We take the protection of your data seriously and generally try to collect and store as little data as possible. Nevertheless, a certain degree of storage and evaluation of user data is necessary to ensure and improve the operation of this website. In principle, it is possible to use this website without having to provide any personal data. There is also no allocation of data to a specific person – unless you tell us your name, for example in an e-mail or via one of our forms.
If you use one of the services offered on this website, this regularly also requires the collection, processing and storage of personal data, such as your name, address, e-mail address or telephone number. This collection, processing and storage is generally carried out either on the basis of your previously obtained express consent or on the basis of a corresponding legal authorization and on the basis of the provisions of the European General Data Protection Regulation and the German Federal Data Protection Act. We would like to inform you here about the type, scope and purpose of the data collected, processed, stored and used by us via this website, as well as about your existing rights in this context.
We use SSL transport encryption on this site. This serves, among other things, to protect confidential content, such as inquiries to us. You can see that the connection is actually encrypted in the address line of your browser, which always starts with “https://” and confirms the existing transport encryption with a green lock symbol.
The person responsible within the meaning of the General Data Protection Regulation and the other provisions of data protection law is:
Ralph Grundmann / Rheinwunder GmbH
Sebastianstraße 38, 53115 Bonn
Data protection law recognizes specific terminology, which we also use in this privacy statement in accordance with the legal definitions of the European General Data Protection Regulation. Therefore, in this privacy statement, the term
any information relating to an identified or identifiable natural person (“data subject”);
any identified or identifiable natural person whose personal data are processed; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
the marking of stored personal data with the aim of limiting their future processing;
any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location; as a company committed to data protection, we refrain from any form of profiling;
processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person;
any structured collection of personal data accessible according to specified criteria, whether such collection is maintained centrally, decentrally, or on a functional or geographic basis;
the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection rules, in line with the purposes of the processing;
a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data;
any freely given specific, informed and unambiguous indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to personal data relating to him or her being processed;
a breach of security resulting in the destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed;
a processing of personal data carried out in the context of the activities of establishments of a controller or processor in the Union in more than one Member State, where the controller or processor is established in more than one Member State, or
a processing of personal data which is carried out in the course of the activities of a single establishment of a controller or processor in the Union but which has or is likely to have a significant impact on data subjects in more than one Member State;
an objection as to whether or not there is a breach of this Regulation or whether the intended measure against the controller or processor is in compliance with this Regulation, clearly indicating the scope of the risks posed by the draft decision in relation to the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.
The processing of personal data by us is based on the provisions of the European General Data Protection Regulation and the German Federal Data Protection Act:
On our Internet server, as on other web servers, a log file is kept. In this log file, data records are stored in which
were recorded. This information is used by us
needed and used.
This data is collected anonymously by us and stored separately from any personal data provided to us by a data subject. The IP address is stored in a form shortened by the last octet.
Within the scope of the statutory provisions, we may
Evaluate usage profiles under a pseudonym, but only to the extent that you have not exercised your legal right to object to this use of your data. Part of our services requires that we use so-called cookies.
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc. („Google“). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, which means that they cannot be traced back to a specific person. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and the personal data is thus immediately deleted.
(5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO.
[(7) This website also uses Google Analytics for cross-device analysis of visitor flows, which is performed via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”].
This website uses the Tag Manager of Google, Inc., which allows us to manage various website tags, i.e. small code snippets, via an interface. The Google Tool Manager is only used to implement tags from various providers, but does not set any cookies itself and does not collect any personal data. Insofar as such data collection is carried out by the tags implemented by Google Tag Manager, we refer to this separately in this data protection declaration in the section on the respective tag provider.
1. use of Google AdWords Conversion
(1) We use Google AdWords to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google AdWords). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In doing so, we pursue the interest of displaying advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.
(2) These advertising materials are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of ads or clicks by users, can be measured. If you access our website via a Google ad, Google AdWords stores a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
(3) These cookies allow Google to recognize your Internet browser. If a user visits certain pages of the website of an AdWords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each AdWords customer. Cookies can therefore not be tracked through the websites of AdWords customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.
(4) Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Selbst wenn Sie nicht bei Google registriert sind bzw. sich nicht eingeloggt haben, besteht die Möglichkeit, dass der Anbieter Ihre IP-Adresse in Erfahrung bringt und speichert.
(5) You can prevent participation in this tracking process in various ways: a) by an appropriate setting of your browser software, in particular the suppression of third-party cookies will result in you not receiving ads from third-party providers; b) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads, which setting will be deleted when you delete your cookies; c) durch Deaktivierung der interessenbezogenen Anzeigen der Anbieter, die Teil der Selbstregulierungs-Kampagne „About Ads“ sind, über den Link http://www.aboutads.info/choices, wobei diese Einstellung gelöscht wird, wenn Sie Ihre Cookies löschen; d) durch dauerhafte Deaktivierung in Ihren Browsern Firefox, Internetexplorer oder Google Chrome unter dem Link http://www.google.com/settings/ads/plugin. Wir weisen Sie darauf hin, dass Sie in diesem Fall gegebenenfalls nicht alle Funktionen dieses Angebots vollumfänglich nutzen können.
(6) Rechtsgrundlage für die Verarbeitung Ihrer Daten ist Art. 6 Abs. 1 S. 1 lit. f DS-GVO. Weitere Informationen zum Datenschutz bei Google finden Sie hier: http://www.google.com/intl/de/policies/privacy und https://services.google.com/sitestats/de.html. Alternativ können Sie die Webseite der Network Advertising Initiative (NAI) unter http://www.networkadvertising.org besuchen. Google hat sich dem EU-US Privacy Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
Neben AdWords Conversion nutzen wir die Anwendung Google Remarketing. Hierbei handelt es sich um ein Verfahren, mit dem wir Sie erneut ansprechen möchten. Durch diese Anwendung können Ihnen nach Besuch unserer Website bei Ihrer weiteren Internetnutzung unsere Werbeanzeigen eingeblendet werden. Dies erfolgt mittels in Ihrem Browser gespeicherter Cookies, über die Ihr Nutzungsverhalten bei Besuch verschiedener Websites durch Google erfasst und ausgewertet wird. So kann von Google Ihr vorheriger Besuch unserer Website festgestellt werden. Eine Zusammenführung der im Rahmen des Remarketings erhobenen Daten mit Ihren personenbezogenen Daten, die ggf. von Google gespeichert werden, findet durch Google laut eigenen Aussagen nicht statt. Insbesondere wird laut Google beim Remarketing eine Pseudonymisierung eingesetzt.
3. DoubleClick by Google
(1) Diese Webseite nutzt weiterhin das Online Marketing Tool DoubleClick by Google. DoubleClick setzt Cookies ein, um für die Nutzer relevante Anzeigen zu schalten, die Berichte zur Kampagnenleistung zu verbessern oder um zu vermeiden, dass ein Nutzer die gleichen Anzeigen mehrmals sieht. Über eine Cookie-ID erfasst Google, welche Anzeigen in welchem Browser geschaltet werden und kann so verhindern, dass diese mehrfach angezeigt werden. Darüber hinaus kann DoubleClick mithilfe von Cookie-IDs sog. Conversions erfassen, die Bezug zu Anzeigenanfragen haben. Das ist etwa der Fall, wenn ein Nutzer eine DoubleClick-Anzeige sieht und später mit demselben Browser die Website des Werbetreibenden aufruft und dort etwas kauft. According to Google, DoubleClick cookies do not contain any personal information.
(2) Aufgrund der eingesetzten Marketing-Tools baut Ihr Browser automatisch eine direkte Verbindung mit dem Server von Google auf. Wir haben keinen Einfluss auf den Umfang und die weitere Verwendung der Daten, die durch den Einsatz dieses Tools durch Google erhoben werden und informieren Sie daher entsprechend unserem Kenntnisstand: Durch die Einbindung von DoubleClick erhält Google die Information, dass Sie den entsprechenden Teil unseres Internetauftritts aufgerufen oder eine Anzeige von uns angeklickt haben. Sofern Sie bei einem Dienst von Google registriert sind, kann Google den Besuch Ihrem Account zuordnen. Selbst wenn Sie nicht bei Google registriert sind bzw. sich nicht eingeloggt haben, besteht die Möglichkeit, dass der Anbieter Ihre IP-Adresse in Erfahrung bringt und speichert.
(3) Sie können die Teilnahme an diesem Tracking-Verfahren auf verschiedene Weise verhindern: a) by an appropriate setting of your browser software, in particular the suppression of third-party cookies will result in you not receiving ads from third-party providers; b) durch Deaktivierung der Cookies für Conversion-Tracking, indem Sie Ihren Browser so einstellen, dass Cookies von der Domain „www.googleadservices.com“ blockiert werden, https://www.google. de/settings/ads, wobei diese Einstellung gelöscht wird, wenn Sie Ihre Cookies löschen; c) durch Deaktivierung der interessenbezogenen Anzeigen der Anbieter, die Teil der Selbstregulierungs-Kampagne „About Ads“ sind, über den Link http://www.aboutads.info/choices, wobei diese Einstellung gelöscht wird, wenn Sie Ihre Cookies löschen; d) durch dauerhafte Deaktivierung in Ihren Browsern Firefox, Internetexplorer oder Google Chrome unter dem Link http://www.google.com/settings/ads/plugin. Wir weisen Sie darauf hin, dass Sie in diesem Fall gegebenenfalls nicht alle Funktionen dieses Angebots vollumfänglich nutzen können.
(4) Rechtsgrundlage für die Verarbeitung Ihrer Daten ist Art. 6 Abs. 1 S. 1 lit. f DS-GVO. Weitere Informationen zu DoubleClick by Google erhalten Sie unter https://www.google.de/doubleclick und http://support.google.com/adsense/answer/2839090, sowie zum Datenschutz bei Google allgemein: https://www.google. de/intl/de/policies/privacy. Alternativ können Sie die Webseite der Network Advertising Initiative (NAI) unter http://www.networkadvertising.org besuchen. Google hat sich dem EU-US Privacy Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
4. Facebook Custom Audiences
(1) Furthermore, the website uses the remarketing function “Custom Audiences” of Facebook Inc (“Facebook”). This allows users of the website to be shown interest-based advertisements (“Facebook Ads”) when visiting the social network Facebook or other websites also using the procedure. We thereby pursue the interest of displaying advertisements that are of interest to you in order to make our website more interesting for you.
(2) Aufgrund der eingesetzten Marketing-Tools baut Ihr Browser automatisch eine direkte Verbindung mit dem Server von Facebook auf. Wir haben keinen Einfluss auf den Umfang und die weitere Verwendung der Daten, die durch den Einsatz dieses Tools durch Facebook erhoben werden und informieren Sie daher entsprechend unserem Kenntnisstand: Durch die Einbindung von Facebook Custom Audiences erhält Facebook die Information, dass Sie die entsprechende Webseite unseres Internetauftritts aufgerufen haben, oder eine Anzeige von uns angeklickt haben. Sofern Sie bei einem Dienst von Facebook registriert sind, kann Facebook den Besuch Ihrem Account zuordnen. Selbst wenn Sie nicht bei Facebook registriert sind bzw. sich nicht eingeloggt haben, besteht die Möglichkeit, dass der Anbieter Ihre IP-Adresse und weitere Identifizierungsmerkmale in Erfahrung bringt und speichert.
(3) Die Deaktivierung der Funktion „Facebook Custom Audiences“ ist für eingeloggte Nutzer unter https://www.facebook.com/settings/?tab=ads#_ möglich.
(4) Rechtsgrundlage für die Verarbeitung Ihrer Daten ist Art. 6 Abs. 1 S. 1 lit. f DS-GVO. Weitere Informationen zur Datenverarbeitung durch Facebook erhalten Sie unter https://www.facebook.com/about/privacy.
5. Einsatz von Bing Ads
Wir nutzen den von der Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA („Microsoft“) bereitgestellten und betriebenen Dienst „Bing Ads“ (bingads.microsoft.com), um mit Hilfe von Werbemitteln auf externen Webseiten auf unsere attraktiven Angebote aufmerksam zu machen. Wir können hierdurch in Relation zu den Daten der Werbekampagnen ermitteln, wie erfolgreich die einzelnen Werbemaßnahmen sind. Wir verfolgen damit das Interesse, Ihnen Werbung anzuzeigen, die für Sie von Interesse ist, unsere Website für Sie interessanter zu gestalten und eine faire Berechnung von Werbekosten zu erreichen.
Sofern Sie über eine „Bing Ads“-Anzeige auf unsere Website gelangen, wird von Microsoft ein Cookie in ihrem Webbrowser gespeichert. Diese Cookies dienen der Erfolgsmessung der Anzeigen, insbesondere soll hierdurch erkannt werden, ob jemand, der auf die Anzeige geklickt hat und dadurch auf unsere Seite gelangt ist, eine vorher bestimmte Zielseite („Conversion Site“) erreicht hat. Darüber hinaus erhebt und verarbeitet Microsoft über das Cookie Informationen für die Erstellung und Verwendung pseudonymer Nutzungsprofile, die der Analyse des Benutzerverhaltens und der Ausspielung von Werbeanzeigen dienen. Wir selbst erheben und verarbeiten in den genannten Werbemaßnahmen keine personenbezogenen Daten. Wir erhalten von Microsoft lediglich statistische Auswertungen zur Verfügung gestellt. Anhand dieser Auswertungen können wir erkennen, welche der eingesetzten Werbemaßnahmen besonders effektiv sind. Weitergehende Daten aus dem Einsatz der Werbemittel erhalten wir nicht, insbesondere können wir die Nutzer nicht anhand dieser Informationen identifizieren.
Sie können die Teilnahme an diesem Tracking-Verfahren auf verschiedene Weise verhindern:
a) durch eine entsprechende Einstellung Ihrer Browser-Software, insbesondere führt die Unterdrückung von Drittcookies dazu, dass Sie keine Anzeigen von Drittanbietern erhalten; oder
b) durch ihren Widerspruch, den sie unter dem Link http://choice.microsoft.com/de-DE/opt-out erklären können.
Rechtsgrundlage für die Verarbeitung Ihrer Daten ist Art. 6 Abs. 1 S. 1 lit. f DS-GVO. Weitere Informationen zum Datenschutz bei Bing Ads und Microsoft finden Sie hier: https://privacy.microsoft.com/de-de/privacystatement. Microsoft hat sich dem EU-US Privacy Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
If you send us an email or contact us via a contact form, the personal data voluntarily provided to us will be automatically stored and, if necessary, processed for the purpose of processing or contacting you. This includes – if provided by you – in particular your name, your address or e-mail address, your telephone number and other information voluntarily provided by you. If you contact us via a form provided on this website, the IP address used by you will also be stored. As a matter of principle, we only use the personal data collected in this way to the extent necessary to process your inquiries and orders. This data will not be passed on to third parties under any circumstances, unless we are legally obliged to do so.
If you leave a comment on one of our articles, the data collected will be stored. This includes the name you provide (which may also be a pseudonym), the e-mail address you provide and the IP address you use for this purpose. The storage of this data, in particular also the IP address, takes place
Personal data collected in this way will only be disclosed to third parties if it serves the legal defense of the controller or another of our employees or assistants, if it is necessary to protect our rights against improper use of our web service, or if we are required to do so by law. If you do not agree with the collection of this data, do not use the comment function!
If you use the commenting and forwarding functions to social networks (such as Twitter, Facebook or Google+) offered on this website, visitor data will be collected by these networks in each case, over whose transmission, processing, storage and use we have no influence. You can avoid this by not using these functions.
If you subscribe to a newsletter offered by us on this website, you must provide us with certain personal data, in particular your e-mail address, using the corresponding input form.
For legal reasons, we use the “double opt-in” procedure for newsletter registration by means of an automatically processed confirmation e-mail to the e-mail address you have provided. In this way, we check whether the owner of the email address you provided as the data subject has actually authorized receipt of the newsletter.
We use the personal data collected in the context of the newsletter registration exclusively
A newsletter subscription can be cancelled at any time, and consent to the storage of personal data can be revoked at any time. This cancellation or revocation can be made via the link contained in each newsletter or via any other communication to the controller. In the event of both a termination and a revocation, we will delete the respective personal data, insofar as this does not conflict with legal requirements, and cease sending newsletters to the data subject.
In addition to the information transmitted via the input form, we also store the date and time of your registration as well as the IP address used by you for this purpose. This is done for the purpose of our own legal protection as well as for the purpose of securing our technical systems against misuse.
The newsletters we send contain tracking pixels, i.e. miniature graphics embedded in the e-mail, whose call-up is recorded in a log file and by means of which it is recognized whether and when the respective newsletter was opened. In the same way, a recording and evaluation of the call of links contained in the newsletter takes place. This data is stored and processed exclusively for the purpose of a statistical evaluation of the newsletter dispatch, to optimize the newsletter dispatch and to better adapt the newsletter content to the respective subscriber.
Personal data of the data subjects shall be processed or stored by the controller, subject to other legal provisions, only for the period necessary to achieve the purpose of storage. A further determining criterion for the duration of the storage of personal data is the respective statutory retention period. After the storage purposes no longer apply and existing statutory storage periods have expired, the personal data shall be blocked or deleted by the controller in accordance with the statutory regulations and requirements, even without a corresponding request by the data subject.
In the following, we describe the rights that any person affected by the processing of personal data has against the controller. If you wish to exercise any of these rights, you may contact the controller at any time. We recommend that you send us your request by eMail at [email protected].
Any person concerned by the processing of personal data has vis-à-vis the controller;
1. the right to obtain confirmation, i.e. the right to obtain from the controller confirmation as to whether personal data concerning him or her are being processed;
2. the right of access, i.e. in case of processing of personal data, a right to be informed about such personal data and to obtain the following information:
(a) the purposes of processing;
b) the categories of personal data processed;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
(e) the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or the restriction of processing by the controller, or a right to object to such processing;
(f) the existence of a right of appeal to a supervisory authority;
g) if the personal data are not collected from the data subject, any available information on the origin of the data;
(h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the General Data Protection Regulation and, at least in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
3. in the event of a transfer of personal data to a third country or to an international organization, the right to be informed of the appropriate safeguards pursuant to Article 46 of the General Data Protection Regulation in relation to the transfer;
4. the right to obtain a copy of the personal data undergoing processing. For any additional copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. If the Data Subject makes the request electronically, the information shall be provided in a commonly used electronic format, unless otherwise specified by the Data Subject. This right to receive a copy shall not interfere with the rights and freedoms of other persons;
5. the right to rectification, i.e. the right to obtain from the controller the rectification without undue delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration;
6. the right to erasure (“right to be forgotten”), i.e. the right to require the controller to erase personal data concerning him or her without undue delay, and the controller is obliged to erase personal data without undue delay if one of the following reasons applies:
(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
(b) The data subject withdraws the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation and there is no other legal basis for the processing.
(c) the data subject objects to the processing pursuant to Article 21(1) of the General Data Protection Regulation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the General Data Protection Regulation.
d) The personal data have been processed unlawfully.
e) The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
a) for the exercise of the right to freedom of expression and information;
(b) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the General Data Protection Regulation;
(d) for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Article 89(1) of the General Data Protection Regulation, where the said right is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
(e) to assert, exercise or defend legal claims.
(7) The right to restriction of processing, which is the right of a data subject of personal data processing to obtain from the controller the erasure without delay of personal data concerning him or her, and the controller is obliged to erase personal data without delay where one of the following grounds applies:
(a) the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data,
(b) the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests the restriction of the use of the personal data;
(c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the establishment, exercise or defense of legal claims; or
(d) the data subject has objected to the processing pursuant to Article 21(1) of the General Data Protection Regulation, as long as it is not yet established whether the legitimate grounds of the controller override those of the data subject. Where processing has been restricted hereunder, such personal data may be processed, apart from being stored, only with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State. A data subject who has obtained a restriction of processing shall be informed by the controller before the restriction is lifted.
8. the right to data portability, i.e. the right of the data subject of the processing of personal data to receive the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format, and he or she has the right to transmit such data to another controller without hindrance by the controller to whom the personal data have been provided, provided that
(a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation or on a contract pursuant to Article 6(1)(b) of the General Data Protection Regulation; and
(b) the processing is carried out with the aid of automated procedures. When exercising his or her right to data portability, the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller where technically feasible. This right may not affect the rights and freedoms of other persons. The exercise of this right to data portability shall be without prejudice to the right to erasure (“right to be forgotten”). This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
9. the right to object, i.e. the right of the data subject concerned by the processing of personal data to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f) of the General Data Protection Regulation; this also applies to profiling based on those provisions. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
If personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes. In the context of the use of information society services, notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by means of automated procedures using technical specifications.
The data subject shall have the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her which is carried out for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the General Data Protection Regulation, unless the processing is necessary for the performance of a task carried out in the public interest.
10. the right not to be subject to an automated decision in individual cases (including profiling) which produces legal effects vis-à-vis her or similarly significantly affects her.
This shall not apply if the decision
(a) is necessary for the conclusion or performance of a contract between the data subject and the controller,
(b) is permitted by Union or Member State law to which the controller is subject, and that law contains suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject; or
(c) is carried out with the explicit consent of the data subject. In the cases referred to in points (a) and (c) above, the controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, which include, at least, the right to obtain the intervention of a data subject on the part of the controller, to express his or her point of view and contest the decision. Automated decisions shall not be based on special categories of personal data unless the data subject has consented or the processing is necessary for reasons of substantial public interest on the basis of Union law or the law of a Member State which is proportionate to the aim pursued, respects the essence of the right to data protection and provides for adequate and specific measures to safeguard the fundamental rights and interests of the data subject.