Privacy Policy

Cantina24 Declaration on Data Protection (Privacy Policy)

Please be advised that only the German original of our Datenschutzerklärung is legally valid. This English translation has been provided solely for your convenience. It does not constitute a legal document.

Thank you for your interest in our website. As member of the “Verein sicherer und seriöser Internetshopbetreiber e.V., the protection of your personal data is a serious concern. Below we inform you, in a transparent and understandable language, including the data collection and its scope, what your data is used for and what your rights are.

You have the right at any time free of charge to obtain information about the origin, the recipient(s) and the purpose of your stored personal data. You also have the right to request the correction, blocking or deletion of this data. If you have any questions about privacy, you can contact the person responsible for data processing at any time. The person responsible for the data processing is mentioned under point 1 of this Privacy Policy. Furthermore, you have a right of appeal to the competent supervisory authority. Your rights in detail and detailed explanations can be found under point 6 of this Privacy Policy.

Your data will be collected, stored and processed in compliance with the relevant statutory provisions. Personal information is any type of data that identifies you as a person.

 

1. Who is responsible for data processing?

For the purposes of the General Data Protection Regulation (GDPR) and other national data protection laws of member states as well as other data protection regulations, the responsible body is a natural or legal person, alone or together with others about the purposes and means of processing personal data (names, contact details etc.) decides.

Responsible for the data processing on this website is:

Mario Pacillo

Nederlandpark 1

32825 Blomberg

Germany

Telephone number: 0049 (0)5235 97 47 3

Email: kundenservice@cantina24.de

 

2. Which data is collected and processed on our website?

2.1 Automated collection of data:

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer, in so-called server log files. These data are partly technically necessary to show you our website. There is no merge with data from other sources. The following data is collected:

  • The pages viewed
  • Used browser types and versions
  • The operating system used by the accessing system
  • The website from which an accessing system comes to our site
  • The date and time of access to the page
  • The Internet service provider of the accessing computer
  • The used Internet Protocol address (IP address)

The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process the data in the event of a legitimate interest. Our legitimate interest in this case is the reliable and error-free operation of our website. Other processing of the data does not take place.

2.2 Collection of personal data

2.2.1 Data collection and processing when opening a customer account and when executing the contract

When you open a customer account on our website, this is done voluntarily. Registration is not a requirement for a contract. Data is collected only to the minimum required, the mandatory information can be recognized by the correspondingly marked input fields. The deletion of the customer account is possible at any time and free of charge. If you wish to cancel, please contact the person responsible for the data processing. This is mentioned under point 1 of this Privacy Policy.

We use your data only for the purpose for which you have registered or for the execution of the contract. The legal basis for data processing is Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the performance of a contract with you or for the performance of a pre-contractual measure.

The collected customer data will be blocked after completion of the contract, after termination of the business relationship or after deletion of your customer account and deleted after expiry of tax and commercial retention periods, unless you have agreed to further use of your data.

2.2.2 Data collection and processing using our e-mail address or contact function

For emails or messages via the contact form, we store your data until the completion of the processing of your message. The mandatory information in the form of the contact form can be recognized by the correspondingly marked input fields. The data will be used exclusively for the processing of your request, after completion of the processing your data will be deleted. The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process the data in the event of a legitimate interest. Our legitimate interest in this case is to answer your message or to process your request.

2.2.3 Newsletter function, data processing and possibility of objection.

2.2.3.1 You have subscribed to our newsletter subscription:

If you subscribe to our free newsletter, data from the login form will be sent to us. The mandatory information can be recognized by the correspondingly marked input fields and is limited to the required minimum (email address). For the processing of your data, a consent is obtained during the registration process and reference is made to this Privacy Policy. The legal basis for data processing is Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR), which allows us to process the data if you have consented to the processing.

The data will not be passed on to third parties but used exclusively for sending newsletters. The subscription to the newsletter (your consent) may be objected to at any time for the future. To revoke your consent, there is a link to unsubscribe from the newsletter in each newsletter but opt-out can also be made directly via our website. Of course, the request to unsubscribe from the newsletter can also be addressed directly to the person responsible for the data processing. This is mentioned under point 1 of this Privacy Policy. After unsubscribing from the newsletter subscription, the data will be deleted unless you have consented to further use, or we reserve the right to further use (as explained below under 2.2.3.2), which is permitted by law.

2.2.3.2 If we send newsletters to our existing customers

If you have purchased goods or services on our website and have stored your e-mail address, this can be used by us, unless you have objected, for sending a newsletter. In such a case, the newsletter will only send direct mail for similar goods or services from our offer. The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 Abs. 3 UWG. (German law). The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process the data in the event of a legitimate interest. Our legitimate interest in this case is to send you personalized advertising. You may object to the use of your data for this purpose, at any time with future effect. For the objection, please contact the person responsible for the data processing. This is mentioned under point 1 of this Privacy Policy.

2.3 Disclosure of the data to fulfil the contract to third parties

2.3.1 Transfer to shipping service providers in general and credit institution

For payment transactions and, if applicable, delivery of goods, we pass on personal data, to the minimum required, to service providers (third parties), if this is necessary for the execution of the contract.

If we pass on your data to a shipping service provider (such as DHL or UPS), the legal basis for this is Art. 6 (1) lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the performance of a contract with you or for the performance of a pre-contractual measure.

If we pass on your payment data to the commissioned bank, the legal basis for this is Article 6 (1) lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the performance of a contract with you or for the performance of a pre-contractual measure.

2.3.2 Transfer of e-mail address and / or telephone number to the shipping service provider

You have to agree on our website the choice of forwarding your email address and / or telephone number in order to enable the selected shipping service provider to announce the delivery or to coordinate with you. In the following, we will inform you about which data will be passed on to which shipping service provider and on what legal basis this happens:

2.3.2.1 DHL

If the delivery of your goods by the shipping service DHL, and you have agreed in the ordering process expressly in the transfer of your email address, this is passed to DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany) to announce the delivery or reconciliation of the delivery date. The legal basis for data processing is Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR), which allows us to process the data if you have consented to the processing. If you do not agree to the transmission of the email address, the delivery will be made in accordance with the conditions of paragraph 2.3.1 of this Privacy Policy. An announcement of the delivery, or a coordination of the delivery date, by DHL is then not possible.

A given consent to the use of data can be revoked at any time for the future. Please contact the person responsible for the data processing (this is mentioned in point 1 of this Privacy Policy), or the shipping service provider directly.

2.3.2.2 UPS

If the delivery of your goods by the shipping service UPS, and you have agreed in the ordering process expressly in the forwarding of your email address, this is passed to UPS (United Parcel Service Germany Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany) to announce the Delivery or coordination of the delivery date. The legal basis for data processing is Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR), which allows us to process the data if you have consented to the processing. If you do not agree to the transmission of the email address, the delivery will be made in accordance with the conditions of paragraph 2.3.1 of this Privacy Policy. An announcement of the delivery, or a coordination of the delivery date, by UPS is then not possible.

A given consent to the use of data can be revoked at any time for the future. Please contact the person responsible for the data processing (this is mentioned in point 1 of this Privacy Policy), or the shipping service provider directly.

2.3.3 Payment service provider

You have the option of choosing from various payment service providers on our website. Below we will inform you about which data will be passed on and on what legal basis this happens:

2.3.3.1 Amazon Payment

If you select this payment service provider, the data and information you provide about your order will be forwarded to Amazon Payment (Amazon Payments Europe S.C.A., 5 Rue Plaetis, L-2338 Luxembourg) for the purpose of payment processing. The legal basis for this under Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the performance of a contract with you or for the performance of a pre-contractual measure.

For more information about Amazon Payment's Privacy Policy, visit the following Internet address:

https://pay.amazon.com/uk/help/201751600

2.3.3.2 PayPal/PayPal Plus

If you choose this payment service provider, the data required for payment will be forwarded to PayPal (PayPal Europe, S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). The legal basis for this under Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR), which allows us to process the data if you have consented to the processing and Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the performance of a contract with you or for the performance of a pre-contractual measure. You have the right to revoke your consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

If you choose to use the PayPal Plus payment methods via "credit card", "bill", "debit" or "PayPal installment", PayPal reserves the right to solicit credit rating information about you. A credit report may contain scoring values (= probability values). The so-called scoring values are based on a scientifically recognized mathematical-statistical procedure. The calculation of the scores also includes (but not exclusively) your address data. The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows the processing of data in the event of a legitimate interest. The legitimate interest in this case is to determine your identity or solvency.

You can object to the processing of your personal data at any time. However, PayPal may continue to be entitled to process, use and transfer the personal data if this is necessary for contractual payment processing by PayPal, is required by law, or is required by a court or an authority.

If you would like to object to the use of your data or if you want to communicate changes to the stored data, you can contact PayPal directly. You can also get more information about PayPal's privacy policy at the following Internet address:

https://www.paypal.com/en/webapps/mpp/ua/privacy-full?locale.x=en_UK

2.3.3.3 SOFORT

If the payment method "SOFORT" is selected, the payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to which we provide your information communicated during the ordering process in addition to the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. The SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of your data takes place exclusively for the purpose of the payment transaction with the payment service provider SOFORT and only insofar as it is necessary for this. Further information about the privacy policy of SOFORT can be found at the following Internet address:

https://www.klarna.com/sofort/privacy-policy/

 

3. What are cookies and what data is processed?

 

3.1 Cookies that are set through our website

Our website uses so-called cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break. For example, to store and submit the items in your shopping cart or your login information. Most of us used cookies are, so-called "session cookies", which are automatically deleted after closing the browser. Some cookies remain stored on your device and allow to recognize you on your next page visit. The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process the data in the event of a legitimate interest. Our legitimate interest in this case is to offer you a technically flawless and functionally optimized website.

If we store other cookies (for example from partner companies or to analyse your surfing behaviour) on your device, we will inform you in detail below.

You can set your browser so that you are informed about the setting of cookies and then allow these cookies only in individual cases. Likewise, you can generally exclude the acceptance of cookies or accept them only for certain cases. In addition, you can set your browser to delete set cookies after closing the browser window. Please note that if you do not accept cookies, the functionality of our website may be limited.

3.2 Commentary on our website

This feature will save your comment, (if provided) your username (nickname), the time you created your comment, your IP address and your email address. Your data will be stored until the content you have commented on has been completely deleted (or deleted for legal reasons). We reserve the right to delete comments that have been objected to by third parties as being unlawful.

The legal basis for the storage and processing of your comment, the username and the time of writing the commentary is Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR), which allows us to process the data if you give us your consent. You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

The legal basis for the data processing of your IP address and your email address is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process the data in the event of a legitimate interest. Our legitimate interest in this case is to be able to act against you in the case of infringements such as insults or propaganda. We need the email address to contact you if your comment is objected to by a third party.

3.3 Web Analysis/Marketing

3.3.1 Google Analytics

We use the analysis tool Google Analytics on our website. Provider of this analysis tool is the Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". Cookies are small text files that are stored on your computer and thus allow an analysis of the use of the website by you. These analytics data are typically transmitted to and stored by Google on servers in the United States.

The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process the data in the event of a legitimate interest. Our legitimate interest in this case is to analyse user behaviour in order to optimize our offer and our advertising.

Please note that on this website Google Analytics has been extended by the code "gat._anonymizeIp();" in order to ensure an anonymous collection of IP addresses (so-called IP-Masking). By activating IP anonymization, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website and internet usage.

The IP address provided by Google Analytics within your Internet browser will not be merged with any other data provided by Google.

You can prevent cookies from being stored by setting your Internet browser accordingly. However, we would like to point out expressly that in this case you may not be able to use all functions of this website in full.

Sie können die Datenerfassung durch Google Analytics verhindern, indem Sie nachfolgenden Link anklicken und das dort angebotene Tool herunterladen:

You can prevent the collection of data by Google Analytics by clicking on the link below and downloading the tool offered there:

https://tools.google.com/dlpage/gaoptout?hl=enGB

You can also prevent Google Analytics from collecting data by clicking on the link below which sets an optout cookie which prevents the collection of your information on future visits to this site: Disable Google Analytics.

Unter der folgenden Internetadresse erhalten Sie außerdem weitere Informationen über die Datenschutzbestimmungen von Google:

You can also find more information about Google's privacy policy at the following Internet address:

https://support.google.com/analytics/answer/6004245?hl=en

3.4 Social Media / Plugins

Facebook, Google+, and Twitter using the "2-click solution"

On our website, so-called social plugins ("plugins") of the social networks Facebook and Google+ and the microblogging service Twitter are used. These services are provided by the companies Facebook Inc., Google Inc. and Twitter Inc. ("Vendors").

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An overview of the plugins of Facebook and their appearance can be found here:

https://developers.facebook.com/docs/plugins/?locale=en_US

Google+ is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). An overview of Google's plugins and their appearance can be found here:

https://developers.google.com/+/web/#plugins

Twitter is powered by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103. You'll find an overview of the Twitter buttons and their appearance here:

https://publish.twitter.com/?lang=en#

In order to increase the protection of your data when you visit our website, the plugins are integrated into the page using the so-called "2-click solution". This integration ensures that no connection to the servers of Facebook, Google and Twitter is established when a page of our website that contains such plugins is accessed. Only when you enable the plugins and give your consent to the data transmission, your browser makes a direct connection to the Google, Facebook or Twitter servers. The content of the respective plugin is then transmitted directly from the respective provider to your browser and integrated into the page. Through the integration of the plugins, the providers get the information that your browser has called up the corresponding page of our website, even if you do not have a profile with the respective provider or just not logged in. This information (including your IP address) will be transmitted directly from your browser to a server in the United States and stored there.

If you are logged in to one of the social networks, the providers can directly assign our website to your profile on Facebook or Google+. If you interact with the plugins, like the "Like" button, the "+1" or the "Twittern" button, the corresponding information is also transmitted directly to a server of the providers and stored there. The information is also published on the social network or on your Twitter account and displayed there to your contacts.

The purpose and scope of the data collection and the further processing and use of the data by the providers, as well as your rights and settings for the protection of your privacy, please refer to the data protection guidelines of the providers.

Privacy Policy of Facebook:

https://www.facebook.com/policy.php

Privacy Policy from Google:

http://www.google.com/intl/en/+/policy/+1button.html

Privacy Policy from Twitter:

https://twitter.com/en/privacy

If you do not want Facebook, Google or Twitter to map the data collected through our website directly to your profile in the service, you must log out of the service before activating the plugins.

 

4. How is the data saved?

The transfer of personal data takes place exclusively encrypted via an SSL or a TLS connection. This applies to messages about our contact function as well as your order and payment data. By encrypting your sensitive personal data cannot be intercepted and viewed by unauthorized third parties. An encrypted connection can be recognized by the fact that the address line of the browser starts with "https: //" (and the lock icon in the browser line).

The data stored in the systems of our website are secured by passwords and cannot be seen by unauthorized third parties.

Data transmission on the Internet, for example when sending an email, is not 100% secure and may in some cases have security vulnerabilities.

 

5. How long will the personal data be stored?

How long your personal data is stored with us, depends on the respective legal storage period. The commercial and fiscal retention periods are 10 years from the end of the calendar year in which the data were collected. After expiration of the deadlines, the data will be deleted regularly, unless they are still required for initiation or fulfilment of the contract or we have a legitimate interest in the continuation of storage.

 

 

6. What rights do you have vis-à-vis the person responsible for data processing?

Below we list the rights that you have under the General Data Protection Regulation (GDPR), vis-à-vis the person responsible for data processing. The responsible person is mentioned under point 1 of this Privacy Policy. If personal data are processed by you, you are "person concerned" within the meaning of the General Data Protection Regulation (GDPR).

6.1 Your right to information according to Art. 15 General Data Protection Regulation (GDPR)

You may request information from the data controller as to whether personal data from you is being processed. If such processing is available, you may also request information about:

6.1.1 for what purposes this personal data is processed;

6.1.2 the categories of personal data being processed;

6.1.3 the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;

6.1.4 the planned retention period of the personal data concerning you or, if no specific information is available, the criteria for determining the retention period;

6.1.5 the existence of a right to rectification or deletion of personal data concerning you, a right to restriction of processing by the person responsible for data processing or a right to object to such processing;

6.1.6 the existence of a right of appeal to a supervisory authority (responsible is the state data protection officer of the federal state, in which we have our seat - addresses and links can be found here);

6.1.7 all available information about the origin of the data if the personal data is not collected from the data subject (ie you);

6.1.8 the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether the personal data relating to you are transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees under Art. 46 of the General Data Protection Regulation (GDPR) in connection with the transfer.

6.2 Your right to rectification pursuant to Art. 16 General Data Protection Regulation (GDPR)

You have the right to immediate rectification and / or completion to the Data Controller if the personal data you process is inaccurate or incomplete.

6.3 Your right to cancellation pursuant to Art. 17 General Data Protection Regulation (GDPR)

You may require the person responsible for the processing of the data to immediately delete your personal data and he / she is obliged to delete that personal data immediately, provided that one of the following applies:

6.3.1 Obligation to delete

6.3.1.1 The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

6.3.1.2 You revoke your consent, to which the processing acc. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for processing.

6.3.1.3 In accordance with Art. 21 (1) GDPR, you object to the processing of the data and there are no prior justifiable reasons for the processing or you submit according to. Art. 21 para. 2 GDPR Opposition to processing.

6.3.1.4 Your personal data has been processed unlawfully.

6.3.1.5 The deletion of personal data concerning you is required to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

6.3.1.6 The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

6.3.2 Information to third parties

If the person responsible for data processing has made the personal data relating to you public and is in accordance with. Article 17 (1) of the GDPR, it shall take appropriate measures, including technical means, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs Persons requesting deletion of any links to such personal data or of copies or replications of such personal data.

6.3.3 Exceptions

The right to erasure does not exist if the processing is necessary

6.3.3.1 to exercise the right to freedom of expression and information;

6.3.3.2 to fulfil a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a public interest mission or in the exercise of official authority which was transferred to the Responsible person;

6.3.3.3 for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;

6.3.3.4 for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or

6.3.3.5 zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen.

6.3.3.5 for the assertion, exercise or defence of legal claims.

6.4 Your right to restriction of processing according to Art. 18 General Data Protection Regulation (GDPR) Right to restriction of processing

You have the right to require the data controller to restrict processing if any of the following conditions apply:

6.4.1 if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;

6.4.2 the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;

6.4.3 the controller no longer needs personal data for the purposes of processing, but you need them for the purposes of asserting, exercising or defending legal claims, or

6.4.4 if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, these data may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be notified by the person responsible before the restriction is lifted.

6.5 Your Right to Information According to Art. 19 General Data Protection Regulation (GDPR)

If you have asserted the right of rectification, erasure or restriction of the processing to the controller of the data processing, it is obliged to notify all recipients to whom the personal data you have disclosed this rectification or deletion of the data or restriction of processing because, this proves to be impossible or is associated with a disproportionate effort.

You have a right to the person responsible to be informed about these recipients.

6.6 Your right to data portability according to Art. 20 General Data Protection Regulation (GDPR)

You have the right to receive in a structured, common and machine-readable format personal data relating to you provided to the Data Controller, and you have the right to transfer this data to another person responsible without interference from the person responsible for data processing, the personal data provided, provided that

6.6.1 the processing on a consent in accordance with Article 6 paragraph 1 lit. a or Article 9 para. 2 lit. a or on a contract based pursuant to Article 6 (1) lit. b and

6.6.2 processing using automated procedures.

In exercising your right to data portability, you also have the right to obtain that the personal data be transmitted directly from one data controller to another responsible party where technically feasible.

This right to data portability shall not apply to any processing necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller of the data.

The right to data portability should not affect the rights and freedoms of others.

6.7 Your right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

6.8 The Automated Decision on a case-by-case basis including profiling

You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision

6.8.1 is required for the conclusion or performance of a contract between you and the controller,

6.8.2 is permissible under European Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or

6.8.3 with your express consent.

However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in 6.8.1 and 6.8.3, the data controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the controller Position and contesting the decision.

6.9 Your right to complain to a regulatory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the General Data Protection Regulation (GDPR).

+++++++++++++++++++++++++++++

6.10 OPPOSITION RIGHT

You have the right at any time, for reasons that arise from your particular situation, to file an objection with effect for the future against the processing of your personal data, which takes action pursuant to Art. 6 para. 1 lit. e or f GDPR; this also applies to Profiling based on these provisions.

The data controller no longer processes the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to Profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications.

+++++++++++++++++++++++++++++

Blomberg, May 25, 2019