing is preceded by the consent of the user, Art. 6 (1) (a) GDPR, or a voluntary basis.

(2) The processing of the above-mentioned data takes place on the basis of Art. 6 (1) (b) GDPR for that matter.The data processing is necessary for contact for contracting, the fulfilment of a possible contract, or of other pre-contractual measures given.If there should be a legal obligation requiring the personal data processing, such as the exercise of tax obligations, the basis for the processing is Art. 6 (1) (c). GDPR.

3. Third Party Plug-Ins

(1) Legitimate Interest

The use of the third-party plug-ins mentioned below has been checked in terms of data protection law and is based on Art. 6 (f) GDPR in order to safeguard legitimate interests and to improve our website.

(2) Privacy Policy for the use of Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

IP anonymization

We have enabled the function IP anonymization on this website. As a result, your IP address will be shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases, the full IP address is transmitted to a server of Google in the USA and shortened there.
On behalf of this website owner, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website owner with other services relating to website and Internet use.
The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Click here to disable Google Analytics

For more information about how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Contract data processing

We have entered into a contract for data processing with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographics in Google Analytics

This website uses the feature “demographics” of Google Analytics. Therefore, reports can be created that contain statements on the age, gender and interests of the website visitors.This datahas been obtained from interest-based advertisingby Google and third-party visitor data. This data cannot be associated to identify a certain person. You can disable this feature at any time via the ad settings in your Google Account, or generally prohibit the collection of your data by Google Analytics as described in the section “Opposition to Data Collection”.

(3) LinkedIn
On our website, we use LinkedIn’s analytics and conversion tracking technology, an offer from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn’s aforementioned technology can show you more relevant, interest-based advertising.We also receive aggregated and anonymous reports from LinkedIn on ad activities and information about how you interact with our website.LinkedIn uses cookies for that.These cookies are used to clearly identify a web browser on a particular computer, have a validity period of 30 days and contain no personal data and are therefore not used for the personal identification of our website users. The cookie analyses how you interact with our website (such as the website that referred you to us, how long you stayed, what offers you were interested in) and whether or not you are a member of the platform LinkedIn. The information obtained through the cookie is used to create the aforementioned anonymous statistics and reports and to provide you withinterest- based advertising. For further information on LinkedIn data protection,click here. Whether you are are registered member on LinkedIn or not, it is possible to object to the analyses of your LinkedIn usage behaviour and the display of interest-based recommendations (“opt-out”); therefore use the button “Decline on LinkedIn” (for LinkedIn members) or the button “Decline” (for other users) at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We point out that refusing such advertisements does not remove ads from the pages you visit. It simply means that the ads shown to you are not necessarily matched to your personal interests.

(4) Facebook Pixel

This website uses the Facebook Pixel remarketing feature of Facebook Inc (“Facebook”). This function is used to present the visitors of this website, as part of their visit to the social network Facebook, interest-based advertisements (“Facebook Ads”). For this purpose, the Facebook remarketing tag was implemented on this website. This possible optimisation by us is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. A direct connection to the Facebook servers is made through this tag when visiting the website. It is transferred to the Facebook server that you have visited this website and Facebook assigns this information to your personal user account on Facebook. For further information on the collection and using of data by Facebook, as well as your rights in this regard and ways to protect your privacy, please refer to the Privacy Policy of Facebook at https://www.facebook.com/about/privacy/. Alternatively, you can disable the remarketing feature „Custom Audiences“ at https://www.facebook.com/settings/?tab=ads#_=_. You have to be logged in to Facebook for this.

But we neither use the so-called “custom audience” feature, nor an “advanced comparison” or “look-alike audiences”, so that we do not provide Facebook with our own customer data to populate its database.

(5) Google Adwords Remarketing / Display Advertisment.

This website is using Google remarketing tags. These are the services of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). Google uses cookies, i.e. text files to be stored on your computer and allowing an analysis of your use of our website. The information generated by the cookie about your use of this website (including your IP address) is usually transmitted to a Google server in the USA and will be stored there. The IP address is then deducted from Google to the last three digits to ensure that an unambiguous assignment of the IP address is no longer possible. Google respects the privacy policy of the “US Safe Harbor” agreement and is registered with the “Safe Harbor” program of the US Department of Commerce. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties if required by law or if such third parties process the information on behalf of Google. Third party providers, including Google, show your ads on websites on the Internet. Third party providers, including Google, use stored cookies to place advertisements based on someone’s visits of this website in the past. In no event will Google associate your IP address with any other data held by Google. The data collection and storage can be revoked at any time with effect for the future. You can deactivate the use of cookies by Google by accessing the website below to deactivate Google advertising http://www.google.de/settings/ads . We like to inform you, however, that you may not be able to use all features of this website in this case. By using this website you accept that Google processes your data in the manner described above and for the aforementioned purpose. The data collection and storage can be revoked at any time with effect for the future. For more information about the terms and conditions of Google, please visit http://www.google.com/intl/de/policies/privacy/

(6) YOUTUBE

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

(7) VIMEO

Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored. If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account. For more information on how to handle user data, please refer to the Vimeo Privacy Policy at https://vimeo.com/privacy.

(8) Payment services

Among other things, we offer payment via payment services on our website. If you choose to pay by using a payment service (such as PayPal, Paymill, or Amazon Pay), the payment details you enter will be sent to the payment service that collects your data. A revocation does not affect the effectiveness von of data-processing operations in the past. The payment service provider sets a cookie as soon as you activate payment via the provider. In this case, your data will be transferred on the basis of Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (processing for the performance of a contract). You have the possibility to revoke your consent to data processing at any time.

(9) Social Media

The social media icons are just links. There is no integration of the tools in our website.

3 . Cookies

(1) Our website uses cookies. Cookies are text files that are stored in the Internet browser or rather on the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.
(2) There are cookies which will be deleted after the end of the browser session (so-called session ID cookies). The cookies are used for the purpose of authorization, identification and obtaining specific information such as information on whether you wish to remain logged in. After one hour the cookies will be automatically deleted .
(3) The user data collected in this way will be pseudonymised by means of technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data will not be stored together with other personal data of the user.
(4) While accessing our website,the users are informed about the use of cookies for analysis purposes by an information banner and will be referred to this privacy policy or, if necessary, consent to the processing of personal data in connection with cookies is obtained.
In that regard, there is also an indication of how the storage of cookies in the browser settings can be prevented.
(5) If cookies are stored on your PC additionally, you have control over whether and when these cookies are deleted. Please use the corresponding function in your browser.
(6) With most Internet browsers, you can delete cookies from your hard disk, lock them, or receive a warning before a cookie is deposited. You can set your browser so that you are informed about the setting of cookies, you can decide on a case-by-case basis, or you can preclude the general acceptance of cookies. The non-acceptance of cookies may limit the functionality of our website. Please refer to the user manual of your browser or the manufacturer of the browser for information regarding how to set the programs accordingly.
(7) Only with your prior consent we will associate such automatically stored information with the personal data that you have provided to us previously (for example, during the registration) on our websites.
(8)The utilization of data from set cookies is done on the basis of Art. 6 f) GDPR for the protection of legitimate interests, whereas we assume that your interests, fundamental rights and freedoms are not restricted by this, as personal data is neither gained by us nor by third parties. Additionally, it is basically statistical data adjusted to your user behavior and, if necessary, other factors like pricing, but not data that may lead to an individual identification.

4. Data security

(1) We secure our websites and the connected systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons by technical and organizational measures.
2) You should always keep your access information confidential and close the browser window, when you have stopped using it, to prevent misuse of your account, especially if you share the computer with others.
(3) We are not liable for the content of other providers, which can be reached via the hyperlinks on our websites. Links on our website refer to content that is not stored on our own servers. External content was checked for links for illegality and criminal liability. Nevertheless, it can’t be ruled out that content will be changed by vendors afterwards.

5. Contact form / E-Mail

(1) For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy.
(2) Alternatively, contact via the provided e-mail address is possible. In this case, the user’s personal data transmitted by e-mail will be stored.
(3) In this context, there will be no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
(4) Legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPRin case of consent of the user.
(5) The legal basis for the processing of the data transmitted in the course of sending an e-mail is article 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
(6) The processing of the personal data from the input mask serves us only for processing the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
(7) Additional personal data collected during the sending process will be deleted at the latest after a time period of seven days.
(8) The user has the possibility to give his consent to the processing of the personal data by means of communication by e-mail or post to the responsible office (see below) at any time.

6. Newsletter data

(1) If you wish to receive the newsletter offered on the website, we require an e-mail address from you, as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agreed to receive the e-mail newsletters. Further data is not collected. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties.
(2) You may revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter.
(3) The legal basis for the processing of the data after registration for the newsletter by the user is in the presence of a consent Art. 6 para. 1 lit. a GDPR.
(4) The data will be deleted as soon as they are no longer necessary for the purpose of their collection. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active.

7. Registration

(1)Depending on the current design of the website and the offer, we offer our usersthe opportunity to register on our website by providing personal information. The data is entered into an input mask, transmitted to us and stored. A transfer of data to third parties does not take place. The registration will only collect the data necessary for the purpose of the registration.
(2) As part of the registration process, the consent of the user to process this data is obtained. Legal basis for the processing of the data is the presence of the consent of the user Art. 6 para. 1 lit. a GDPR. If the registration serves the fulfillment of a contract of which the user is a party or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.
(3) The registration is required for the provision of certain contents and services as well as for the fulfillment of a contract with the user, or for the execution of pre-contractual measures.
(4) The data will be deleted as soon as the purpose of their collection is no longer necessary.
(5) As a user, you have the option of canceling the registration at any time. You can change the data stored about you at any time.

8. SSL-Encryption

This website uses SSL encryption for safety matter as well as to protect the transfer of confidential data like contact inquiries you send to us. An encrypted connection can be identified by a symbolized lock in the address-bar of your browser as well as by the address being “https://” instead of “http://”. If SSL is activated, data may be transferred without third parties being abled to read this data.

9. Your rights as data subject

If your personal data is processed, you are ‘data subject’as laid down in GDPR and you have following rights to the controller:

a. Right of access
You may ask the controller to confirm if your personal data is processed by us.

If so, you can request details about following information from the controller:

(1) the purposes of processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom your personal data have been or will be disclosed
(4) the envisaged period for which the personal data will be stored, or, if specific information is not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) any available information as to their source;where the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, referred to in Art. 22(1) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information, if your personal have been transferred to third countries or international organisations.In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

b. Right to rectification
You have the right to obtain the rectification and/or completion of inaccurate or incomplete personal data concerning you. The controller has to make the rectification without undue delay.

c. Right to restriction of processing
Under the following conditions you have the right to obtain from the controller restriction of processingof personal data concerning you:

(1) if you contest accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
(2) if processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) if the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
(4) if you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.

Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing pursuant to the above-mentioned conditions,you will be informed by the controller before the restriction of processing is lifted.

d. Right to erasure (‘right to be forgotten’)
Erasure obligations
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(1) Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) You withdraw consent on which the processing is based according to Art. 6(1) (a) GDPR, or Art. 9(2) (a) GDPR, and where there is no other legal ground for the processing;
(3) You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;
(4) Your personal data have been unlawfully processed.
(5) Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) Your personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Exceptions
There is no right to erasure, to the extent that processing is necessary:

(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) GDPR as well as Art. 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.

e. Right to information
If you have asserted the right to rectification, erasureor restriction of processing to the controller, the controller hasto communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about those recipients by the controller.

f. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format.

You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6(1) (b) GDPR and
(2) the processing is carried out by automated means.

In exercising these rights,you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.Rights and freedoms of othersshall not be affected by that.

That right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g. Right to object
You have the right to object, on grounds relating your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR including profiling based on those provisions.

The controller no longer processes your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes,your personal data are no longer processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the right to object by automated means using technical specifications.

h. Right to revocation of declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time.The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

i. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.This shall not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between the data subject and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.

But these shall not be based on special categories of personal data referred to in Art. 9(2)1) GDPR, unless Art. 9 (2) (a) or (g) of GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.In the cases referred to in points (1) and (3), the data controller implements suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

j. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

10. Contact for data protection

Controller within the meaning of GDPR is

VALLONE GmbH
UNESCO World Heritage Zollverein
Gelsenkirchener Str. 181
45309 Essen – Germany

T +49.201.857 914 22-0
F +49.201.857 914 22-9
E info@vallone.de

Data protection officer of the controller is:

Björn Leineweber
BELA Datenschutz UG
Ruhrtalstr. 67
45239 Essen
Germany

Tel.: +49 201 246 888 00
E-Mail: leineweber@datenschutz-ruhr.de
Website: www.datenschutz-ruhr.de

11. Update to this Policy

We may change this privacy policy from time to time due to legal, technical or commercial changes.If we update it, we will take measures adequate to the importance of the changes to inform you. If we make important changes to our privacy policy, we will gather your consent, if this is mandatory due to the privacy laws. The date of the last changes to this policy is given at the end of this policy.

Last Update: 25th of May 2018