Datenschutzerklärung

Updated:

Any collection, use, storage, deletion or other use (hereinafter referred to as 'processing') of data is solely for the purpose of providing our services. Our services are designed to use as little personal data as possible. 'Personal data' (hereinafter also referred to as 'data') refers to any information relating to the personal or material circumstances of an identified or identifiable natural person ('data subject').

The following privacy information describes what types of personal data are processed when you access our website, what happens to this personal data and how you can object to data processing if you wish to.

1 General information about data processing on this website

1.1 Controller

The Controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

Neue deutsche Medienmacher*innen e.V.

Address Potsdamer Str. 9910785 Berlin
Germany

Telephone: +49 (0)30-269 472 30

Email: privacy@handbookgermany.de

Internet: www.handbookgermany.de

1.2 Data protection officer

The role of Data Protection Officer is fulfilled by Kemal Webersohn of WS Datenschutz GmbH.

If you have any questions regarding data protection, please contact WS Datenschutz GmbH at the following email address: neuemedienmacher@ws-datenschutz.de

WS Datenschutz GmbH

Dircksenstrasse 51

10178 Berlin
Germany

https://webersohnundscholtz.de

1.3 Protection of your data

We have taken technical and organisational measures to ensure that the provisions of the GDPR are complied with, both by us and by external service providers working on our behalf.

When we work with other companies, such as email and server providers, to provide our services, we do so only after an extensive selection process. As part of this selection process, each service provider is carefully assessed for its technical and organisational data protection capabilities. The selection procedure is documented in writing and a contract in accordance with Art. 28(3) GDPR for commissioned personal data processing (data processing agreement contract) is only entered into if it meets the requirements of Art. 28 GDPR.

Your data is stored on specially protected servers. Access to these servers is restricted to a small number of specially authorised individuals.

Our website uses SSL/TLS encryption, which you can recognise by the 'https://' at the beginning of the URL.

1.4 Deletion of personal data

We process personal data only as long as it is needed. Once the data has been processed for its intended purpose, it will be blocked and deleted in accordance with the standards set out in the local deletion concept, unless legal requirements prevent this.

2 Data processing on this website/creation of log files

2.1 Description and scope of data processing

When you visit our website, our web servers temporarily store each visit in a log file. The following personal data is collected and stored until it is automatically deleted:

IP address of the querying computer
Date and time of access
Identification data for the browser and operating system used
Website from which access took place

The data is processed by our hosting provider: Hetzner Online GmbH.

2.2 Legal basis for data processing

This data is processed on the basis of Art. 6(1)(1)(f) GDPR. Our legitimate interest is to ensure that you can access our website.

2.3 Purpose of data processing

Data processing is carried out for the purpose of enabling the use of our website (establishing a connection). It serves for system security, the technical administration of the network infrastructure and the optimisation of our website. The IP address is only analysed in the event of an attack on our network infrastructure or that of our Internet provider.

2.4 Duration of data storage

Personal data is deleted when it is no longer required for the purposes stated above. This is the case when you close the website in your browser. Our hosting provider deletes the data after 4 weeks.

2.5 Right of objection for data subjects

You can only view the website if the data described is processed. If you wish to object to the further processing of your data, please contact our Data Protection Officer or our hosting provider.

3 Use of cookies

3.1 Description and scope of data processing

This website uses cookies. These are stored on your computer when you visit our website. Cookies are small text files that are stored on your computer's hard drive, are unique to the browser you are using and allow certain information to be sent to us or the entity that set the cookie. Cookies cannot run programs or transmit viruses to your computer. We use them to... Various data can be transferred in this way:

Frequency of visits to our website
Which features on our website you use
Search terms used
Your cookie settings
Your language preferences

When you visit our website, a cookie banner informs you about the use of cookies and refers you to our privacy policy.

3.2 Legal basis for data processing

The legal basis for processing data using cookies that do not exclusively serve the functionality of our website is Art. 6(1)(1)(a) GDPR.

The legal basis for processing data using cookies, which are exclusively used for the functionality of this website, is Art. 6(1)(1)(f) GDPR.

3.3 Purpose of data processing

Our legitimate interest is to ensure the establishment of a smooth connection and the convenient use of our website, as well as to evaluate system security and stability. The data is also processed for the purpose of facilitating the statistical evaluation of the use of the website.

3.4 Duration of data storage

There are two types of cookies. Both are used on our website:

Transient cookies (see a)
Persistent cookies (see b)

a) Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. These store what is referred to as a session ID, which allows various requests from your browser to be assigned to the shared session. This allows us to recognise your computer when you return to our website. Session cookies are deleted when you log out or close your browser.

b) Persistent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie.

3.5 Right of objection for data subjects

You may withdraw your consent for processing your data using cookies at any time. Furthermore, we will only set cookies after you have consented to their use when accessing our website. This allows you to stop cookies processing data on our website.

You can also delete cookies at any time in your browser's security settings. Please note that you may not be able to use all the features of our website as a result. You can also decline the use of cookies at any time by making the relevant settings in your browser.

4 Contact with us

4.1 Description and scope of data processing

If you contact us (e.g. by email), we will process your details (mainly email address, first name and surname and your message) in order to process your enquiry and answer any follow-up questions.

Your data will not be disclosed to third parties without your knowledge or, where applicable, your consent.

4.2 Legal basis for data processing

If the data processing is carried out for the purpose of implementing pre-contractual measures at your request or, if you are already our customer, for the purpose of implementing the contract, the legal basis for said data processing is Art. 6(1)(1)(b) GDPR.

We will only process additional personal data if you have consented to this (Art. 6(1)(1)(a) GDPR) or if we have a legitimate interest in processing your data (Art. 6(1)(1)(f) GDPR). A legitimate interest may include, for example, responding to your email.

4.3 Purpose of data processing

We process your data solely for the purpose of responding to your contact request.

4.4 Duration of data storage

Unless specifically stated otherwise, we only store personal data for as long as necessary in order to fulfil the intended purpose.

In certain cases, the retention of personal data is required by law, for example for tax or commercial purposes. In such cases, we will only retain the data for the specified legal purposes and will not process it for any other purpose. At the end of the legal retention period, we will delete the data.

4.5 Right of objection for data subjects

You may contact us at any time and object to the further processing of your data. In this case, we regret to inform you that we will no longer be able to communicate with you. Any personal data processed by us in the course of contacting you will be deleted, unless there are legal obligations to retain your data which prevent its deletion.

5 Registration on our website

5.1 Description and scope of data processing

You can register on our website. To do so, you need to enter personal data in the registration form. The following data is collected as a minimum:

Nickname
Email address
Password

The information you provide in the registration form will only be used for processing purposes and will not be disclosed to third parties.

5.2 Legal basis for data processing

The personal data you enter in the mandatory fields will be processed based on Art. 6(1)(1)(b) GDPR. If you also enter personal data in the other (optional) input fields, data processing will take place based on Art. 6(1)(1)(a) GDPR.

5.3 Purpose of data processing

We process your data solely for the purpose of completing your registration and managing your website account with us.

5.4 Duration of data storage

The data is deleted as soon as it is no longer required for the purpose it was collected. This is the case when you close your account with us and there are no legal or regulatory retention periods that prevent deletion.

5.5 Right of objection for data subjects

Both during and after registration, you are free to change, correct or delete the personal data you have provided.

If you do not use your account for two years, it will be automatically deleted. You will be notified before your account is deleted. However, only accounts and direct messages will be deleted. Posts will not be deleted but will remain anonymous.

5.6 Social media login

5.6.1 Description of the data processing

We offer you the option of registering and logging in to our website using your:

Facebook account
Google account

(social media login).

No additional registration is required on this website in this case. Instead, the social network user account you use to log in is linked to your customer account on our website so that you can authenticate and log in to your customer account using your social media user account. The advantage to you is that you do not have to remember a new password for your customer account on our website.

By linking the accounts, we will automatically receive the following information from Meta Platforms Ireland Limited or Google LLC:

Meta:

Social ID
First name
Surname
Middle name
Name
Name format
Profile picture
Nickname
Email address
Link to your public profile

The list can be found at: https://developers.facebook.com/docs/facebook-login/permissions.

Google:

Social ID
Full name
Username
Surname
URL
Email address
Link to your public profile

We would like to point out that it is possible to limit the transfer to the ID only in the settings. The list can be found at: https://developers.google

.com/identity/sign-in/web/.

For more details about each social media login, the data transferred, and the privacy settings on your social media account, please refer to their respective privacy policies.

Meta: https://www.facebook.com/legal/terms
Google+: http://www.google.com/policies/privacy/

5.6.2 Legal basis for data processing

In cases where the first name, surname and email address are transmitted, data processing takes place based on Art. 6(1)(1)(b) GDPR. All other information that you provide to us is voluntary, and therefore data processing in this case takes place based on Art. 6(1)(1)(a) GDPR.

5.6.3 Purpose of data processing

Logging in via social media makes it easier for you to register with us. It also provides us with information about how social media users use our website.

5.6.4 Duration of data storage

The social login data will be stored until you withdraw your consent and will be used as described.

5.6.5 Right of objection for data subjects

If you do not wish to have your data processed in this way, you can do so by using the normal registration process. You have the right to change, correct or delete the personal data you have provided at any time, both during and after registration. Furthermore, if the data processing is based on consent, you have the option to withdraw your consent to the data processing, as described in Art. 7 GDPR. This is effective from the moment it is made and applies to all future data processing. You may withdraw your consent at any time by telephone, post, email or any other means. Please note that additional settings may be available in your social media account's profile settings.

6 Forum

6.1 Description and scope of data processing

We operate a blog. You can post comments in this blog. In addition to the comment itself, we collect and publish the following data:

Nickname
The content of the post (including particularly sensitive data according to Art. 9 GDPR)

These posts may also be commented on by third parties. Your data will never be shared with third parties.

6.2 Legal basis for data processing

The legal basis is based on Art. 6(1)(1)(f) GDPR. Our legitimate interest in maintaining an active forum that allows users to exchange ideas is based on attractiveness of such a forum. All data provided by users in the context of the comment function is provided voluntarily. Therefore, the storage of this data is based on the legal basis in Art. 6(1)(1)(a) GDPR (Consent).

6.3 Purpose of data processing

This aforementioned data is collected to ensure stability and usability and to prevent abuse of the comment function. In addition, the comment function allows forum users to exchange information with each other.

6.4 Duration of data storage

We will only process your data for as long as is necessary to fulfil the purpose for which it was collected, unless there is a legal, contractual or regulatory obligation to retain it.

6.5 Right of objection for data subjects

If the data processing is based on our legitimate interest, you have the right to object to the data processing, see Art. 21 GDPR. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds for continuing with the processing. If the data processing is based on your consent, you can prevent it by withdrawing your consent. You also have the option of withdrawing your consent to data processing, see Art. 7 GDPR. This is effective from the moment it is made and applies to all future data processing. You may withdraw your consent at any time by telephone, post, email or any other means.

7 Online consultation tool

7.1 Description and scope of data processing

We operate a consultation tool. We collect the following data as part of its operation.

Nickname
Password
Enquiries
Appointments
Documents uploaded by users

Your data will never be shared with third parties.

7.2 Legal basis for data processing

The legal basis is based on Art. 6(1)(1)(f) GDPR. Our legitimate interest is offering online consultation that allows users to exchange ideas with a consulting organisation based on the attractiveness of such online consultation. All data provided by users in the context of the consultation function is provided voluntarily. Therefore, the storage of this data is based on the legal basis in Art. 6(1)(1)(a) GDPR (Consent).

7.3 Purpose of data processing

The purpose of collecting the aforementioned data is to facilitate online consultation with the consulting organisation.

7.4 Duration of data storage

We will only process your data for as long as is necessary to fulfil the purpose for which it was collected, unless there is a legal, contractual or regulatory obligation to retain it. All further information exchanged during the online consultation (including chat) will be deleted after the appointment.

7.5 Right of objection for data subjects

Each online consultation user can delete enquiries and appointments. If the data processing is based on our legitimate interest, you have the right to object to the data processing, see Art. 21 GDPR. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds for continuing with the processing. If the data processing is based on your consent, you can prevent it by withdrawing your consent. You also have the option of withdrawing your consent to data processing, see Art. 7 GDPR. This is effective from the moment it is made and applies to all future data processing. You may withdraw your consent at any time by telephone, post, email or any other means.

8 Social media links

We have integrated social media platforms into our services through links that may result in social media providers receiving information from you. Clicking on the social media platform's link will take you to the social media provider's website. When you access the social media provider's website through our services, the relevant reference data is transferred to the social media provider. The social media provider will receive information that you have visited us.

Note about data processing in the USA:

If you click on a social media provider's link, your data may be processed by the social media provider in the United States. According to the European Court of Justice (ECJ), the standard of data protection in the USA is inadequate and there is a risk that your data may be processed by the US authorities for control and surveillance purposes, perhaps without the possibility of legal redress. If you do not click on the social media links, no data will be transferred.

For more information about social media data processing, click here:

Meta: https://en-gb.facebook.com/help/pages/insights,

https://en-gb.facebook.com/about/privacy,

https://en-gb.facebook.com/full_data_use_policy

Instagram: https://help.instagram.com/155833707900388 https://www.instagram.com/about/legal/privacy/

YouTube: https://www.google.de/intl/en/policies/privacy/

9 Tracking and analysis tools

We use the following analytics tools to help us continually improve our website. Below you can find out what data is processed and how you can contact the respective service providers:

9.1 Matomo

9.1.1 Description and scope of data processing

We use the web analytics service Matomo (formerly PIWIK). Data processing is carried out by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.

Matomo is located in New Zealand, a third country with an adequate level of data protection, as determined by the EU Commission pursuant to Art. 45(3) GDPR, https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32013D0065

Matomo uses a cookie. Please see the relevant section above for an explanation about cookies. The following data is stored:

Two bytes of the IP address of the accessing system
The website visited
The website from which you accessed the site (referring website)
The sub-pages accessed from the website visited
The length of time spent on the website
The frequency of website visits

The software only runs on our website servers. Your personal data is only stored there. This data is not shared with third parties.

The software is set so that IP addresses are not stored in full, but two bytes of the IP address are masked (e.g. 192.168.xxx.xxx). This makes it no longer possible to assign the shortened IP address to the accessing computer. For further information on Matomo's privacy policy, please refer to the following links: https://matomo.org/privacy/ and https://matomo.org/privacy-policy/

9.1.2 Legal basis for data processing

The legal basis for data processing is your consent pursuant to Art. 6(1)(1)(a) GDPR.

9.1.3 Purpose of data processing

We primarily use the web analytics service Matomo to optimise our website and for cost-benefit analysis. Matomo is also used to analyse the user flow on our website. It is in our interest to make our website clear and easy for everyone to use.

9.1.4 Duration of data storage

9.1.5 Right of objection for data subjects

You have the right to withdraw your consent to data processing at any time. To do so, please contact our data protection officer. You can also refuse to accept cookies at any time by changing the settings in your browser. Cookies that have already been set can also be deleted for the future in the settings in your browser. Please note that if you choose to disable cookies, some features on our website may not be available in full. If you have any questions regarding Matomo's privacy policy, please contact Matomo at the following email address: privacy@matomo.org

10 Other tools from third party providers

We also use third party service providers to help us with the presentation and functionality of the Website. They are listed below:

10.1 Cookiebot

10.1.1 Description and scope of data processing

Cookiebot serves as a practical solution for implementing GDPR and other relevant data protection laws in relation to the use of cookies on our website, and the integration of analytical tools based on consent. When you consent via the cookie banner, the following data is processed:

Your anonymised IP address
Browser type agent
URL of the consenting website
Date and time of consent
Unique encrypted key

This data is stored, logged and documented at the Cybot cloud provider's data centre, Microsoft Ireland Operations Ltd. in Dublin, Ireland. Data processing is carried out by: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Further information about the data processing can be found at: https://www.cookiebot.com/en/privacy-policy/

10.1.2 Legal basis for data processing

The data processing is based on Art. 6(1)(1)(c) GDPR.

10.1.3 Purpose of data processing

The purpose is consistent with our legitimate interest in processing the data and ensuring the full functionality of our website in accordance with the law.

10.1.4 Duration of data storage

The data will only be retained for as long as is necessary for verification purposes unless a longer retention period is required by law. Cookiebot will remove your consent after 12 months.

10.1.5 Options for removal by the data subject

You can withdraw the consent you have given via Cookiebot by deleting the corresponding cookie named 'CookieConsent' or 'CookieConsentBulkTicket'.

11 Social media profiles

We maintain the following profiles on social media:

Facebook: https://www.facebook.com/neuedeutschemedienmacher/
Instagram: https://www.instagram.com/neuemedienmachx/
LinkedIn: https://www.linkedin.com/company/neue-deutsche-medienmacherinnen-ev
X: https://twitter.com/NDMedienmacher
YouTube: https://www.youtube.com/user/neuemedienmacher

Here we use the services of

Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ('Facebook')
Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ('Instagram')
LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland or LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA ('LinkedIn')
Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ('X')
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ('YouTube') represented by: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA,

Data processing within the European Economic Area and Switzerland is performed by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

('Google').

According to the ruling of the European Court of Justice of 05/06/2018 (available under https://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=298398 ) both social media profile operators and social media network operators themselves are now held jointly responsible for data processing.

Please note that you use our social media profiles and their features at your own risk. This applies in particular to the use of interactive features (e.g. commenting, sharing, rating). Alternatively, you can access the information we provide on social media on our own website.

You can contact the data protection officer from the respective social media provider through the respective social media provider.

You can contact the data protection officers from Facebook and Instagram via the contact forms linked below: https://www.facebook.com/help/contact/540977946302970

You can contact the data protection officer from LinkedIn via the contact form linked below: https://www.linkedin.com/help/linkedin/ask/TSO-DPO

You can contact the data protection officer from X via the contact form linked below: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp

You can contact the data protection officer from YouTube via the contact form linked below: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp

11.1 Data processed by social media

When you visit our social media profiles, the social media network operators collect data including your IP address and other data stored in the form of cookies on your PC. As the operator of the social media profile this data is used to provide us with statistical information about how you use the profile. The social media network operators process the data collected about you in this context and it may be transferred to countries outside the European Union. What information the social media network operator receives and how it is used is described in the social media network's privacy policy. You will also find information on how to contact them in the privacy policy.

You can find more information about this under the following links:

Facebook: https://en-gb.facebook.com/help/pages/insights
https://en-gb.facebook.com/about/privacy
https://en-gb.facebook.com/full_data_use_policy

YouTube: https://www.google.de/intl/en/policies/privacy

Instagram: https://help.instagram.com/155833707900388
https://www.instagram.com/about/legal/privacy/

LinkedIn: https://www.linkedin.com/legal/privacy-policy

X: https://x.com/en/privacy

The social media network operators do not conclusively and clearly state and we do not know how they use the data from visits to our social media profiles for their own purposes, the extent to which activities on our social media profiles are attributed to individual users, how long the operators store this data and whether they share the data from a visit to our social media profiles with third parties.

When you access our social media profiles, the IP address assigned to your device is transferred to the social media network operator. In addition, the social media networks store information about users' end devices (e.g. as part of the 'login notification' feature), which may allow the social media network operators to associate IP addresses with individual users.

If you are currently logged in to the social media network as a user, a cookie with your unique ID in that social media network will be placed on your device. This allows the social media network operator to track that you have visited a particular page and how you used it. This information can be used to tailor content or advertising to your past visits to the website.

To prevent this, log out of the social media network or disable the 'Stay signed in' feature, clear the cookies on your device, close your browser and then restart it. This will delete any login information that can be used to identify you directly. This will allow you to use our social media profiles without revealing your user ID. When you access interactive features of the profile (like, comment, share, message, etc.), a login screen will appear. Once logged in, the social media network you are using may recognise you as a specific user.

For information on how to manage or delete existing information on the social media network, visit the social media network support pages mentioned above.

11.2 Data we process

11.2.1 Nature and extent of data processing

We process the data you enter on social media networks, and in particular your user name and the content published under your account, to the extent needed for us to respond to your messages if required. In addition, your published posts, ratings and comments link back to your account on the respective social media network. If you mention us by using an @, # or similar character, that mention may be published on our website under your username. We may include the data you freely publish and disseminate on the respective social network in our offering and make it available to other users of the respective social network. If you flag our presence on social media networks with a 'Like' or 'Follow' or similar interaction, the respective social network will inform us of this with your user name and a link to your account.

11.2.2 Legal basis for processing

Our data processing is based on Art. 6(1)(1)(f) GDPR. Our legitimate interest is based on the advertising function fulfilled by social media. We use social media to increase awareness about our company.

11.2.3 Purpose of processing

We process the data you provide us with in this context (e.g. username, images, possible interests, contact details) solely for the purpose of communicating with customers and interested parties. Our legitimate interest is to provide you with a platform on which we can show you up-to-date information and which you can use to communicate your concerns to us and which we can respond to as quickly as possible.

11.2.4 Retention period

Your data will be deleted, as far as we are able to do so, when our presence on the social media ceases.

12 Data transfer to third countries

We avail ourselves of the support of European and third country service providers to be able to provide our services. To ensure the protection of your personal data when it is transferred to a third country, we enter into specific order processing agreements with each of our carefully selected service providers. All of the service providers we use have provided sufficient evidence that they have implemented appropriate technical and organisational measures to ensure data security. Our third country service providers are either located in countries that have been recognised by the EU Commission as having an adequate level of data protection (Art. 45 GDPR) or have provided adequate safeguards (Art. 46 GDPR).

Adequate level of protection The provider is from a country that has been recognised by the EU Commission as having an adequate level of data protection. For more information, see: Adequacy decisions (europa.eu)

EU Standard Contractual Clauses: Our provider has signed the EU Standard Contractual Clauses to ensure secure data transfer. For more on this information, see: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en

Binding Corporate Rules: Art. 47 GDPR provides for the possibility of ensuring data protection when transferring data to a third country through Binding Corporate Rules. These are reviewed and approved by the competent supervisory authorities in the context of the consistency mechanism pursuant to Art. 63 GDPR.

Consent: Furthermore, data will only be transferred to a third country without an adequate level of protection if you have given us your consent in accordance with Art. 49(1)(a) GDPR or if another exception under Art. 49 GDPR is relevant for the data transfer.

13 Your rights

You have the following rights in relation to your personal data:

13.1 Right to withdraw consent (see Art. 7 GDPR)

If you have consented to your data being processed, you can withdraw your consent at any time. Your withdrawal will affect the permissibility of processing your personal data in the future after you have notified us. You can notify us (by telephone) verbally or in writing by post or email.

13.2 Right of access (see Art. 15 GDPR)

If you request access, you must provide sufficient information to identify yourself and prove that the information belongs to you. Your request for access concerns the following information:

The purposes for which your personal data is processed;
The categories of personal data processed;
The recipients or categories of recipients to whom the personal data relating to your person has been disclosed or is still being disclosed;
The amount of time your personal data is planned to be stored for or, if specific information is not available, criteria for determining the duration of storage;
The existence of the right to have personal data corrected or deleted, a right to restrict how much it can be processed by the data controller and the right to object to your personal data being processed;
The existence of the right of appeal to a supervisory authority;
All information available on the data source if the personal data is not collected from the data subject;
The existence of automated decision-making including profiling in accordance with Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

13.3 Right to rectification or deletion (see Art. 16, 17 GDPR)

You have a right against us, as the Controller, to rectification and/or deletion if the personal data processed that concerns you is inaccurate or incomplete. The Controller must perform the rectification without delay.

In addition, you may request that your personal data be deleted if one of the following reasons applies to you:

Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Art. 6(1)(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
Your personal data was processed unlawfully.
The deletion of your personal data is necessary to comply with a legal obligation under Union law or the law of the Member State to which the Controller is subject.
Your personal data has been collected in connection with information society services provided pursuant to Art. 8(1) GDPR.

If we have made your personal data public and are required to delete it pursuant to Art. 17(1) GDPR, we will take all reasonable steps to notify other controllers that you have requested the deletion of any links to said personal data or copies or replicas of the same.

The right to deletion does not exist if the data needs to be processed:

For the exercise of the rights of expression and information;
For compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
For reasons of public interest in the area of public health, in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, where the law referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of the processing; or
For the establishment, exercise or defence of legal claims.

13.4 Right to restrict processing (see Art. 18 GDPR)

You may request that we restrict the processing of your personal data under the following conditions:

If you contest the accuracy of your personal data for a period of time that allows us to verify the accuracy of your personal data;
The processing is unlawful and you object to the deletion of your personal data and instead request the restriction of its use;
We no longer need your personal data for the purposes of processing, but you need it to establish, exercise or defend legal claims; or
If you have objected to the processing pursuant to Art. 21 (1) GDPR, pending verification of whether our legitimate grounds override yours.

If the restriction of processing has been limited, such personal data, except for storage, shall only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing is restricted under the above conditions, we will notify you before the restriction is lifted.

13.5 Right of access (see Art. 19 GDPR)

Where you have exercised your right to rectification, erasure or restriction of processing with us, we are required to notify any recipient to whom the personal data has been disclosed of such rectification, erasure or restriction. This does not apply where such notification is impossible or involves a disproportionate effort.

You have the right to be informed of these recipients.

13.6 Right to data portability (see Art. 20 GDPR)

You have the right to obtain from us your personal data in a structured, standardised and machine-readable format for the purpose of transferring said data to another controller where:

The processing is based on consent pursuant to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) or a contract pursuant to Art. 6(1)(1)(b) GDPR; and
The processing is performed by automated means.

In exercising your right to data portability, you have the right to have the personal data transferred directly from us to another controller, where technically feasible.

The right to data portability does not apply when processing personal data is required to perform a task that is in the public interest or in the exercise of official authority vested in us.

13.7 Right to object to processing (see Art. 21 GDPR)

If we base the processing of your personal data on a legitimate interest (pursuant to Art. 6(1)(1)(f) GDPR), you may object to such processing. The same applies where we base the processing on Art. 6(1)(1)(e) GDPR.

When you exercise such an objection, we will ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds for continuing with the processing.

13.8 Right to lodge an appeal with a supervisory authority (see Art. 77 GDPR)

Without prejudice to another administrative or judicial remedy, you are entitled to appeal to a supervisory authority, in particular in the Member State where your place of residence, place of employment or place of the alleged breach is located, if you believe that processing your personal data breaches the GDPR.

The supervisory authority with which the appeal has been lodged shall inform you of the progress and outcome of the appeal, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.