Privacy policy
Data Protection :
We see data protection as a
sign of quality for our customers. Because the protection of your
personal data is important to us, particularly as regards compliance
with identity law in the processing and use of this information, we
would like to provide you with the following information:
I. Name and address of the controller
The controller within the meaning of the General Data Protection
Regulation and other national data protection legislation of the Member
States as well as other provisions of data protection legislation is:
Leser GmbH
Gottlieb-Daimler-Strasse 11
77933 Lahr
Germany
Tel.: +49 (0)7821 - 5803 - 0
E-mail: leser@leser.de
Website: www.leser.de
II. Name and address of the data protection officer
Our data protection officer can be contacted at the aforementioned
address, for the attention of Mr. J. Leiser, or by writing an e-mail to
the address vadslese(at)leser.de.
III. General points about data processing
1. Scope of the processing of personal data
We only ever process our users’ personal data to the extent this is
necessary to provide a functioning website as well as our content and
services. The processing of our users’ personal data is normally subject
to consent thereto being granted by our users. An exception applies in
those cases where, for practical reasons, it is not possible to obtain
prior consent, and processing of the data is permitted by statutory
provisions.
2. Legal basis for the processing of personal data
To the extent that we obtain the consent of the data subject for the
processing of his or her personal data, Art. 6 (1) letter a of the EU
General Data Protection Regulation (GDPR) forms the legal basis for
this.
When the processing of personal data is necessary for the
performance of a contract to which the data subject is party, Art. 6 (1)
letter b GDPR forms the legal basis for this. This also applies to
processing needed to initiate a contract.
To the extent that the
processing of personal data is necessary for compliance with a legal
obligation to which our company is subject, Art. 6 (1) letter c GDPR
forms the legal basis for this.
In the event that vital interests of
the data subject or of another natural person necessitate a processing
of personal data, Art. 6 (1) letter d GDPR forms the legal basis for
this.
If processing is necessary for the purposes of safeguarding
the legitimate interests pursued by our company or by a third party,
except where such interests are overridden by the interests or
fundamental rights and freedoms of the data subject, Art. 6 (1) letter f
GDPR forms the legal basis for this.
3. Data erasure and storage duration
The data subject’s personal data is erased or blocked as soon as the
purpose for which it is stored no longer applies. It may be stored
beyond this time if that is permitted by the European or national
legislator in EU laws, regulations and other legal acts to which the
controller is subject. Data is also blocked or erased when a storage
period prescribed by the aforementioned norms expires unless there is a
necessity to store the data for a longer period for the purposes of the
conclusion or performance of a contract.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Each time you visit our website, our system automatically collects data
and information from the system of the computer accessing the site.
The following data is collected:
(1) Information about the browser type and the version used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) The time and date of access
(6) Websites from which the user’s system was directed to our website
(7) Websites that the user’s system accesses via our website
The data is also stored in the log files of our system. This data is
not stored in combination with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) letter f GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary to
deliver the website to the user’s computer. For that reason, the user’s
IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the correct functioning of the
website. Furthermore, the data assist us in optimising the website and
ensuring the security of our IT systems. This data is not analysed for
marketing purposes.
The aforementioned purposes also constitute
our legitimate interest in the processing of data pursuant to Art. 6 (1)
letter f GDPR.
4. Duration of storage
The data is erased
as soon as it is no longer needed to achieve the purposes for which it
was collected. When data is collected in order to provide the website,
that data is erased as soon as the respective session ends.
When
data is stored in log files, that data is erased no later than after
seven days. It is possible for data to be stored for longer. In such
cases, the IP addresses of users are deleted or anonymised, meaning that
they can no longer be assigned to the clients accessing our website.
5. Right to object and have data erased
The collection of data in order to provide the website and the storage
of data in log files are essential for the operation of the website.
Consequently, the user has no right to object to this.
V. Use of cookies
Preliminary information:
You can find the duration for which cookies are stored in the overview
in your browser’s cookie settings. By altering your browser settings you
can be informed of the placement of cookies and decide individually
whether to accept them, or prevent the acceptance of cookies in specific
cases or in general. Different browsers manage cookie settings
differently. This is described in the Help menu of each browser, which
explains to you how you can alter your cookie settings. You will find
these for the respective browsers under the following links:
Internet Explorer:
support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Safari:
support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Chrome:
support.google.com/chrome/bin/answer.py
Firefox:
support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Opera:
www.opera.com/help/tutorials/security/privacy/
If cookies are not accepted, the functionality of our website may be restricted.
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are saved in or
by the browser on the user’s computer system. When a user accesses a
website, a cookie may be stored on the user’s operating system. This
cookie contains a character string that enables the browser to be
identified uniquely when the user returns to the website.
We use
cookies to make our website more user-friendly. Some elements of our
website also require the accessing browser to be identified after the
user moves from one page to another.
The following data is stored and transferred during this process:
(1) Language settings
(2) Items in a shopping basket
(3) Login information
When a user accesses our website, he or she is informed about the use
of cookies and his or her consent is obtained to process the personal
data used in this connection. At the same time, the user is directed to
this data privacy statement.
The legal basis for the processing of personal data through the use of cookies is Art. 6 (1) letter f GDPR.
2. Purpose of data processing
The purpose of the use of technically necessary cookies is to simplify
the use of the website for its users. Some functions of our website
cannot be offered without the use of cookies. For these it is necessary
for the browser to be identified again even after the user moves from
one page to another.
We require cookies for the following applications:
(1) Shopping basket
(2) Provision of appropriate language settings
(3) Remembering search terms
User data collected by means of technically necessary cookies is not used to create user profiles.
Analysis cookies are used to improve the quality of our website and its
content. These analysis cookies enable us to find out how the website
is used and thus continually improve our offer.
Google Analytics
To continually optimise our website and design it in such a way that it
meets users’ needs, we use Google Analytics, a web analytics service
provided by Google Inc., (https://www.google.com/intl/en-GB/about) (1600
Amphitheatre Parkway, Mountain View, CA 94043, USA; hereafter
“Google”). This involves the creation of pseudonymised user profiles and
the use of cookies. The information generated by the cookie through
your use of this website, such as the
browser type/version,
operating system used,
referrer URL (the page previously visited)
host name of the accessing computer (IP address),
time of the server request
are transmitted to a Google server in the USA and stored there. This
information is used to analyse usage of the website, compile reports on
website activity and provide other services connected to use of the
website and the Internet for the purposes of market research and the
needs-based design of these websites. This information is also
transferred to third parties as long as this is legally required and
provided that these third parties carry out the processing on our
behalf. Your IP address is never combined with other Google data. The IP
addresses are anonymised so that it is not possible to assign them (IP
masking).
You can prevent the installation of the cookies by means
of an appropriate setting in the browser software; we would, however,
point out that in this case it may not be possible to make full use of
the functions on this website.
Furthermore, you can prevent Google
from collecting and processing the data generated by the cookie and
relating to your use of the website (including your IP address) by
downloading and installing a browser add-on
(https://tools.google.com/dlpage/gaoptout?hl=en-GB).
Alternatively
to the browser add-on, particularly in the case of browsers on mobile
devices, you can also click on this link to prevent the collection of
data by Google Analytics. An opt-out cookie is set that prevents the
future collection of your data when you visit this website. The opt-out
cookie only applies to that browser and only to our website and is
stored on your device. If you delete the cookies in that browser, you
have to set the opt-out cookie again.
More information about data
protection in relation to Google Analytics can be found, for example, in
the Google Analytics Help
(https://support.google.com/analytics/answer/6004245?hl=en-GB).
The aforementioned purposes also constitute our legitimate interest in
the processing of personal data pursuant to Art. 6 (1) letter f GDPR.
AWStats
To enable us to statistically analyse our website, we use the AWStats
program. The program is open source web analytics software. It is used
to analyse log files that the web server generates on the basis of user
requests. The program does not use cookie data for the analysis. The
statistical analysis is carried out via the log files, which also
contain IP addresses. Generally, this data cannot be assigned to
particular individuals. This data is not combined with other data
sources. The data is also erased after each statistical analysis.
In
contrast to other statistics programs, AWStats does not transmit data
to a third-party server. The program is installed on its own hosting
package. Thus, for example, transfer of data to another country is
prevented as our server is located in Germany.
We use Hotjar to better understand the needs of our users and to optimise this service and their experience. Hotjar is a technology service that helps us better understand user behaviour (e.g. how much time they spend on which pages, which links they choose, what users like and dislike, etc.), allowing us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on the behaviour of our users and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to view our website. Hotjar stores this information in a pseudonymised user profile on our behalf. Hotjar is contractually obliged not to sell any of the data collected on our behalf. For more details, see the "About Hotjar" section on the Hotjar support page.
Microsoft Bing Ads
The website uses the “Bing Ads” remarketing function provided by
Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA.
(“Microsoft Advertising”). Microsoft Bing Ads stores a cookie on your
computer if you came to our website via a Microsoft Bing advertisement.
This allows Microsoft Bing and us to detect that someone has clicked on
an advertisement, was redirected to our website and has reached a
specific target page previously determined (conversion page). We will
only be informed of the total number of users that have clicked on a
Bing advertisement and then were redirected to the conversion page.
Personal information about the user’s identity will not be disclosed.
If you do not wish Microsoft to use information about your behaviour as
explained above, you can reject the placing of a cookie that is
required for this, e.g. by making a browser setting that deactivates the
automatic placing of cook1ies altogether. In addition, you can prevent
acquisition by Microsoft of the data generated by the cookie that relate
to your use of the website and the processing of these data by
Microsoft by declaring your objection at the following link: https://choice.microsoft.com/de-DE/opt-out. More information about data privacy and the cookies used at Microsoft and Bing Ads is provided on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement.
Bing Universal Event Tracking (UET)
On our website, data are acquired and stored with Bing Ads technologies
to create usage profiles based on pseudonyms. This is a service
provided by Microsoft Corporation, One Microsoft Way, Redmond, WA
98052-6399, USA. This service allows us to track the activities of users
on our website if they came to our website via Bing Ads advertisements.
If you get to our website via such an advertisement, a cookie will be
placed on your computer. A Bing UET tag is integrated on our website.
This is a code via which, in connection with the cookie, some
non-personal data about the use of the website will be stored. This
includes the duration of the visit to the website, the areas of the
website that were visited and the advertisement via which the user came
to the website. Information about your identity is not collected.
The information acquired will be transmitted to Microsoft servers in the
USA and stored there for a maximum of 180 days on principle. You can
prevent acquisition of the data generated by the cookie that relate to
your use of the website and the processing of these data by disabling
cookies. This may restrict the functionality of the website.
Moreover, Microsoft can potentially use so-called cross-device tuning to
track your user behaviour across multiple electronic devices and due to
this may be able to show you personalised advertisements on Microsoft
websites and in Microsoft apps. You can disable this behaviour at https://choice.microsoft.com/de-de/opt-out.
More detailed information about Bing’s analysis services is provided on the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/de/53056/2). More detailed information about data privacy at Microsoft and Bing is provided in the Microsoft data privacy statement (https://privacy.microsoft.com/de-de/privacystatement).
Brevo Tracker (formerly Sendinblue) We use the ‘Brevo Tracker’ service provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, to analyse user behaviour on our website and optimise our marketing measures. Information about user behaviour (e.g. pages visited, interactions) is collected and stored. Processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with future effect. Further information can be found in Brevo's privacy policy: https://www.brevo.com/de/legal/privacypolicy/.
Meta Pixel (formerly Facebook Pixel) We use the ‘Meta Pixel’ from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, on our website. This pixel enables us to track the behaviour of users after they have been redirected to our website by clicking on a Facebook advertisement. This enables us to measure the effectiveness of Facebook advertisements for statistical and market research purposes. The data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Further information on data processing by Meta can be found at: https://www.facebook.com/about/privacy/.e-recht24.de+2bild.de+2welt.de+2
Microsoft Clarity This website uses ‘Microsoft Clarity’, a web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Clarity enables us to analyse user behaviour on our website in order to improve user-friendliness. In particular, mouse movements, clicks and scrolling behaviour are recorded. The data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. The data collected may be transferred to the USA. Microsoft is certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection. Further information can be found in Microsoft's privacy policy: [https://privacy.microsoft.com/de-de/priv ... ](https://privacy.microsoft.com/de-de ... ).readdata.de+4glastuershop24.de+4bild.de+4mso.dethrivebiz.de+2e-recht24.de+2e-recht24.de+2
Google Tag Manager We use Google Tag Manager from Google Ireland Limited, Gordon House, ... . Google Tag Manager is used to manage website tags via an interface. The service itself does not process any personal data of users. Google Tag Manager only triggers other tags, which may in turn collect data. Further information on data protection can be found in Google's terms of use: https://www.google.com/intl/de/tagmanager/use-policy.html.e-recht24.de+2bild.de+2welt.de+2
Cookie consent tool We use a cookie consent tool on our website to obtain your consent to the storage of certain cookies on your device and to document this in accordance with data protection regulations. When you use the consent tool, the following data is processed: your consent(s) or withdrawal of your consent(s), your IP address, information about your browser, your device and the time of your visit. The data is processed to fulfil a legal obligation in accordance with Art. 6 para. ... c GDPR.
Meta Advertising
We have no influence on data collection and further processing by Meta
Platforms. Furthermore, it is not clear to us to what extent, where and
for how long the data is stored by Meta Platforms, to what extent Meta
Platforms complies with its deletion obligations, what evaluations and
links are made with the data by Meta Platforms and to whom the data is
passed on by Meta Platforms. If you wish to prevent Meta Platforms from
processing personal data that you have transmitted to us, please contact
us by other means.
Insofar as the data you provide to us via Meta Platforms is also or exclusively processed by Meta Platforms (Insights data), Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is also responsible for data processing within the meaning of the General Data Protection Regulation (GDPR). In this respect, data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR, which you can view here: www.facebook.com/legal/terms/page_controller_addendum
Furthermore, for the use of certain Meta Platforms products, such as the so-called “Meta Platforms Business Tools”, and for data processing carried out through them, an additional agreement applies between us and Meta Platforms Ireland Ltd. as joint controllers pursuant to Art. 26 GDPR, which can be viewed here: www.facebook.com/legal/controller_addendum
The controller of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
For the processing of your personal data on this website, we, together with Meta Platforms Inc. (“Meta”), are “joint controllers” within the meaning of Art. 26 GDPR, as we use the technical platform and services of Meta Platforms Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, for Instagram.
By using it, your personal data will be collected, transferred, stored, disclosed and used by Meta Platforms Inc. and transferred to, stored and used in the United States, Ireland and any other country in which Facebook does business, regardless of your place of residence.
Meta Platforms Inc. processes your voluntarily entered data such as name and user name, e-mail address and telephone number.
On the other hand, Meta Platforms Inc. also evaluates the content you share to determine which topics you are interested in, stores and processes confidential messages that you send directly to other users and can determine your location using GPS data, wireless network information or your IP address in order to send you advertising or other content.
Finally, Facebook also receives information when you view content, for example, even if you have not created an account. This so-called “log data” may include your IP address, browser type, operating system, information about the website and pages you have previously visited, your location, your mobile phone provider, the device you are using (including device ID and application ID), the search terms you have used and cookie information.
You can contact Meta Platforms' Data Protection Officer via the online contact form provided by Meta Platforms at www.facebook.com/help/contact/540977946302970.
Facebook
Facebook is part of the Meta Platforms group of companies and shares infrastructure, systems, technology and possibly personal data (e.g. personal data, IP numbers, etc.) with Meta and other companies in the group. You can find more information on data processing in Facebook's privacy policy at www.facebook.com/privacy/policy/
Instagram
Instagram is part of the Meta Platforms Inc. group of companies and
shares infrastructure, systems, technology and possibly personal data
(e.g. personal data, IP numbers, etc.) with Facebook and other Facebook
companies.
We process personal data ourselves via our Instagram page, but at the same time data is also processed by Facebook as the operator of the Instagram platform.
Please check carefully what personal data you share with us via Instagram. As long as you are logged in with your Instagram account and visit our Instagram page, Instagram can assign this to your Facebook profile. We expressly point out that Instagram passes this data on to Facebook and its affiliated companies. Facebook stores the data of its users (e.g. personal information, IP address, etc.) and may also use it for business purposes.
You can find more information on data processing by Instagram and Facebook at www.instagram.com/legal/privacy/ and de-de.facebook.com/policy.php.
Data processing for statistical and marketing purposes at Meta Platforms
Page Insights
Meta Platforms provides us with so-called page insights for our Meta Platforms page: www.metaplatforms.com/business/a/page/page-insights. This is aggregated data that allows us to gain insight into how people interact with our site. Page Insights may be based on personal data collected in connection with a visit or interaction of persons on or with our site and its content. According to Art. 6 para. 1 lit. f GDPR, this serves to safeguard our legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties, which predominate in the context of a balancing of interests. You can object to the processing of your data for the aforementioned purposes at any time by changing your settings for advertisements in your Meta Platforms user account accordingly.
Meta Platforms Lead Ads
We use the
“Lead Ads” function of Meta Platforms Ireland Limited, 4 Grand Canal
Square, Dublin 2, Ireland (“Meta Platforms”) to collect and process
certain personal data of interested parties - so-called leads - via a
contact form (so-called “instant form”) displayed on Meta Platforms
websites. The content and scope of the data requested in this form
depends on the focus of the respective lead campaign. The processing of
the data is strictly bound to the purposes pursued with the respective
lead ad campaign. These purposes are clearly stated in the lead ad or on
the form provided before the specified data is transmitted. Depending
on the focus of the lead ad campaign, the legal basis for data
processing is either your express consent in accordance with Art. 6
para. 1 lit. a GDPR (e.g. for direct advertising measures such as
registration for e-mail newsletter dispatch) or our legitimate interest
in the optimal marketing of our offer in accordance with Art. 6 para. 1
lit. f GDPR. The data will not be passed on to third parties. As part of
the aforementioned services, data transmitted via instant forms may be
stored on servers of Meta Platforms Inc, 1601 Willow Rd, Menlo Park, CA
94025, USA. Further information on data processing via Meta Platforms
Lead Ads can be found in Meta Platforms' data policy.
Data processing when contacting us
We collect personal data ourselves when you contact us, e.g. via
contact form or messenger. You can see which data we collect when you
contact us via the contact form from the relevant contact form. This
data is stored and used exclusively for the purpose of responding to
your request or for contacting you and the associated technical
administration. The legal basis for the processing of the data is our
legitimate interest in responding to your request in accordance with
Art. 6 para. 1 lit. f GDPR. If your contact is aimed at the conclusion
of a contract, the additional legal basis for the processing is Art. 6
para. 1 lit. b GDPR. Your data will be deleted after final processing of
your request, provided that there are no legal storage obligations to
the contrary. We assume that processing has been completed when it can
be inferred from the circumstances that the matter in question has been
conclusively clarified.
Duration of storage of personal data
The duration of the storage of personal data is determined by the
respective legal basis, the purpose of processing and - if applicable -
additionally by the respective statutory retention period (e.g.
retention periods under commercial and tax law). When processing
personal data on the basis of express consent in accordance with Art. 6
para. 1 lit. a GDPR, this data is stored until the data subject
withdraws their consent. If there are statutory retention periods for
data that is processed within the framework of legal or similar
obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will
be routinely deleted after the retention periods have expired, provided
that it is no longer required for contract fulfillment or contract
initiation and/or we no longer have a legitimate interest in further
storage.
When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 2 GDPR. Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
3. Duration of storage, right to object and have data erased
Cookies are stored on the user’s computer and transferred from it to
our website. You as a user therefore have full control of the use of
cookies. By altering the settings in your web browser, you can
deactivate or restrict the transfer of cookies. You can delete stored
cookies at any time. This can also be done automatically. If cookies are
deactivated for our website, it may no longer be possible to make full
use of all the functions of the website.
VI. Newsletter
1. Description and scope of data processing
You can subscribe to a newsletter free-of-charge on our website. When
you register for the newsletter, the data in the form is transferred to
us.
- Gender
- First name
- Surname
- E-mail address
- Newsletter version
- Registration / Deregistration
The following data is also collected during registration:
(1) Date and time of registration
As part of the registration process, your consent to the processing of
data is obtained and you are referred to this data privacy statement.
When you purchase goods or services on our website and enter your
e-mail address during that process, that address may then be used by us
to dispatch a newsletter. In such a case, the newsletter is sent
exclusively for the direct marketing of our own or similar goods or
services.
No data is passed onto third parties in connection with
the data processing for the dispatch of newsletters. The data is used
solely for dispatch of the newsletter.
2. Legal basis for data processing
The legal basis for the processing of data after a user registers for
the newsletter is the existence of a consent granted by the user
pursuant to Art. 6 (1) letter a GDPR.
The legal basis for the
dispatch of the newsletter as a consequence of the sale of goods or
services is section 7 (3) of the German Act against Unfair Competition
(UWG).
3. Purpose of data processing
The user’s e-mail address is collected in order to deliver the newsletter.
4. Duration of storage
The data is erased as soon as it is no longer needed to achieve the
purposes for which it was collected. The user’s e-mail address is stored
for as long as the subscription to the newsletter is active.
5. Right to object and have data erased
The subscription to the newsletter can be terminated at any time by the
user concerned. Each newsletter includes a correspond link for that
purpose.
6. If you subscribe to our company's newsletter, the
data in the respective input mask will be transmitted to the data
controller. Subscription to our newsletter takes place in a so-called
double opt-in procedure. This means that after registering, you will
receive an email asking you to confirm your registration. This
confirmation is necessary so that no-one can register with other
people's email addresses. When registering for the newsletter, the
user's IP address and the date and time of registration are stored. This
serves to prevent misuse of the services or the e-mail address of the
person concerned. The data is not passed on to third parties. An
exception is made if there is a legal obligation to pass on the data.
The data is used exclusively for sending the newsletter. Subscription to
the newsletter can be cancelled by the data subject at any time.
Consent to the storage of personal data can also be revoked at any time.
There is a corresponding link in every newsletter for this purpose. The
legal basis for the processing of data after registration for the
newsletter by the user is Art. 6 para. 1 lit. a) GDPR if the user has
given consent. The legal basis for sending the newsletter as a result of
the sale of goods or services is Section 7 (3) UWG.
6.1 Use of
Brevo Description and purpose: We use Brevo to send newsletters. The
provider is Sendinblue GmbH, Köpenickerstraße 126, 10179 Berlin,
Germany. Among other things, Brevo is used to organise and analyse the
sending of newsletters. The data you enter for the purpose of
subscribing to the newsletter is stored on Brevo's servers in Germany.
If you do not wish to be analysed by Brevo, you must unsubscribe from
the newsletter. For this purpose, we provide a corresponding link in
every newsletter message. For the purpose of analysis, the emails sent
with Brevo contain a so-called tracking pixel, which connects to the
Brevo servers when the email is opened. In this way, it can be
determined whether a newsletter message has been opened. We can also use
Brevo to determine whether and which links in the newsletter message
have been clicked on. Optionally, links in the email can be set as
tracking links with which your clicks can be counted.
Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.
Recipient: The recipient of the data is Sendinblue GmbH.
Duration: The data stored by us as part of your consent for the purpose
of the newsletter will be stored by us until you unsubscribe from the
newsletter and deleted from both our servers and the servers of Brevo
after you unsubscribe from the newsletter. Data stored by us for other
purposes (e.g. e-mail addresses for the member area) remain unaffected
by this.
Revocation option: You have the option of revoking your
consent to data processing at any time with effect for the future. The
legality of the data processing operations that have already taken place
remains unaffected by the cancellation.
Further data protection information: For more information, please refer to Brevo's data security information at: https://www.brevo.com/legal/privacypolicy/. For more information on the analysis functions of Brevo, please refer to the following link: https://help.brevo.com/hc/en-us.
Transfer to third countries: The data will not be transferred to third countries.
VII. Registration
1. Description and scope of data processing
On our website we offer users the option to register. This entails them
providing personal data. The data is entered in a form, transferred to
us and stored. The data is not passed onto third parties. The following
data is collected during the registration process:
When your register, the following data is also stored:
Registration as a customer:
- Customer number
- Post code
- E-mail address
- Password
- Security code
Registration as an interested party:
- Gender
- First name
- Surname
- E-mail address
- Company name
- Street + door number
- Post code
- Place
- Country
- Telephone number
- Password
- Security code
Optional:
- VAT no.
- Fax
The user’s consent to the processing of this data is obtained during the registration process.
2. Legal basis for data processing
The legal basis for the processing of data is the existence of a
consent granted by the user pursuant to Art. 6 (1) letter a GDPR.
If the registration is intended for the performance of a contract to
which the user is a party, or needed to initiate a contract, the
additional legal basis for the processing of data is Art. 6 (1) letter b
GDPR.
3. Purpose of data processing
User registration is necessary for the provision of certain content and services on our website.
These are as follows:
- Item prices
- Current orders
- Invoices
- Outstanding receivables
- Conditions
- Contact persons
User registration is necessary for the performance of a contract with the user or for the initiation of a contract.
Data collection and use for contract execution
We collect personal data when you communicate it to us when placing an
order or contacting us (e.g. by means of a contact form or by e-mail).
Mandatory fields are marked as such since in these cases we inevitably
need the data for the execution of the contract or for the processing of
your enquiry, and if you do not provide that data you cannot complete
the order or send the enquiry. Which data is collected is clear from the
respective forms. We use the data communicated by you to execute a
contract or process your enquiry. After the contract has been fully
executed, your data is restricted for further processing and erased
after the expiry of any retention periods stipulated by tax legislation
and commercial law unless you have explicitly consented to further use
of your data or we have reserved the right to use of the data for a
longer period that is permitted by law and about which we inform you in
this statement.
4. Duration of storage
The data is erased as soon as it is no longer needed to achieve the purposes for which it was collected.
This is the case for data collected during the registration process for
the performance of a contract or for the initiation of a contract when
the data is no longer required for performance of the contract. Even
after a contract has been concluded, it may be necessary to store
personal data of the party to the contract in order to satisfy
contractual or statutory obligations.
5. Right to object and have data erased
As a user, you can terminate the registration at any time. You can at
any time amend the data concerning yourself that has been stored.
If
the data is necessary for the performance of a contract or for the
initiation of a contract, advance erasure of that data is only possible
to the extent that it does not conflict with contractual or statutory
obligations to erase data.
Users can raise an objection at any time by sending a message to the contact e-mail described above: vadslese(at)@leser.de
VIII. Contact form and e-mail contact
1. Description and scope of data processing
Our website includes a contact form that can be used to contact us
electronically. When a user opts to make contact in this way, the data
entered in the form is transferred to and stored by us. This data is:
- Title
- First name
- Name
- Company
- Post code
- Place
- E-mail
- Telephone no.
- Message
When the message is sent, the following data is also stored:
- The user’s IP address
- Date and time of registration
As part of the dispatch process, your consent to the processing of data
is obtained and you are referred to this data privacy statement.
Alternatively, you can contact us via the e-mail address provided. We
then store your personal data transferred with the e-mail.
No data is passed onto third parties in this connection. The data is used solely for the processing of the correspondence.
2. Legal basis for data processing
The legal basis for the processing of data is the existence of a
consent granted by the user pursuant to Art. 6 (1) letter a GDPR.
The legal basis for the processing of data communicated to us when we
receive an e-mail from you is Art. 6 (1) letter f GDPR. If the contact
by e-mail is directed towards the conclusion of a contract, the
additional legal basis for processing is Art. 6 (1) letter b GDPR.
3. Purpose of data processing
We process the personal data from the form solely for the purposes of
processing the contact request. If you contact us by e-mail, we also
have a required legitimate interest in processing the data.
The
other personal data processed during the dispatch process is used to
prevent abuse of the contact form and ensure the security of our IT
systems.
4. Duration of storage
The data is erased as soon
as it is no longer needed to achieve the purposes for which it was
collected. For the personal data from the input mask of the contact form
and for that sent by e-mail, this is the case when the respective
correspondence with the user has ended. The correspondence has ended
when the circumstances indicate that the matter concerned has been
definitively clarified.
The personal data additionally collected during the dispatch process is erased no later than after a period of seven days.
5. Right to object and have data erased
At any time the user has the right to withdraw his or her consent to
the processing of personal data. If the user contacts us by e-mail, he
or she can at any time object to the storage of his or her personal
data. In such a case, the correspondence is not continued.
Users can raise an objection at any time by sending a message to the contact e-mail described above: vadsleser(at)leser.de
All personal data stored during the process of making contact is erased in this case.
YouTube
We use components (videos) of the YouTube company on our website. In
doing so, we use the “enhanced data protection mode” option provided by
YouTube.
When you retrieve a page that has an embedded video, a
connection will be made to the YouTube servers and the content will
appear on the website via a communication to your browser.
According
to information provided by YouTube, in the “enhanced data protection
mode” data is only transferred to the YouTube server, and in particular
which of our websites you have visited, if you watch the video. If you
are logged into YouTube at the same time, this information will be
matched to your YouTube member account. You can prevent this from
happening by logging out of your member account before visiting our
website.
Further information about data protection by YouTube is provided by Google under the following link: policies.google.com/privacy
IX. Rights of the data subject
When your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right to access
You can request from the controller confirmation of whether we process your personal data.
If that is the case, you can ask to be informed by the controller about the following information:
(1) The purposes for which the personal data is processed
(2) The categories of personal data that are processed
(3) The recipients and categories of recipients to which your personal data was or is still being disclosed
(4) The planned duration of storage of your personal data or, if it is not possible to provide specific information regarding this, the criteria that apply to the duration of storage
(5) The existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to this processing
(6) The existence of a right to lodge a complaint with a supervisory authority
(7) All available information regarding the origin of the data if the personal data is not collected from the data subject
(8) The existence of any automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You are entitled to request information regarding whether your personal data is transferred to a third country or an international organisation. In this connection, you can ask to be notified of the appropriate safeguards pursuant to Art. 46 GDPR in connection with such transfer.
2. Right to rectification
You have the right vis-à-vis the controller to rectification and/or completion if your personal data that has been processed is inaccurate or incomplete. The controller must rectify or complete the data without undue delay.
3. Right to restriction of processing
In the following circumstances, you can request the restriction of processing of your personal data:
(1) If you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of its use;
(3)
if the controller no longer needs the personal data for the purposes of
the processing, but it is required by the data subject for the
establishment, exercise or defence of legal claims, or
(4) if you
have objected to processing pursuant to Art. 21 (1) GDPR pending
verification whether the legitimate grounds of the controller override
your grounds.
Where processing of your personal data has been
restricted, that data shall, with the exception of storage, only be
processed with your consent or for the establishment, exercise or
defence of legal claims or for the protection of the rights of another
natural person or legal entity or for reasons of important public
interest of the European Union or of a Member State.
If the
restriction of processing was obtained in accordance with the
aforementioned prerequisites, you will be informed by the controller
before the restriction of processing is lifted.
4. Right to erasure
a) Erasure obligation
You have the right to obtain from the controller the erasure of
personal data concerning yourself without undue delay and the controller
has the obligation to erase that data without undue delay where one of
the following grounds applies:
(1) Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing was based
according to Art. 6 (1) letter a or Art. 9 (2) letter a GDPR, and where
there is no other legal ground for the processing.
(3) You object
to the processing pursuant to Art. 21 (1) GDPR and there are no
overriding legitimate grounds for the processing, or you object to the
processing pursuant to Art. 21 (2) GDPR.
(4) Your personal data has been unlawfully processed.
(5) Your personal data has to be erased for compliance with a legal
obligation in European Union or Member State law to which the controller
is subject.
(6) Your personal data has been collected in
relation to the offer of information society services referred to in
Art. 8 (1) GDPR.
b) Information to third parties
Where the
controller has made your personal data public and is obliged pursuant to
Art. 17 (1) GDPR to erase that data, the controller, taking account of
available technology and the cost of implementation, shall take
reasonable steps, including technical measures, to inform controllers
which are processing the personal data that you as a data subject have
requested the erasure by such controllers of any links to, or copy or
replication of, that personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing
by European Union or Member State law to which the controller is
subject or for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the
controller;
(3) for reasons of public interest in the area of
public health in accordance with Art. 9 (2) letters h and i as well as
Art. 9 (3) GDPR;
(4) for archiving purposes in the public
interest, scientific or historical research purposes or statistical
purposes in accordance with Art. 89 (1) GDPR insofar as the right
referred to in paragraph a) is likely to render impossible or seriously
impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to notification
If you have asserted the right to rectification, erasure or the
restriction of processing vis-à-vis the controller, the controller is
obliged to communicate any rectification or erasure of personal data or
restriction of processing to each recipient to whom the personal data
have been disclosed, unless this proves impossible or involves
disproportionate effort.
The controller must inform you about those recipients if you request that.
6. Right to data portability
You have the right to receive in a structured, customary and
machine-readable format the personal data concerning yourself that you
have provided to the controller. You also have the right to transmit
that data to another controller without hindrance from the controller to
which the personal data has been provided, where
(1) the
processing is based on consent pursuant to Art. 6 (1) letter a GDPR or
Art. 9 (2) letter a GDPR or on a contract pursuant to Art. 6 (1) letter b
GDPR; and
(2) the processing is carried out by automated means.
In exercising your right to data portability, you further have the
right to have the personal data transmitted directly from one controller
to another, where technically feasible. This must not adversely affect
the rights and freedoms of others.
The right to data portability
does not apply to processing necessary for the performance of a task
carried out in the public interest or in the exercise of official
authority vested in the controller.
7. Right to object
You
have the right to object, on grounds arising from your particular
situation, at any time to the processing of your personal data, which
occurs on the basis of Art. 6 (1) letter e or f GDPR; this also applies
to profiling based on these provisions.
The controller no longer
processes your personal data unless the controller demonstrates
compelling legitimate grounds for the processing which override your
interests, rights and freedoms, or if the processing serves the
establishment, exercise or defence of legal claims.
Where your
personal data is processed for direct marketing purposes, you have the
right to object at any time to the processing of your personal data for
such marketing, which includes profiling to the extent that it is
related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and
notwithstanding Directive 2002/58/EC, you may exercise your right to
object by automated means using technical specifications.
8. Right to withdrawal of the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data
protection law at any time. Your withdrawal of your consent does not
affect the lawfulness of the processing that has taken place on the
basis of the consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on
automated processing, including profiling, which produces legal effects
concerning you or similarly significantly affects you. This does not
apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the data controller
(2) is authorised by European Union or Member State law to which the
controller is subject and which also lays down suitable measures to
safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions cannot be based on special categories of
personal data referred to in Article 9 (1) GDPR, unless Article 9 (2)
letter a or g GDPR applies and suitable measures to safeguard your
rights and freedoms and legitimate interests are in place.
In the
cases referred to in (1) and (3), the data controller shall implement
suitable measures to safeguard your rights and freedoms and legitimate
interests, at least the right to obtain human intervention on the part
of the controller, to express your point of view and to contest the
decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or non-judicial remedy,
you have the right to lodge a complaint with a supervisory authority, in
particular in the EU Member State where you live or work or where the
infringement allegedly took place, if you believe that the processing of
your personal data is in breach of the GDPR.
The competent supervisory authority can be found here at
www.baden-wuerttemberg.datenschutz.de
When you purchase goods or services on our website and enter your e-mail address during that process, that address may then be used by us to dispatch a newsletter. In such a case, the newsletter is sent exclusively for the direct marketing of our own or similar goods or services.
No data is passed onto third parties in connection with the data processing for the dispatch of newsletters. The data is used solely for dispatch of the newsletter.
2. Legal basis for data processing
The legal basis for the processing of data after a user registers for the newsletter is the existence of a consent granted by the user pursuant to Art. 6 (1) letter a GDPR.
The legal basis for the dispatch of the newsletter as a consequence of the sale of goods or services is section 7 (3) of the German Act against Unfair Competition (UWG).
3. Purpose of data processing
The user’s e-mail address is collected in order to deliver the newsletter.
4. Duration of storage
The data is erased as soon as it is no longer needed to achieve the purposes for which it was collected. The user’s e-mail address is stored for as long as the subscription to the newsletter is active.
5. Right to object and have data erased
The subscription to the newsletter can be terminated at any time by the user concerned. Each newsletter includes a correspond link for that purpose.
6. If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to the data controller. Subscription to our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's email addresses. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception is made if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. Subscription to the newsletter can be cancelled by the data subject at any time. Consent to the storage of personal data can also be revoked at any time. There is a corresponding link in every newsletter for this purpose. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a) GDPR if the user has given consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.6.1 Use of Brevo Description and purpose: We use Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenickerstraße 126, 10179 Berlin, Germany. Among other things, Brevo is used to organise and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on Brevo's servers in Germany. If you do not wish to be analysed by Brevo, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the emails sent with Brevo contain a so-called tracking pixel, which connects to the Brevo servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. We can also use Brevo to determine whether and which links in the newsletter message have been clicked on. Optionally, links in the email can be set as tracking links with which your clicks can be counted.
Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.
Recipient: The recipient of the data is Sendinblue GmbH.
Transfer to third countries: Data will not be transferred to third countries.
Duration: The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the servers of Brevo after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
Revocation option: You have the option of revoking your consent to data processing at any time with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
Further data protection information: For more information, please refer to Brevo's data security information at: https://www.brevo.com/legal/privacypolicy/. For more information on Brevo's analysis functions, please see the following link: https://help.brevo.com/hc/en-us.
VII. Registration
1. Description and scope of data processing
On our website we offer users the option to register. This entails them providing personal data. The data is entered in a form, transferred to us and stored. The data is not passed onto third parties. The following data is collected during the registration process:
When your register, the following data is also stored:
Registration as a customer:
- Customer number
- Post code
- E-mail address
- Password
- Security code
Registration as an interested party:
- Gender
- First name
- Surname
- E-mail address
- Company name
- Street + door number
- Post code
- Place
- Country
- Telephone number
- Password
- Security code
Optional:
- VAT no.
- Fax
The user’s consent to the processing of this data is obtained during the registration process.
2. Legal basis for data processing
The legal basis for the processing of data is the existence of a
consent granted by the user pursuant to Art. 6 (1) letter a GDPR.
If the registration is intended for the performance of a contract to
which the user is a party, or needed to initiate a contract, the
additional legal basis for the processing of data is Art. 6 (1) letter b
GDPR.
3. Purpose of data processing
User registration is necessary for the provision of certain content and services on our website.
These are as follows:
- Item prices
- Current orders
- Invoices
- Outstanding receivables
- Conditions
- Contact persons
User registration is necessary for the performance of a contract with the user or for the initiation of a contract.
Data collection and use for contract execution
We collect personal data when you communicate it to us when placing an
order or contacting us (e.g. by means of a contact form or by e-mail).
Mandatory fields are marked as such since in these cases we inevitably
need the data for the execution of the contract or for the processing of
your enquiry, and if you do not provide that data you cannot complete
the order or send the enquiry. Which data is collected is clear from the
respective forms. We use the data communicated by you to execute a
contract or process your enquiry. After the contract has been fully
executed, your data is restricted for further processing and erased
after the expiry of any retention periods stipulated by tax legislation
and commercial law unless you have explicitly consented to further use
of your data or we have reserved the right to use of the data for a
longer period that is permitted by law and about which we inform you in
this statement.
4. Duration of storage
The data is erased as soon as it is no longer needed to achieve the purposes for which it was collected.
This is the case for data collected during the registration process for
the performance of a contract or for the initiation of a contract when
the data is no longer required for performance of the contract. Even
after a contract has been concluded, it may be necessary to store
personal data of the party to the contract in order to satisfy
contractual or statutory obligations.
5. Right to object and have data erased
As a user, you can terminate the registration at any time. You can at
any time amend the data concerning yourself that has been stored.
If
the data is necessary for the performance of a contract or for the
initiation of a contract, advance erasure of that data is only possible
to the extent that it does not conflict with contractual or statutory
obligations to erase data.
Users can raise an objection at any time by sending a message to the contact e-mail described above: vadslese(at)@leser.de
VIII. Contact form and e-mail contact
1. Description and scope of data processing
Our website includes a contact form that can be used to contact us
electronically. When a user opts to make contact in this way, the data
entered in the form is transferred to and stored by us. This data is:
- Title
- First name
- Name
- Company
- Post code
- Place
- E-mail
- Telephone no.
- Message
When the message is sent, the following data is also stored:
- The user’s IP address
- Date and time of registration
As part of the dispatch process, your consent to the processing of data
is obtained and you are referred to this data privacy statement.
Alternatively, you can contact us via the e-mail address provided. We
then store your personal data transferred with the e-mail.
No data is passed onto third parties in this connection. The data is used solely for the processing of the correspondence.
2. Legal basis for data processing
The legal basis for the processing of data is the existence of a
consent granted by the user pursuant to Art. 6 (1) letter a GDPR.
The legal basis for the processing of data communicated to us when we
receive an e-mail from you is Art. 6 (1) letter f GDPR. If the contact
by e-mail is directed towards the conclusion of a contract, the
additional legal basis for processing is Art. 6 (1) letter b GDPR.
3. Purpose of data processing
We process the personal data from the form solely for the purposes of
processing the contact request. If you contact us by e-mail, we also
have a required legitimate interest in processing the data.
The
other personal data processed during the dispatch process is used to
prevent abuse of the contact form and ensure the security of our IT
systems.
4. Duration of storage
The data is erased as soon
as it is no longer needed to achieve the purposes for which it was
collected. For the personal data from the input mask of the contact form
and for that sent by e-mail, this is the case when the respective
correspondence with the user has ended. The correspondence has ended
when the circumstances indicate that the matter concerned has been
definitively clarified.
The personal data additionally collected during the dispatch process is erased no later than after a period of seven days.
5. Right to object and have data erased
At any time the user has the right to withdraw his or her consent to
the processing of personal data. If the user contacts us by e-mail, he
or she can at any time object to the storage of his or her personal
data. In such a case, the correspondence is not continued.
Users can raise an objection at any time by sending a message to the contact e-mail described above: vadsleser(at)leser.de
All personal data stored during the process of making contact is erased in this case.
YouTube
We use components (videos) of the YouTube company on our website. In
doing so, we use the “enhanced data protection mode” option provided by
YouTube.
When you retrieve a page that has an embedded video, a
connection will be made to the YouTube servers and the content will
appear on the website via a communication to your browser.
According
to information provided by YouTube, in the “enhanced data protection
mode” data is only transferred to the YouTube server, and in particular
which of our websites you have visited, if you watch the video. If you
are logged into YouTube at the same time, this information will be
matched to your YouTube member account. You can prevent this from
happening by logging out of your member account before visiting our
website.
Further information about data protection by YouTube is provided by Google under the following link: policies.google.com/privacy
IX. Rights of the data subject
When your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right to access
You can request from the controller confirmation of whether we process your personal data.
If that is the case, you can ask to be informed by the controller about the following information:
(1) The purposes for which the personal data is processed
(2) The categories of personal data that are processed
(3) The recipients and categories of recipients to which your personal data was or is still being disclosed
(4) The planned duration of storage of your personal data or, if it is not possible to provide specific information regarding this, the criteria that apply to the duration of storage
(5) The existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to this processing
(6) The existence of a right to lodge a complaint with a supervisory authority
(7) All available information regarding the origin of the data if the personal data is not collected from the data subject
(8) The existence of any automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You are entitled to request information regarding whether your personal data is transferred to a third country or an international organisation. In this connection, you can ask to be notified of the appropriate safeguards pursuant to Art. 46 GDPR in connection with such transfer.
2. Right to rectification
You have the right vis-à-vis the controller to rectification and/or completion if your personal data that has been processed is inaccurate or incomplete. The controller must rectify or complete the data without undue delay.
3. Right to restriction of processing
In the following circumstances, you can request the restriction of processing of your personal data:
(1) If you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of its use;
(3) if the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims, or
(4) if you have objected to processing pursuant to Art. 21 (1) GDPR pending verification whether the legitimate grounds of the controller override your grounds.
Where processing of your personal data has been restricted, that data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural person or legal entity or for reasons of important public interest of the European Union or of a Member State.
If the restriction of processing was obtained in accordance with the aforementioned prerequisites, you will be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Erasure obligation
You have the right to obtain from the controller the erasure of personal data concerning yourself without undue delay and the controller has the obligation to erase that data without undue delay where one of the following grounds applies:
(1) Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing was based according to Art. 6 (1) letter a or Art. 9 (2) letter a GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) Your personal data has been unlawfully processed.
(5) Your personal data has to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject.
(6) Your personal data has been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
b) Information to third parties
Where the controller has made your personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase that data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as a data subject have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 (2) letters h and i as well as Art. 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR insofar as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to notification
If you have asserted the right to rectification, erasure or the restriction of processing vis-à-vis the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller must inform you about those recipients if you request that.
6. Right to data portability
You have the right to receive in a structured, customary and machine-readable format the personal data concerning yourself that you have provided to the controller. You also have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where
(1) the processing is based on consent pursuant to Art. 6 (1) letter a GDPR or Art. 9 (2) letter a GDPR or on a contract pursuant to Art. 6 (1) letter b GDPR; and
(2) the processing is carried out by automated means.
In exercising your right to data portability, you further have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds arising from your particular situation, at any time to the processing of your personal data, which occurs on the basis of Art. 6 (1) letter e or f GDPR; this also applies to profiling based on these provisions.
The controller no longer processes your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdrawal of the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. Your withdrawal of your consent does not affect the lawfulness of the processing that has taken place on the basis of the consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the data controller
(2) is authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions cannot be based on special categories of personal data referred to in Article 9 (1) GDPR, unless Article 9 (2) letter a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the
cases referred to in (1) and (3), the data controller shall implement
suitable measures to safeguard your rights and freedoms and legitimate
interests, at least the right to obtain human intervention on the part
of the controller, to express your point of view and to contest the
decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or non-judicial remedy,
you have the right to lodge a complaint with a supervisory authority, in
particular in the EU Member State where you live or work or where the
infringement allegedly took place, if you believe that the processing of
your personal data is in breach of the GDPR.
The competent supervisory authority can be found here at