Privacy Statement in line with the GDPR
This policy provides information on how Röhlig Logistics handles personal data on the internet, what information about the users of the Röhlig Logistics websites is collected and analyzed and how this information is used, passed on or otherwise processed. It also describes how cookies and other technologies can be used in our applications.
I. NAME AND ADDRESS OF THE CONTROLLER
The controller within the framework of the General Data Protection Regulation and other national data protection legislation of the Member States and other data protection law provisions is:
Röhlig Logistics GmbH & Co. KG
Corporate Head Office
Am Weser-Terminal 8
28217 Bremen / Germany
Tel: +49 421 3031-0
II. Name and address of the data protection officer
The data protection officer of the controller is:
Thees Fock / Am Weser-Terminal 8 /28217 Bremen / Germany
Tel: +49 421-3031-1195
III. General information on data processing
We as Röhlig Logistics GmbH & Co. KG, and our affiliate enterprises respect your privacy. We are aware that you trust us to be responsible in our handling of the personal information you disclose to us. Our policy aims at comprehensive protection of your personal data. Please read on if you want to know more about our data protection policy.
This Privacy Statement regulates the collection, processing and utilisation (hereinafter all together referred to as “processing”) of your personal data, if and to the extent that this is disclosed in your use of our website and / or our booking app, or to the extent that you make contact with us in the course of preparing or implementing a contract or request information from us. In handling this data we strictly observe the applicable legal privacy regulations and the derived principles. We apply the principles of data processing in line with Article 5 GDPR. Your data will only be used for established purposes, will be restricted to the necessary extent, be up to date, only stored for the specific purpose of its collection and processed with appropriate security.
1. Scope of the processing of personal data
We collect and use personal data from our users in principle only to the extent that this is necessary to execute our contracts. After fulfilment of the contractual duties we process this data only after consent has been given. An exception is made in cases where it is not possible to obtain prior consent or if the processing of the data is permitted on the basis of statutory provisions.
2. Legal basis for the processing of personal data
If we obtain the consent of a data subject for processing procedures on personal data, Art. 6 (1) (a) GDPR serves as the legal basis. In the processing of personal data required for the fulfilment of a contract of which the data subject is a contracting party, Art. 6 (1) ( b) GDPR serves as the legal basis. This also applies for processing procedures required for the performance of pre-contractual measures. If the processing of personal data is required for the fulfilment of a legal obligation incumbent upon our company, then Art. 6 (1) (c) GDPR serves as the legal basis. If the processing is needed to protect a justified interest of our company or of a third party and if the interests, basic rights and basic freedoms of the data subjects do not outweigh the former interests then Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
3. Data deletion and duration of storage
The personal data of the data subject is deleted or frozen as soon as the purpose of the storage is removed. Data may also be stored if this is provided for by the European or national legislator in EU law regulations, statutes or other provisions by which the controller is bound. Freezing or deletion of data can also occur if a time limit for storage imposed by the above-mentioned provisions expires, unless there is a need for continued storage of the data for the conclusion or fulfilment of a contract.
4. Data processing in conjunction with provision of transport and logistics services
The provision of transport and logistic services by Röhlig requires some processing of personal data. We may be required to process personal data even before conclusion of a contract (e.g. in the course of preparing an offer) and during performance of the contract.
Personal and business contact data (e.g. family name, first name, company, physical address, e-mail address, telephone number and/or fax number), whose processing is essential for performing our services, may include the following data categories. In the specific case however the processing of other categories of data may be necessary, these are for instance:
Dispatch and transport information
e.g.: dispatch-related contact data of freight forwarders and recipients, their physical addresses, e-mail addresses, telephone numbers, signature of the receipt confirmation, account details, and further information which facilitates us in the performance of our services. And information disclosed to us with regard to the goods to be transported, but only to the extent that this is data of a personal nature.
Information which enables us to verify a person’s identity.
Name, e-mail address and telephone number of a third person if we are asked to send this person information on transport or other services.
Payment information and financial data (e.g. account details)
tax information if you receive services which require the processing of taxation data.
Other personal data which is disclosed to us by you or third parties in the course of providing our services.
If you send personal data to Röhlig, please ensure that this data is relevant, accurate and necessary for the preparation and implementation of the business relationship. In particular if you send data which relates to a third person you are legally obliged to apply the principles of general data protection legislation.
If we collect freight, deliver goods or provide other services, we may process address information. Such information to localise an address in an individual case may in specific cases contain GPS data, geo-codes, lines of latitude/longitude and graphic representations/images.
Certain transport information is sent to authorities in transit or destination countries perhaps for reasons relating to customs or import law, or to carry out safety checks. This transmission depends on the legal provisions in the transit or destination country.
As a rule such data contain the following individual details, whereby individual cases may contain deviations for legal reasons: name and address of the sender, name and address of the recipient, description of the good transported, if applicable the number of items, the weight and value of the consignment.
In the individual case we send personal data to a country other than that in which the data was collected. Data is transferred primarily for the purpose of performing our services, for instance to other companies of the Röhlig group, agents acting in the name of Röhlig Logistics GmbH & Co. KG or other enterprises affiliated with us. Please note that Röhlig Logistics GmbH & Co. KG cooperates with a range of partners to be able to provide you with the best possible service (e.g. sub-contractors such as transport and logistics firms, ports, warehouses, etc.). This can also require the transmission of personal information within the framework of what is legal permissible. To the extent necessary, order data processing contracts will be concluded with third parties.
Please also note that for technical and legal reasons Röhlig Logistics GmbH & Co. KG is not able to provide our services to you if you object to some or all of this data processing and data transmission.
The countries to which we send data may have data protection laws which differ from the standards of the legal order under which you sent the data to us. If we send data to other countries data transmission is done in line with this Privacy Statement.
In the case that personal data is sent between legal systems whose level of protection differs from one another, we will be guided by the stricter legal provisions. We apply specific contracts for the protection of personal data (e.g. the sample contracts of the EU Commission for data transmission to third countries) and we collaborate regularly with our partners and contractors to jointly ensure compliance with all applicable legal requirements.
Further information with regard to the data processed in the course of installation or use of our website or the Röhlig Logistics GmbH & Co. KG app can be found in the relevant section of this Privacy Statement.
5. Data protection in the case of job applications and in the application process
The processing controller collects and processes the personal data of applicants in order to carry out the application process. The processing can also be done electronically. This is the case in particular if an applicant submits application documents electronically, for instance by e-mail or through a web form on the Internet page, to the processing controller. If the processing controller concludes an employment contract with an applicant, the data sent is stored for the purpose of settling the employment relationship observing the legal regulations. If no employment contract is concluded with the applicant by the processing controller, then the application documents are automatically deleted at the latest 6 months after the decision to turn the applicant down, provided such deletion is not prevented by any other justified interests of the processing controller. Another justified interest in this respect is, for instance, an evidential duty in proceedings under the German General Act on Equal Treatment (AGG).
6. Third party access to your personal data
The collection, processing and utilisation of personal data is done by us ourselves and – provided we have not expressly excluded this – also by other companies of the Röhlig group (group companies) or by external service providers commissioned and under a contractual and legal obligation to protect the data. In both the latter cases we will ensure that group companies and external service providers comply with the applicable statutory data protection provisions and the obligations arising from this Privacy Statement. In so doing we are guided by the legal stipulations of the EU General Data Protection Regulation provided no more stringent legal regulations are applicable which take priority.
Beyond this no third party has access to your personal data. We will not sell this data or exploit it in any other way. We will only transmit data to responsible authorities upon official or statutory request and in the case of statutory transmission duties. This also applies in the case of a court order for transmission. In the case of an official, statutory or judicial duty we will check in each specific case whether transmission is in line with the principles of the GDPR and / or other applicable national law and, if applicable, initiate legal steps.
We have taken technical and organisational measures to protect your personal data against loss, alteration, misappropriation or access by unauthorised third parties. Our IT systems are set up in such a way that Röhlig Logistics GmbH & Co. KG conforms to the requirements of Articles 32 et seq. of the European General Data Protection Regulation.
8. Deletion and freezing
We delete your personal data when the business purpose connected with the data is removed or the applicable statutory data protection rules require this. In the case of consent we will delete your data after revocation or removal of the reason for the consent (No. 2.).
At your request we will freeze your personal data partly or completely provided this does not violate an overriding legal interest of Röhlig Logistics GmbH & Co. KG in the data processing. In this respect please let us know to what extent and for how long the data should be frozen. To the extent technically possible, you can in this way exclude the processing and use of your data for certain areas.
9. Children and minors
We do not knowingly process any personal data relating to minors under 16 years of age if we are not legally obliged to do so. If we become aware that data has been transmitted to us outside such a statutory obligation without the consent of the parents or other legal guardians, we will delete this data immediately.
IV. Preparation of the websites and creation of log files
1. Description and scope of the data processing
Every time our Internet pages are accessed our system automatically collects automated data and information about the computer system of the accessing computer.
The following data is collected in this process:
Information on the type of browser and the version used
The operating system of the user
The Internet service provider of the user
The IP address of the user
Date and time of access
Websites accessed by the user’s system via our website
The data is also stored in the log files of our system. This data is not stored together with any other personal data of the user.
2. Legal basis for the data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable the websites to be delivered to the user’s computer. For this the IP address of the user must be stored for the duration of the session.
The data is stored in log files to ensure the functionality of the websites. In addition we use the data to optimise the websites and ensure the security of our information systems. No evaluation of the data for marketing purposes is done in this connection. These purposes also represent our justified interest in the data processing in line with Art. 6 (1) (f) GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. If the data is collected to provide the website this is the case when the relevant session is ended.
If the data is stored in log files this is the case at the latest after seven days. Storage beyond this is possible. In this case the IP addresses of the users are deleted or anonymised so that allocation to the accessing client is no longer possible.
5. Possibility of objection and removal
The collection of data to provide the website and the storage of data in log files is essential for operation of the Internet page. Consequently there is no possibility of objection for the user.
Description and scope of the data processing
In this process the following data can be transferred:
Search terms entered
Frequency of page access
Use of website functions
The user data collected in this way is pseudonymised by technical procedures. Therefore allocation of the data to the accessing user is no longer possible. The data is not stored together with any other personal data of the users.
Legal basis for the data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR. The legal basis for the processing of personal data using cookies for the purpose of analysis in the case that there is consent for the user for this is Art. 6 (1) (a) GDPR.
Purpose of the data processing
Analysis cookies are employed to improve the quality of our website and its content. The analysis cookies enable us to find out how the website is used and thus continually improve our offer.
These purposes also represent our justified interest in the processing of the personal data in line with Art. 6 (1) (f) GDPR.
Duration of the storage, possibility of objection and removal
Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website it is possible that not all the functions of the website can be used to their full extent.
7. Contact form
Description and scope of the data processing
On our website we offer users the possibility to contact us by giving personal data. The data is entered on an input screen, transmitted to us by e-mail and stored. The data is not passed on to any third parties.
The following data is collected during the registration process:
Contact (e-mail address, first name and family name, company name, business address, telephone number, fax number)
Track & Trace / Trucker App (e-mail address, company name, etc. are requested in the dialogue with sales)
Legal basis for the data processing
The legal basis for the processing of data in the case that there is user consent is Art. 6 (1) (a) GDPR. If the registration serves the fulfilment of a contract to which the user is a contracting party or the implementation of pre-contractual measures, then the additional legal basis for the processing of the data is Art. 6 (1) ( b) GDPR.
Purpose of the data processing
User registration is necessary for the provision of certain content and services on our website.
User registration is needed for performance of a contract (Track & Trace) with the user or to implement pre-contractual measures.
Duration of storage
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case for the data collected during the registration process if registration to our website is cancelled or altered. This is the case for data collected during the registration process for the performance of a contract or the implementation of pre-contractual measures when the data is no longer needed for performance of the contract. After conclusion of the contract it may also be necessary to store the personal data of the contractual partner in order to comply with contractual or statutory obligations.
Possibility of objection and removal
As a user you have the possibility to cancel the registration at any time. You can have the data concerning you which is stored by us altered at any time.
In order to, for instance, cancel receipt of the newsletter, this is an option when you receive a newsletter. As regards other tools, please contact the relevant controller.
If data is needed to perform a contract or implement of pre-contractual measures, early deletion of the data is only possible if there are no contractual or statutory obligations which preclude deletion.
The websites of Röhlig Logistics GmbH & Co. KG may contain hyperlinks, i.e. electronic cross references to the websites of third parties. Since Röhlig Logistics GmbH & Co. KG is not responsible for the content of third party websites or their conformity with data protection legislation, we request that you see the relevant privacy statement on the third party websites.
9. Social media
On the website you will find links to external social media (“social plug-ins”). The functions allocated to the links, in particular the transmission of information and user data, are not activated simply by accessing the website, but rather only when the link is clicked. When these links are clicked, the plug-ins of the corresponding media are activated and your browser establishes a direct connection to their servers.
If you click the links while visiting our website, your user data may be transmitted to the relevant network and processed by this network. If you click the links while visiting our website and you are at the same time logged in to the social network through your personal user account, then the information that you have visited our website may be passed on to the social network and be stored there associated with your account. In order to prevent allocation to your account by the corresponding network you must logout of your account before clicking the link.
The purpose and scope of the data processing by the social media (“networks“) and the further processing and use of your data there as well as your rights and setting options in this respect to protect your privacy can be taken from the data protection information of the appropriate network. The data processing that commences when the link is clicked is the sole responsibility of the relevant social network.
As regards the details we would like to refer you to the information on the social media we currently use.
On our website social plug-ins (“plug-ins”) of the social media (“networks”) Xing, LinkedIn and Youtube are used.
These services are provided by the companies Xing AG, LinkedIn Inc. Youtube Inc. (“providers”). The social plug-ins are cookies within the meaning of the text files described under No. 5.
Our websites use functions of the network XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Each time one of our pages containing functions of XING is accessed, a connection is established to servers of XING. To our knowledge no personal data is stored in this process. In particular no IP addresses are stored or user behaviour evaluated.
Use of the XING- plug-in occurs on the basis of Art. 6 (1) (f) GDPR. The website operator has a justified interest in the most comprehensive transparency possible in the social media.
Further information on data protection and the XING share button can be found in the privacy statement of XING at: www.xing.com/app/share.
We incorporate videos from the platform “YouTube” operated by the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Our website uses what is known as the ”Facebook pixel“ from the social network Facebook operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). Facebook is certified under the
EU-U.S. Privacy Shield and therefore provides sufficient guarantees of compliance with European data protection law.
The processing of data by Facebook is done in line with Facebook’s data policy. Relevant general information on the presentation of Facebook ads in Facebook’s data policy: https://www.facebook.com/policy.php. Specific information and details on the Facebook pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.
Purpose of data processing
We use the Facebook pixel for the purposes of analysis, optimisation and business operation of our website. Using the Facebook pixel, Facebook is on the one hand able to identify visitors to our website as a target group for the presentation of ads (what are known as “Facebook ads”). Correspondingly we use the Facebook pixel to show the Facebook ads we control only to such Facebook users as have shown an interest in our online offering or display the particular characteristics (e.g. interests in certain topics or products, determined on the basis of the websites visited), which we specify to Facebook (known as “custom audiences”). With also want to use the Facebook pixel to ensure that our Facebook ads satisfy to the potential interest of the users and are not annoying. The Facebook pixel can also help us understand the effectiveness of Facebook advertising for statistical and market research purposes by showing us whether after clicking on a Facebook ad users were redirected to our website (known as “conversion”).
Legal basis for data processing
The legal basis for the processing of personal data using the Facebook pixel is Article 6 (1) (f) of the General Data Protection Regulation (GDPR), so a legitimate interest on our part. Our legitimate interest here lies in the analysis, optimisation and business operation of our website and our online offering.
Option of objection and removal / Opt out
You can object to the collection of your data by the Facebook pixel and its use to present Facebook ads. In order to set which types of adverts you are shown within Facebook you can call up the page established by Facebook and follow the instructions there about settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are independent of platform, i.e. they are applied for all devices, such as desktop computer and mobile devices.
LinkedIn insight tag
The LinkedIn insight tag enables the collection of data on visits to our website, including the URL, referrer URL, IP address, device and browser characteristics, time stamp and page views. This data is encoded, anonymised within 7 days and the anonymised data is deleted within 90 days. LinkedIn shares no personal data with us but provides only summarised reports on the website target group and ad performance. LinkedIn also offers a re-targeting for website visitors so that with the help of this data we can show targeted ads outside our website without the member being identified. Members of LinkedIn can control the use of their personal data for advertising purposes in their account settings.
Purpose of data processing
The LinkedIn insight tag is used to enable the collection of detailed campaign reports and information on the visitors to our website and thus our advertising and marketing interests. As a customer of LinkedIn marketing solutions we use the LinkedIn insight tag to keep track of conversions, to carry out re-targeting of our website visitors and to collect additional information on the LinkedIn members who view our ads.
Legal basis for data processing
The legal basis for the processing of personal data is Article 6 (1) (f) GDPR, so a legitimate interest on our part. Our legitimate interest here lies in the purposes listed above.
Duration of storage
The data is encrypted, anonymised within seven days and the anonymised data is deleted within 90 days.
Option of deactivation and removal / Opt-out
If you are a member of LinkedIn and do not want LinkedIn to collect data on you through our website and link these with your membership data stored at LinkedIn, you must logout of LinkedIn before visiting our web pages.
You can also end further tracking by LinkedIn through an opt-out. At the end of this page you can manage your cookie settings.
LinkedIn is operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA. An overview of the LinkedIn plug-ins and their appearance can be found here: https://www.linkedin.com/legal/cookie-policy
Through incorporation of the plug-ins and their activation, the providers receive the information that your browser has accessed our web pages, even if you don’t have a profile or are not currently logged in. This information (including your IP address) may be transmitted directly by your browser to a server of the relevant provider and processed there. According to information from the providers Facebook, LinkedIn and Instagram, these providers process the personal data of users from countries of the EU/EEA within the EU. Data from users resident in a state outside the EU/EEA may be processed in the USA or another third country. If data within these providers is sent by servers within the EU/EEA to servers outside the EU/EEA, then Röhlig Logistics GmbH & Co. KG has no legal or technical influence.
The purpose and scope of the data collection and the further processing and utilisation of the data by the providers and your rights in this respect and possible settings to protect your privacy can be taken from the data protection information of the providers.
If you do not want Xing , Linkedin or Youtube to allocate the data collected through our website directly to your profile on the relevant service, you must log out of the relevant service before visiting our website.
This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.
Description and scope of the data processing
It is possible to subscribe to a free newsletter or adjust the settings of an existing subscription. For this the data (e-mail address and company name) are processed accordingly in order to send the newsletter.
In addition the following data is collected during the registration:
IP address of the accessing computer
Date and time of registration
Your consent to the processing of the data within this framework is obtained and you are referred to this Privacy Statement.
No data is sent to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.
Legal basis of the data processing
The legal basis for the processing of the data following the user’s registration for the newsletter is Art. 6 (1) (a) GDPR if there is consent from the user.
Purpose of the data processing
The collection of the user’s e-mail address serves delivery of the newsletter. The collection of other personal data in the course of the registration process serves to prevent abuse of the services and the e-mail addresses used.
Duration of storage
The data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. The e-mail address of the user is therefore stored for as long as the subscription of the newsletter is active.
Possibility of objection and removal
The newsletter subscription can be cancelled by the relevant user at any time. For this there is a corresponding link in every newsletter.
VI. BOOKING PORTAL
1. Description and Scope of Data Processing
On our booking portal we offer you – the users – the possibility of setting up a customer account and to initiate, conclude, process and manage via said account contracts against payment with companies of the Röhlig-Group pertaining to logistics services. In order to do so, your consent will be obtained and your attention drawn to this data protection declaration. The data will be entered by the user into an input mask, transmitted to us and stored. Any forwarding of these data shall be effected according to the conditions described under III. 4. of this data protection declaration. Access to third parties is possible according to thespecifications described under III. 6 of this data protection declaration.
Upon registration the following contact data will be collected: e-mail address, first and last names, company name, company address, telephone number, fax number. In the context of usage of the booking portal the data for the initiation of the contract, i.e. the choice of forwarding services (e.g. goods, place of loading/destination, delivery time) will be stored and processed. These will be entered by the user himself. Should thereafter a contract be concluded concerning the performance of transport and logistics services, Section III 4. of this data protection declaration shall apply.
An automatic decision-making process including profiling shall not take place in this context.
2. Legal basis for the data processing
The legal basis for the processing of the data is, providing the user has granted his consent, Art. 6 Para. 1 lit. a GDPR (General Data Protection Regulation (EU) 2016/679). Should the registration serve the purpose of fulfilling a contract to which the user is a contractual party or the implementation of pre-contractual measures, Art. 6 Para. 1 lit. b GDPR is an additional legal basis for the processing of the data.
3. Purpose of Data Processing
Registration is necessary for the viewing and usage of the booking portal. Data entered by the users will first and foremost be stored and processed for the technical administration of the booking portal, establishing contacts and dealing with customer enquiries. Beyond that, processing is undertaken for the compiling of statistics, needs-based advertising and purposes of quality assurance, process optimisation and planning security.
4. Period of Storage
The data will be deleted as soon as they are no longer necessary for the achievement of the purpose for which they had been collected. The customer account on the booking portal may be cancelled at any time by the user concerned. Until then the data will be stored without any temporal restrictions so that the user may be able to access them at any time (e.g. the order history).
5. Objection and Elimination Option
As a user you have at all times the option of annulling your registration and thus of deleting the customer account. The viewing and/or usage of the booking portal are no longer possible thereafter.
You are able to view and alter the data stored with respect to yourself at any time via your e-mail address and your self-chosen password.
The date pertaining to specific orders will, upon the deletion of the customer account, be blocked after completion of the order (expiry of warranty period) and deleted after the statutory storage periods have expired.
VII. Rights of the data subject
If your personal data is processed you are a data subject within the meaning of the GDPR and you have the following rights against the controller:
1. Right of access
You can demand a confirmation from the controller as to whether personal data concerning you is processed by us.
If such processing is taking place you can demand the following information from the controller:
the purposes for which the personal data is processed;
the categories of personal data which is processed;
the recipients or the categories of recipients to which personal data concerning you is disclosed or is yet to be disclosed;
the planned duration of the storage of personal data concerning you or, if actual details on this are not possible, criteria for establishment of the storage duration;
the existence of a right of rectification or deletion of personal data concerning you, a right to restriction of the processing by the controller or a right to object to this processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information on the origin of the data, if the personal data is not collected from the data subject;
the existence of an automated decision-making process including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the implications and intended consequences of such processing for the data subject.
You have the right to demand information on whether personal data concerning you is transmitted to a third state or an international organisation. In this connection you can demand to be informed of the appropriate guarantees in line with Art. 46 GDPR in connection with the data transmission.
2. Right to rectification
You have the right to rectification and/or completion against the controller, provided the personal data processed concerning you is incorrect or incomplete. The controller must carry out the rectification immediately.
3. Right to restriction of processing
Under the following preconditions you can demand restriction of the processing of the personal data concerning you:
if you dispute the accuracy of the personal data concerning you, for a period which enables the controller to check the accuracy of the personal data;
the processing is illegal and you decline the deletion of the personal data and instead demand restriction of the use of the personal data;
the controller no longer needs the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims, or
if you have lodged an objection to the processing in line with Art. 21 (1) GDPR and it has not yet been established whether the justified grounds of the controller outweigh your grounds.
If the processing of the personal data concerning you is restricted, this data may only be processed – apart from its storage – with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or on the grounds of an important public interest of the European Union or a Member State.
If the processing is restricted under the above-mentioned preconditions you will be informed by the controller before the restriction is lifted.
4. Right to deletion
a. Duty to delete
You can demand from the controller that the personal data concerning you is deleted immediately and the controller is obliged to delete this data immediately if one of the following grounds applies:
The personal data concerning you is no longer needed for the purposes for which it was collected or otherwise processed.
You revoke your consent upon which the processing is based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, und there is no other legal basis for the processing.
You lodge a complaint to the processing in accordance with Art. 21 (1) GDPR and there are no overriding justified grounds for the processing, or you lodge an objection to the processing in line with Art. 21 (2) GDPR.
The personal data concerning you was processed illegally.
The deletion of the personal data relating to you is necessary to fulfil a legal duty under EU law or the law of the Member States to which the controller is subject.
The personal data concerning you was collected in relation to services provided by the information company in line with Art. 8 (1) GDPR.
b. Information to third parties
If the controller has made the personal data concerning you public and if he is obliged to delete it under Art. 17 (1) GDPR, then he shall take the measures which are appropriate with regard to the available technology and implementation costs, also of a technical nature, in order to inform the controller of the data processing that you as the data subject have demanded from them the deletion of all links to this personal data or copies or replications of this personal data.
There is no right to deletion if the processing is necessary to exercise the right of free expression and information;
to fulfil a legal obligation which requires the processing under EU law or the law of the Member States to which the controller is subject, or to complete a task which is in the public interest or in the exercise of public authority which was bestowed upon the controller;
for reasons of public interest in the field of public health under Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
for archiving purposes which are in the public interest, for academic or historic research purposes or for statistical purposes in line with Art. 89 (1) GDPR, to the extent that the right stated under section a) foreseeably makes it impossible or more difficult to achieve the goals of this processing, or to assert, exercise or defend legal claims.
5. Right to be informed
If you have asserted against the controller the right of rectification, deletion or restriction of processing, this latter is obliged to inform all recipients to whom the personal data concerning you was disclosed of this rectification or deletion of the data or restriction of the processing, unless this proves impossible or involves disproportionate efforts. You have the right against the controller to be informed of these recipients.
6. Right to data portability
You have the right to receive the personal data concerning you which you provided to the controller in a structured, standard and machine readable format. In addition you have the right to send this data to another controller without hindrance from the controller to whom the personal data was sent, provided that
the processing is based upon consent in line with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or upon a contract in line with Art. 6 (1) (b) GDPR and
the processing is done by way of automated means. In the exercise of this right you also have the right to effect that the relevant personal data is sent directly from one controller to another controller to the extent that this is technically possible. Rights and freedoms of other persons may not be affected by this. The right to data portability does not apply for the processing of personal data which is required for completion of a task which is in the public interest or in the exercise of public authority which was bestowed upon the controller.
7. Right of objection
You have the right, for reasons resulting from your particular situation, to lodge an objection at any time to the processing of the personal data concerning you which is done on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies for profiling based on one of these provisions.
The controller shall no longer process the personal data concerning you unless he can prove essential grounds for the processing which are worthy of protection, which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to lodge an objection to the processing of the personal data relating to you at any time for the purposes of this type of marketing; this also applies for the profiling, to the extent that this is connected to such direct marketing.
If you object to processing for the purposes of direct marketing, then the personal data concerning you shall no longer be processed for these purposes. You have the possibility in connection with the use of services of the information company – irrespective of Directive 2002/58/EC – to exercise your right of objection by way of automated processes in which technical specifications are used.
8. The right to revoke the declaration of consent under data processing law
You have the right to revoke your consent under data protection law at any time. The revocation of consent does not affect the legality of the processing done on the basis of the consent up to the revocation.
9. Automated decision-making in individual cases including profiling
You have the right not to be subjected to decision-making based exclusively on automated processing – including profiling – which takes legal effect over you or which considerably hinders you in a similar way. This does not apply if the decision-making
is necessary for the conclusion or fulfilment of a contract between you and the controller,
is permissible under legal provisions of the EU or of the Member States to which the controller is subject, and these legal provisions contain suitable measures to protect your rights and freedoms and your justified interests or
is done with your explicit consent.
However these decisions must not be based on particular categories of personal data under Art. 9 (1) GDPR, if Art. 9 (2) (a) or (g) GDPR does not apply and appropriate measures were taken to protect the rights and freedoms and your justified interests.
With regard to the cases mentioned in (1) and (3), all necessary measures are to be taken by the controllers to comply with your rights under the GDPR.
10. Right to lodge a complaint with a supervisory authority
Regardless of any administrative law or judicial legal remedy to the contrary, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your workplace or the place of suspected violation, if you are of the opinion that the processing of the personal data concerning you is in violation of the GDPR. The supervisory authority with which the complaint is lodged is to inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.