1. An overview of data protection
General information
The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.
Data recording on this website
Who is the responsible party for the recording of data on this website (i.e. the “controller”)?
The data on this website is processed by the operator of the website, whose contact information is available under section “Site notice” on this website.
How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form.
Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g. web browser, operating system or time the site was accessed). This information is recorded automatically when you access this website.
What are the purposes we use your data for?
A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyze your user patterns.
What rights do you have as far as your information is concerned?
You have the right to receive information about the source, recipients and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.
Please do not hesitate to contact us at any time under the address disclosed in section “Information Required by Law” on this website if you have questions about this or any other data protection related issues.
Definitions
The data protection information of the FirmCatalyst GmbH & Co.KG
is based on the definitions which have been used by the European directive and order issuing office in formulating the General Data Protection Regulation (GDPR). The data protection information of the FirmCatalyst GmbH & Co.KG
should be easily read and understood not only by the general public but also by our customers and business partners. In order to ensure this, we would like to clarify in advance the definitions used.
In this data protection information and on our website, we use – amongst others – the following terms:
Personal data
Personal data is any information relating to an identified or identifiable natural person (hereafter “data subject”). Defined as identifiable is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject
Data subject is each identified or identifiable natural person, whose personal data is processed by the controller for the processing.
Processing
Processing means any operation or set of operations which is carried out in connection with personal data – whether or not by automated means – such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restricting of the processing
Restricting of the processing is the marking of personal data as stored with the objective of restricting its processing in the future.
Profiling
Profiling is each type of the automated processing of personal data, which consists of this personal data being used to permit particular personal aspects relating to a particular natural person, and here in particular aspects in respect of work performance, economic situation, health, personal likes, interests, reliability, behaviour, place of residence or change of place of residence of this natural person to be evaluated, analysed or forecast.
Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, in so far as this additional information is kept in a special way and subjected to technical and organizational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
Controller or party responsible for the processing
Controller or party responsible for the processing (hereafter controller) is the natural person or legal entity, authority, institution or other post, which alone or together with others decides on the purposes and means of the processing of personal data. If the purposes and means of the processing are laid down in European Union legislation or the legislation of the member states, then the controller or the particular criteria of the appointment of this controller in accordance with European Union legislation or the legislation of the member states can be provided.
Processor
Processor is a natural person or legal entity, authority, institution or other post, which processes the personal data on the instructions of the controller.
Recipient
Recipient is a natural person or legal entity, authority, institution or other post to which personal data are disclosed regardless of whether this is a third party or not. However, authorities, which receive within the framework of a particular investigation order in accordance with European Union legislation or the legislation of the member states data which possibly may be/contain personal data, do not hold good as recipients.
Third party
Third party is a natural person or legal entity, authority, institution or other post with the exception of the data subject, the controller, the order processor and those persons which are authorized under the direct responsibility of the controller or of the order processor to process the personal data.
Consent
Consent is each declaration of will given voluntarily by the data subject for the definite case in an informed and unambiguous manner in the form of a declaration or other unambiguous confirmatory action, with which the data subject makes clear that he/she agrees to the processing of personal data relating to himself/herself.
General information on data processing; legal basis, purposes of processing, duration of storage, objection, and possibility of erasure
General information on the legal basis
Where we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
Art. 6 para. 1 lit. d GDPR serves as a legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
General information on data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
General information on processing on our website
Data protection, data security and secrecy protection have high priority for FirmCatalyst GmbH & Co. KG (hereinafter referred to as FirmCatalyst). The permanent protection of your personal data, your company data and your trade secrets is particularly important to us.
In principle, you can visit our website without providing any personal information. However, if you make use of the services of our company via our website, this requires the disclosure of your personal data. In general, we use the data communicated by you and collected by the website and the data stored during use exclusively for our own purposes, namely for the implementation and provision of our website and for the initiation, implementation and processing of the services offered via the website (contract performance) and do not pass these on to outside third parties, unless there is an officially ordered obligation to do so. In all other cases, we will obtain your separate consent.
Your personal data will be processed in accordance with the requirements of the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to FirmCatalyst. By means of this data protection note, we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, we will inform you of your rights by means of this data protection notice.
FirmCatalyst has implemented technical and organizational measures to ensure adequate protection of personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed.
Collecting of general data and information
The website of FirmCatalyst GmbH & Co. KG collects a range of general data and information each time the website is called by a data subject or an automated system. This general data and information is stored in the log files of the server. Able to be collected are: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website, from which an accessing system reaches our website (so-called referrer), (4) the sub-websites, which are steered to on our website via an accessing system, (5) the date and time of an access to the website, (6) an Internet-protocol-address (IP-address), (7) the Internet service provider of the accessing system and (8) other similar data and information, which serve the warding off of hazards in the case of attacks to our IT systems.
In using this general data and information FirmCatalyst GmbH & Co.KG draws no conclusions about the data subject. Much more is this information needed (1) to be able to deliver out the content of our website correctly, (2) to permit the optimization of the content of our website and of the advertising for this, (3) to ensure the durable functionality of our IT systems and of the technology of our website and (4) to be able to make available to the law enforcement authorities the information necessary for criminal prosecution in the case of a cyber-attack. This anonymously collected data and information is evaluated by FirmCatalyst GmbH & Co. KG on the one hand statistically and on the other hand with the objective of increasing the data protection and the data security in our company in order finally to ensure an optimal level of protection for the personal data processed by ourselves. The anonymous data of the server-logfiles are stored separately from all the personal data stated by a data subject.
Legal foundation: Article 6 Para. 1 lit. f GDPR (legitimate interest)
Storage purpose: The temporary storing of the IP-address by the system is necessary to permit the delivery of the website to the computer of the user. For this the IP-address of the user must remain stored for the duration of the session.
Storage duration: The data is deleted as soon as it is no longer necessary for achieving the purpose of their collection. This is the case when the particular session has ended in situations where the data is collected for making the website available.
Objection / opportunity for elimination: No because the data is essential for operating of the website
E-mail and phone contact
It is possible for contact to be made via the e-mail address or phone number that is provided. In this case the personal data of the user transmitted with the e-mail or communicated via phone is stored.
In this connection no data is passed on to third parties. The data is used exclusively for the processing of the conversation and will immediately be deleted if it is no longer needed.
Legal foundation: Legal foundation for the processing of the data is as a rule Article 6 Para. 1 lit. b. GDPR in the case of enquiries via e-mails. (contract fulfilment; pre-contractual measures); Article 6 Para. 1 lit. c. GDPR (fulfilment of a legal obligation, e.g. answering of questions on data protection) and in addition, Article 6 Para. 1 lit. f GDPR (legitimate interest).
Storage purpose: The processing of the personal data from e-mail / phone serves is solely for the processing of the contact. This is also the necessary legitimate interest in the processing of the data.
Storage duration: The data is deleted as soon as it is no longer needed for achieving the purpose of their collection. This is the case for the personal data sent by e-mail or communicated by phone when the particular conversation with the user has ended. The conversation has ended when the circumstances allow the conclusion to be drawn that the matter in question has been finally clarified. The above does not hold good if the correspondence is subject to a retention obligation under commercial law.
Objection / opportunity for elimination: The user has the opportunity to object at any time to the storing of his personal data. In such a case the conversation cannot be continued.
Data protection with applications and application processes
We collect and process the personal data of applicants for the purpose of progressing the application process. The processing can also be carried out electronically. This is in particular the case when an applicant sends to us relevant application documents by an electronic route, e.g. per e-mail. If we conclude a contract of employment with yourself as applicant, the data transmitted will be stored for purposes of progressing the employment relationship subject to observation of the legal regulations. If a contract of employment is not concluded by the party responsible for the processing with the applicant, then the application documents will be automatically deleted six months after notification of the rejection in so far as there is no other legitimate interest of the party responsible for the processing against deletion. Another legitimate interest in this sense is, for example, an obligation of proof in a process in accordance with the German General Equal Treatment Act.
Legal foundation: Legal foundation for the processing of the data is as a rule Article 6 Para. 1 lit. b. GDPR with job applications submitted via the contact form and/or e-mail. (fulfilment of the employment contract; measures prior to the concluding of an employment contract); Article 6 Para. 1 lit. c. GDPR (Fulfilment of a legal obligation, e.g. answering of questions in connection with the job-application process) and apart from this Article 6 Para. 1 lit. f GDPR (legitimate interest) and special legal authorization rules such as a collective agreement, company agreement, income tax law etc. A supplementary reference is made to the Personnel / HR processing file.
Storage purpose: If we conclude an employment contract with you as job applicant, the data transmitted for the purpose of progressing the employment relationship will be stored whereby the legal obligations will be observed.
Storage duration: If no employment contract is concluded between the party responsible for the processing and the job applicant, then the job-application documents will be automatically deleted six months after the notification of rejection has been sent in so far as no other legitimate interest of the party responsible for the processing conflicts with the deletion. A legitimate interest in this connection could be – for example – a proof obligation in a process in accordance with the German General Equal Treatment Act).
Objection / opportunity for elimination: Only general objection and elimination opportunities.
Analysis tools and tools provided by third parties
There is a possibility that your browsing patterns will be statistically analyzed when your visit this website. Such analyses are performed primarily with what we refer to as analysis programs.
For detailed information about these analysis programs please consult our Data Protection Declaration below.
2. Hosting and Content Delivery Networks (CDN)
External Hosting
This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.
The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.
We are using the following host:
RAIDBOXES GmbH
Friedrich-Ebert-Straße 7
48153 Münster
Telefon: +49 251 1498 2000
E-Mail: support@raidboxes.io
Execution of a contract data processing agreement
In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with our host.
Cloudflare
We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).
Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.
The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6 Sect. 1 lit. f GDPR).
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.cloudflare.com/media/pdf/cloudflare-customer-dpa.pdf.
For more information on Cloudflare’s security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy/.
Execution of a contract data processing agreement
In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with Cloudflare.
3. General information and mandatory information
Data protection
The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.
Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.
We herewith advise you that the transmission of data via the Internet (i.e. through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.
Information about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller on this website is:
FirmCatalyst GmbH & Co. KG
Schreiberhauer Straße 4
10317 Berlin
Phone: +49(0) 156 785 535 92
E-mail: info@firmcatalyst.com
The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g. names, e-mail addresses, etc.).
Name and address of the data protection officer
With regard to the present legal situation, according to Sec. 38 Para. 1 BDSG we are not obliged to appoint a data protection officer.
Storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
Information on data transfer to the USA
Our website uses, in particular, tools from companies based in the USA. When these tools are active, your personal information may be transferred to the US servers of these companies. We must point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to release personal data to security authorities without you as the data subject being able to take legal action against this. The possibility cannot therefore be excluded that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Rejection of unsolicited e-mails
We herewith object to the use of contact information published in conjunction with the mandatory information to be provided in section “Information Required by Law” to send us promotional and information material that we have not expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, for instance via SPAM messages.
4. Recording of data on this website
Cookies
Our websites and pages use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them or they are automatically eradicated by your web browser.
In some cases, it is possible that third-party cookies are stored on your device once you enter our site (third-party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g. cookies for the processing of payment services).
Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies (e.g. the shopping cart function or the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.
In this way the following data can be transmitted:
- Search terms entered
- Frequency with which pages are called
- Use of website functions
The user data collected in this way is pseudonymized by technical precautions. The data is not stored together with other personal data of the user.
When our website is called, the user is informed about the use of cookies for analytical purposes and his/her consent to the processing of the personal data used in this connection is obtained. In this connection a reference to this data protection information is also made.
In addition, users can find out how to disable cookies on the main browsers by following the links below:
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox
- Chrome browser: https://support.google.com/accounts/answer/61416?hl=en
- Internet Explorer: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Cookies, which are required for the performance of electronic communication transactions (required cookies) or for the provision of certain functions you want to use (functional cookies, e.g. for the shopping cart function) or those that are necessary for the optimization of the website (e.g. cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6 Sect. 1 lit. f GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of cookies to ensure the technically error free and optimized provision of the operator’s services. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6 Sect. 1 lit. a GDPR); this consent may be revoked at any time.
You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.
In the event that third-party cookies are used or if cookies are used for analytical purposes, we will separately notify you in conjunction with this Data Protection Policy and, if applicable, ask for your consent.
Essential
Essential cookies enable basic functions and are necessary for the proper function of the website.
Borlabs Cookie
Name | Borlabs Cookie |
---|---|
Provider | Owner of this website, Imprint |
Purpose | Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie. |
Cookie Name | borlabs-cookie |
Cookie Expiry | 1 Year |
Polylang
Name | Polylang |
---|---|
Provider | FirmCatalyst GmbH & Co KG |
Purpose | Stores the current language. |
Privacy Policy | https://firmcatalyst.com/privacy-policy/ |
Host(s) | firmcatalyst.com, firmcatalyst.de |
Cookie Name | pll_language |
Cookie Expiry | 1 Year |
Google Tag Manager
Name | Google Tag Manager |
---|---|
Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
Purpose | Cookie by Google used to control advanced script and event handling. |
Privacy Policy | https://policies.google.com/privacy?hl=en |
Cookie Name | _ga,_gat,_gid |
Cookie Expiry | 2 Years |
VG Wort
Name | VG Wort |
---|---|
Provider | Verwertungsgesellschaft Wort |
Purpose | VG Wort's cookie helps to determine the probability of our texts being copied and ensures that authors and publishers are compensated for legal claims. IP addresses are only processed in anonymized form. |
Privacy Policy | https://www.vgwort.de/datenschutz.html |
Host(s) | *.vgwort.de |
Cookie Name | srp |
Cookie Expiry | Sitzung |
Cloudflare
Name | Cloudflare |
---|---|
Provider | Cloudflare Inc. |
Purpose | Used by the Content-Network Cloudflare to identify trustworthy nettraffic. |
Privacy Policy | https://www.cloudflare.com/en-gb/cookie-policy/ |
Host(s) | cloudflare.com |
Cookie Name | __cfduid, __cfruid, __cf_bm, cflb, info, use, cfruid, clearance |
Statistics
Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website.
Google Analytics
Name | Google Analytics |
---|---|
Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
Purpose | Cookie by Google used for website analytics. Generates statistical data on how the visitor uses the website. |
Privacy Policy | https://policies.google.com/privacy?hl=en |
Cookie Name | _ga,_gat,_gid |
Cookie Expiry | 2 Years |
Marketing
Marketing cookies are used by third-party advertisers or publishers to display personalized ads. They do this by tracking visitors across websites.
External Media
Content from video platforms and social media platforms is blocked by default. If External Media cookies are accepted, access to those contents no longer requires manual consent.
Name | |
---|---|
Provider | Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland |
Purpose | Used to unblock Facebook content. |
Privacy Policy | https://www.facebook.com/privacy/explanation |
Host(s) | .facebook.com |
Google Maps
Name | Google Maps |
---|---|
Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
Purpose | Used to unblock Google Maps content. |
Privacy Policy | https://policies.google.com/privacy?hl=en&gl=en |
Host(s) | .google.com |
Cookie Name | NID |
Cookie Expiry | 6 Month |
Name | |
---|---|
Provider | Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland |
Purpose | Used to unblock Instagram content. |
Privacy Policy | https://www.instagram.com/legal/privacy/ |
Host(s) | .instagram.com |
Cookie Name | pigeon_state |
Cookie Expiry | Session |
OpenStreetMap
Name | OpenStreetMap |
---|---|
Provider | Openstreetmap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom |
Purpose | Used to unblock OpenStreetMap content. |
Privacy Policy | https://wiki.osmfoundation.org/wiki/Privacy_Policy |
Host(s) | .openstreetmap.org |
Cookie Name | _osm_location, _osm_session, _osm_totp_token, _osm_welcome, _pk_id., _pk_ref., _pk_ses., qos_token |
Cookie Expiry | 1-10 Years |
Name | |
---|---|
Provider | Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland |
Purpose | Used to unblock Twitter content. |
Privacy Policy | https://twitter.com/privacy |
Host(s) | .twimg.com, .twitter.com |
Cookie Name | __widgetsettings, local_storage_support_test |
Cookie Expiry | Unlimited |
Vimeo
Name | Vimeo |
---|---|
Provider | Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA |
Purpose | Used to unblock Vimeo content. |
Privacy Policy | https://vimeo.com/privacy |
Host(s) | player.vimeo.com |
Cookie Name | vuid |
Cookie Expiry | 2 Years |
YouTube
Name | YouTube |
---|---|
Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
Purpose | Used to unblock YouTube content. |
Privacy Policy | https://policies.google.com/privacy?hl=en&gl=en |
Host(s) | google.com |
Cookie Name | NID |
Cookie Expiry | 6 Month |
Legal foundation: Article 6 Para. 1 lit. f GDPR (legitimate interests) for strictly technically essential cookies In addition: Article 6 Para. 1 lit. a GDPR (consent)
Storage purpose: The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR. Analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies enable us to find out how the website is being used and thus to continuously optimize our offer. You can agree to this with your consent.
Storage duration: Cookies are stored on the user’s computer and are transmitted from this to our website. Accordingly, you as user have full control over the use of cookies.
Objection / opportunity for elimination: By carrying out a change to the settings of your browser you can deactivate cookies or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be carried out automatically. However, if cookies for our website are deactivated, it may no longer be possible to use all the functions of the website in full. The transmission of flash cookies cannot be prevented via the browser settings but requires changes to the setting of the flash player.
Cookie Consent with Borlabs Cookie
Our website uses the Borlabs cookie consent technology to obtain your consent to the storage of certain cookies in your browser and for their data privacy protection compliant documentation. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter referred to as Borlabs).
Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.
The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
We use the Borlabs cookie consent technology to obtain the declarations of consent mandated by law for the use of cookies. The legal basis for the use of such cookies is Art. 6 Sect. 1 Sentence 1 lit. c GDPR.
Server log files
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
- The type and version of browser used
- The used operating system
- Referrer URL
- The hostname of the accessing computer
- The time of the server inquiry
- The IP address
This data is not merged with other data sources.
This data is recorded on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
5. Analysis tools and advertising
VG Wort METIS – Cookies and messages on access numbers
We use “session cookies” from VG Wort, Munich, to measure access to texts in order to determine the probability of copying. Session cookies are small information units that a provider stores in the working memory of the visitor’s computer. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. Session cookies cannot store any other data. These measurements are carried out by Kantar Deutschland GmbH according to the Scalable Central Measurement Method (SZM). They help to determine the copying probability of individual texts for the remuneration of legal claims of authors and publishers. We do not collect personal data via cookies.
We thus enable our authors to participate in the distributions of VG Wort, which ensure the legal remuneration for the use of copyrighted works in accordance with § 53 UrhG.
It is also possible to use our offers without cookies. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to inform you as soon as cookies are sent.
Data protection regulations for the use and application of the Scalable Central Measurement Method (SZM)
Our website and our mobile website use the “Scalable Central Measurement Method” (SZM) of Kantar Deutschland GmbH to determine statistical parameters for determining the copy probability of texts.
Anonymous measurement values are collected in the process. The access count measurement alternatively uses a session cookie or a signature, which is created from various automatically transmitted information of your browser, for the recognition of computer systems. IP addresses are only processed in anonymized form.
Legal foundation: In addition: Article 6 Para. 1 lit. a GDPR (consent)
Storage purpose: Analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies enable us to find out how the website is being used and thus to continuously optimize our offer. You can agree to this with your consent.
Storage duration: Cookies are stored on the user’s computer and are transmitted from this to our website. Accordingly, you as user have full control over the use of cookies.
Objection / opportunity for elimination: Consent withdrawal / consent management via cookie consent mechanism
Data protection regulations for the use and application of Google Analytics (with anonymization function)
General information
We have integrated on this website the Google Analytics component (with anonymization function). Google Analytics is a web-analysis service. Web-analysis is the collecting, compilation and evaluating of data concerning the behaviour of the visitors to websites. A web-analysis service collects – amongst other things – data on from which website (the so-called referrer) a data subject has come to a website, which subsites of the website were accessed or how often and for what period a subsite was watched. Web-analysis is used primarily for optimization of a website and for cost-benefit analysis of Internet advertising.
The operating company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Anonymization of the IP address
The party responsible for the processing uses the suffix „gat.anonymizeIp“ for the web analysis via Google Analytics. With the aid of this suffix the IP-address of the Internet connection of the data subject is abbreviated and anonymized if the access to our website comes from a member state of the European Union or from another signatory of the agreement on the European Economic Area.
Processing
The purpose of the Google Analytics component is the analysis of the visitor flows to our website. Google uses the data and information obtained in order to – amongst other things – evaluate the use of our website, to prepare for us online reports which show the activities on our website and to provide further services linked with the use of our website.
Google Analytics sets a cookie on the IT system of the data subject. What cookies are has been explained above. The setting of cookies enables Google to analyze the use of our website. With each call of an individual page of this website, which is operated by the party responsible for the processing and on which a Google Analytics component has been integrated, the Internet browser on the IT-system of the data subject is automatically caused by the particular Google Analytics component to transmit data to Google for the purpose of online analysis. Within the framework of this technical process, Google obtains knowledge of personal data such as the IP-address of the data subject, which data enables Google to – amongst other things – trace the origin of the visitor and clicks and as a consequence to make possible the issuing of commission invoices.
With the aid of cookies items of information related to personal data, e.g. the access time, the place from which an access started and the frequency of the visits to our website by the data subject, are stored. With each visit to our website this personal data including the IP-address of the Internet connection used by the data subject is transmitted to the United States of America. This personal data is stored by Google in the U.S.A. In certain circumstances Google passes on this personal data as collected via the technical process to third parties.
As has already been described above, the data subject can prevent the setting of cookies by our website at any time by making an appropriate setting on his/her Internet browser as used and thereby object to the setting of cookies in a durable manner. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the IT system of the data subject. In addition, a cookie that has already been set by Google Analytics, can be deleted at any time via the Internet browser or another software program.
Demographic characteristics on Google Analytics
This website uses the “demographic characteristics” function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item “Objection to data collection”.
Withdrawal of consent
You have the option to prevent the recording of your data by Google Analytics by using the following button. This will result in the placement of an opt out cookie, which prevents the recording of your data during future visits to this website:
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.
Preventing the setting of cookies via the web browser
The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the internet browser and thus permanently object to the setting of cookies. Such a setting of the Internet browser would also prevent Google from setting a cookie on the IT system (e.g., laptop or mobile device) of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
Preventing the setting of cookies via browser add on
Furthermore, the data subject has the opportunity to object to collection of the data relating to use of this website generated by Google Analytics and to the processing of this data by Google and to prevent such collection. For this the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and no information on the visiting of websites may be transmitted to Google Analytics. The installation of the browser add-on is evaluated by Google as an objection. If the IT system of the data subject is deleted, formatted or installed anew at a later point in time, then the data subject must carry out the installation of the browser add-on again in order to deactivate Google Analytics. In so far as the browser add-on is deinstalled or deactivated by the data subject or by another person, who can be considered to belong to the area of control of the data subject, then the browser add-on can be installed or activated again.
Further Information
Further information and the valid and applicable data protection regulations of Google can be called under https://www.google.de/intl/de/policies/privacy/ as well as under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link: https://www.google.com/intl/de_de/analytics/.
Google Ads
We have integrated Google Ads on this website. Google Ads consists of Google AdSense, DoubleClick and other services of the Google Ads network. Google Ads is a service for Internet advertising which permits the advertiser to place an advertisement not only in Google’s search engine results but also in the Google advertising network. Google Ads permits an advertiser to lay down in advance particular key words by means of which an advertisement will only be displayed in Google’s search engine results when the user calls a key-word relevant search result with the search engine. In the Google advertising network the advertisements are distributed to thematically relevant websites with the aid of an automatic algorithm and subject to observation of the previously defined key words.
Operating company for the services of Google Ads is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google Ads is the advertising of our website through the overlaying of interest-relevant advertising on the website of third parties and in the search engine results of the Google search engine and an overlaying of third party advertising on our website.
If a data subject reaches our website via a Google advertisement, a so-called conversion cookie is stored on the IT system of the data subject by Google. What cookies are has been already described above. A conversion cookie loses its validity after 30 days and does not serve for the identification of the data subject. The conversion cookie – in so far as it has not expired – permits determination of whether a particular subsite, for example the shopping basket of an online shop system, was called on our website. With the aid of the conversion cookies not only ourselves but also Google can deduce whether a data subject, who reaches our website via an AdWords advertisement, generated turnover, i.e. completed a purchase or broke off.
The data and information collected through the use of conversion cookies is used by Google in order to prepare visit statistics for our website. These visit statistics are in turn used by ourselves to determine the total number of visitors which are conveyed to us via AdWords advertisements, i.e. in order to determine the success or lack of success of the particular AdWords advertisement and in order to optimize our AdWords advertisements for the future. Neither our company nor other advertising customers of Google Ads receive information from Google with the aid of which the data subject could be identified.
With the aid of the conversion cookies personal data, for example the websites visited by the data subject, is stored. Accordingly, personal data including the IP-address of the Internet connection used by the data subject is transmitted to Google in the United States of America with each visit to our websites. This personal data is stored by Google in the U.S.A. Under certain circumstances Google passes on the personal data collected via the technical process to third parties.
As has already been described above, the data subject can prevent the setting of cookies by our website at any time by making an appropriate setting in the Internet browser used and thereby object to the setting of cookies in a durable manner. Such a setting in the Internet browser used would also prevent Google from setting a conversion cookie in the IT system of the data subject. In addition, a cookie that has already been set by Google Ads can be deleted at any time via the Internet browser or by a software program.
Furthermore, the data subject has the opportunity to object to the interest-related advertising. For this the data subject must call from each of the Internet browsers he/she uses the link www.google.de/settings/ads and there carry out the desired settings.
The FirmCatalyst GmbH & Co. KG is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure that your personal data is processed lawfully and securely.
Further information and the valid data protection regulations of Google can be called under https://www.google.de/intl/de/policies/privacy/.
Google Conversion-Tracking
This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the assistance of Google Conversion Tracking we are in a position to recognize whether the user has completed certain actions. For instance, we can analyze the how frequently which buttons on our website have been clicked and which products are reviewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn how many users have clicked on our ads and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google as such uses cookies or comparable recognition technologies for identification purposes.
We use Google Conversion Tracking on the basis of Art. 6 Sect. 1 lit. et seq. GDPR. The operator of the website has a legitimate interest in the analysis of the user patterns with the aim of optimizing both, the operator’s web presentation and advertising. If a respective declaration of consent was requested (e.g. concerning the storage of cookies), processing shall occur exclusively on the basis of Art. 6 Sect. 1 lit. a GDPR; the given consent may be revoked at any time.
For more information about Google Conversion Tracking, please review Google’s data protection policy at: https://policies.google.com/privacy?hl=en
6. Newsletter
Newsletter data
If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided, and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.
The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
MailPoet
This website uses MailPoet to send newsletters. We provide is Vysiya SARL, 6 rue Dieudé, 13006, Marseilles, France (hereinafter MailPoet).
MailPoet is a service with which, in particular, the sending of newsletters can be organized and analyzed. The data you enter to subscribe to the newsletter is stored on our servers but sent through MailPoet’s servers so that MailPoet can process your newsletter-related data (MailPoet Sending Service). You can find details here: https://account.mailpoet.com/.
Data analysis by MailPoet
MailPoet helps us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened, and which links were clicked on, if any. In this way, we can determine, in particular, which links were clicked on particularly often.
We can also see if certain previously defined actions were performed after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter.
MailPoet also allows us to divide newsletter recipients into different categories (“clustering”). This allows us to classify newsletter recipients according to age, gender, or place of residence, for example. In this way, the newsletter can be better adapted to the respective target groups. If you do not wish to receive an evaluation by MailPoet, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
Detailed information about the functions of MailPoet can be found at the following link: https://account.mailpoet.com/ and https://www.mailpoet.com/mailpoet-features/.
You can find the MailPoet privacy policy at https://www.mailpoet.com/privacy-notice/.
Legal basis
The data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time with effect for the future.
Duration of storage
The data that you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list or deleted after the purpose has been fulfilled. We reserve the right to delete email addresses within the scope of our legitimate interest under Art. 6(1)(f) GDPR. Data stored by us for other purposes remain unaffected.
After you have been removed from the newsletter distribution list, it is possible that your email address will be saved by us in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest in the sense of Art. 6(1)(f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
7. Plug-ins and Tools
YouTube
On this website we have integrated components from YouTube. YouTube is an Internet video portal that enables video publishers to set video clips free of charge and for other users to view, evaluate and comment on these, also free of charge. YouTube permits the publication of all types of video so that not only complete films and television programmes but also music videos, trailers and amateur videos prepared by users can be called via the Internet portal.
Operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, U.S.A.
With each call of one of the individual pages of this website, which is operated by the controller for the processing and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the IT system of the data subject is caused by the particular YouTube component to download a representation of the relevant YouTube component from YouTube. Further information on YouTube can be called under https://www.youtube.com/yt/about/de/. Within the framework of this technical process YouTube and Google receive knowledge of which concrete subsite of our website has been visited by the data subject.
In so far as the data subject is at the same time logged in at YouTube, YouTube will recognize with the calling of a subsite, which contains a YouTube video, which concrete subsite of our website the data subject has visited. This information is collected by YouTube and Google and assigned to the particular YouTube account of the data subject.
YouTube and Google will always receive via the YouTube components information that the data subject has visited our website if the data subject is logged in at our website and at the same time at YouTube; this takes place regardless of whether or not the data subject has clicked on a YouTube video. If the transmitting of this information in this way to YouTube and Google is not desired by the data subject, the latter can prevent this transmission by logging out of his/her YouTube account before calling our website.
FirmCatalyst GmbH & Co. KG is aware of the transfer of your personal data to a third country and has implemented appropriate guarantees in accordance with Art. 46 GDPR to ensure that your personal data is processed lawfully and securely.
The data protection regulations published by YouTube – these can be called down at https://www.google.de/intl/de/policies/privacy/ – provide information on the collecting, processing and using of personal data by Google and YouTube.
Google Web Fonts (local embedding)
This website uses so-called Web Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
Google Maps
On this website we use the service of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.
By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. Furthermore, only the technically necessary data is transmitted. This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not want the assignment with your profile at Google, you have to log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide need-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
FirmCatalyst GmbH & Co. KG is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure that your personal data is processed lawfully and securely.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s data protection declarations. There you will also find further information on your rights and settings to protect your privacy: https://policies.google.com/privacy?hl=en.
Data protection regulations for the use and application of Proven Expert Evaluations
We participate in the evaluation process of the provider Proven Expert of Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany.
Proven Expert offers users the opportunity to evaluate our services. Users who have used our services are asked to give their consent to the sending of the evaluation request. If the users have given their consent (for example by clicking on a checkbox or a link), you will receive a review request with a link to a review page.
We can also integrate the Proven Expert widget into our website. A widget is a functional and content element integrated within our online offer that displays variable information. Although the corresponding content is displayed within our online offer, it is retrieved from the servers of Proven Expert at that moment. Only this way the current content can be shown, especially the current rating. Therefore a data connection to Proven Expert has to be established from the web page accessed within our online offer and Proven Expert receives certain technical data (access data, including the IP address), which are necessary to deliver the content. Furthermore, Proven Expert receives information about the fact that users have visited our online offer. This information could be stored in a cookie and used by Proven Expert to recognize which online offers participating in the Proven Expert evaluation process have been visited by the user. The information could be stored in a user profile and used for advertising or market research purposes.
For further information on the processing of your data by Proven Expert, as well as on your rights of objection and other rights of data subjects, users can read the Proven Expert privacy policy: https://www.provenexpert.com/en-gb/privacy-policy/.
Legal foundation: In addition: Article 6 Para. 1 lit. a GDPR (consent)
Storage purpose: Analysis-marketing cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies enable us to find out how the website is being used and thus to continuously optimize our offer. You can agree to this with your consent.
Storage duration: Cookies are stored on the user’s computer and are transmitted from this to our website. Accordingly, you as user have full control over the use of cookies.
Objection / opportunity for elimination: By carrying out a change to the settings of your browser you can deactivate cookies or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be carried out automatically. However, if cookies for our website are deactivated, it may no longer be possible to use all the functions of the website in full. The transmission of flash cookies cannot be prevented via the browser settings but requires changes to the setting of the flash player.
Appointments via “Book like a Boos”
The website uses the “Book like a boss” service to make appointments easier. By using this service, data is transmitted to Book like a boss. Book Like Boss saves personal data and requests information e.g. the name, email address and telephone number in our booking form, which are required to carry out the appointment. However, the user must give consent to the processing of his data before it is stored or processed. Saved data is deleted after a customer appointment, after answering the question, when the appointment is canceled or on request and is not saved permanently.
We would like to point out that, as the website operator, we have no knowledge of the content of the data transmitted or of how it is used by Book like a boss. The legal basis for this processing is our legitimate interest (in accordance with Art. 6 Para. 1 lit. f GDPR) in offering you a user-friendly, time-saving and progressive way of making an appointment with us.
We have concluded an data processing agreement with Book like a boss in accordance with Art. 28 GDPR.
Furthermore, we would like to point out that you are not obliged to use this service to make an appointment. If you do not want this, please use another of the contact options offered to make an appointment.
For more information, see Book like a Boos’ privacy policy at https://booklikeaboss.com/privacy. The terms and conditions to use this service, see https://booklikeaboss.com/terms.
These functions are offered by Book Like A Boss, 67-50 180th Street, Fresh Meadows, NY 11365-3516, USA.
Third party websites
We have links on our website to other websites (“third-party websites”). It is possible that these websites process personal data about you when you access them. We, FirmCatalyst GmbH & Co. KG, are not responsible for the data processing on these websites. For more detailed information on the processing of your personal data, please refer to the data protection notices of the respective websites.
8. Your rights
If your personal data is processed, then you are the data subject in the sense of the GDPR and you are entitled to the following rights against the controller:
Right of access by the data subject
You can demand from the controller confirmation as to whether personal data that relates to you has been processed by us.
If such processing has taken place, you can demand information on the following from the controller:
- The purposes for which the personal data is processed;
- The categories of personal data which are processed;
- The recipients or, as the case may be, the categories of recipients to which the personal data relating to you has been disclosed or will be disclosed;
- The planned duration of the storage of the personal data relating to you or – if concrete statements on this are not possible – the criteria for the laying down of duration of storage;
- The existence of a right to correction or deletion of the personal data relating to yourself, of a right to a restriction of the processing by the controller or of a right of objection to this processing;
- The existence of a right of appeal at a supervisory authority;
- All the available information on the origin of the data if the personal data was not collected at the data subject;
- The existence of an automated decision-finding process including profiling in accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and its scope and the effects strived for of such a processing for the data subject in question.
You are entitled to the right to demand information on whether the personal data relating to yourself is transmitted to a third country or an international organization. In this connection you can demand to be instructed on the suitable guarantees in accordance with Article 46 GDPR in connection with the transmission.
Right to rectification
You have a right to correction and/or complementing vis à vis the controller in so far as the personal data as processed and which relates to yourself is incorrect or incomplete. The controller has to carry out the correction without delay.
Right to restriction of the processing
Subject to the meeting of the following preconditions you can demand restriction of the processing of the personal data relating to you:
- if you dispute the correctness of the personal data relating to yourself for a period which makes it possible for the controller to check the correctness of the personal data;
- the processing is unlawful and you reject deletion of the personal data and instead demand restriction of the use of the personal data;
- the controller no longer needs the personal data for purposes of the processing but you need the data for the advancing, exercising or defending of legal claims, or
- if you have advanced objection to the processing in accordance with Article 21 Para. 1 GDPR but it has not yet been established whether the justified reasons of the controller outweigh your reasons.
If the processing of the personal data relating to yourself has been restricted, then this data – apart from the storing of this – may only be processed with your consent or for the assertion, exercising or defending of legal claims or for the protection of the rights of another natural person or legal entity or for reasons relating to an important public interest of the European Union or of a member state.
If the restriction of the processing has been restricted in accordance with the afore-mentioned preconditions, then you will be informed by the controller before the restriction is removed.
Right to erasure
Deletion obligation
You can demand from controller that the personal data relating to yourself is deleted without delay and the controller is then obliged to delete this data without delay in so far as one of the following reasons applies:
- The personal data relating to yourself is no longer required for the purposes for which it was collected or for which it was processed.
- You revoke your consent, on which processing in accordance with Article 6 Para. 1 lit. a or Article 9 Para.2 lit. a GDPR was based, and there is no other legal foundation for the processing.
- You submit an objection to the processing in accordance with Article 21 Para. 1 GDPR and there are no justified reasons for the processing with a higher priority, or you submit an objection to the processing in accordance with Article 21 Para. 2 GDPR.
- The personal data relating to you was processed in an unlawful manner.
- The deletion of the personal data relating to you is required to fulfil a legal obligation in accordance with European Union law or the law of the member states, which laws the controller is subject to.
- The personal data relating to you was collected in relation to services offered by the information company in accordance with Article 8 Para. 1 GDPR.
Information to third parties
If the controller has made the personal data relating to you public and if he/she is obliged to delete this data in accordance with Article 17 Para. 1 GDPR, then he/she shall take reasonable measures including ones of a technical nature – whereby account shall be taken of the available technology and the implementation costs – to inform the responsible parties for the data processing which process the personal data that you as data subject have demanded from them the deletion of all links to this personal data or of copies or replicates of these.
Exceptions
The right to deletion does not exist in so far as the processing is necessary for
- the exercising of the right of free expression of opinion and to information;
- for the fulfilment of a legal obligation, which requires the processing in accordance with the law of the European Union or the law of the member states, which laws the controller is subject to, or for the carrying out of a task, which lies in the public interest or which is carried out in the exercising of public authority, which authority was transferred to the controller;
- for reasons of public interest in the field of public health in accordance with Article 9 Para. 2 lit. h and i as well as Article 9 Para. 3 GDPR;
- for archiving purposes, scientific or historical research purposes lying in the public interest or for statistical purposes in accordance with Article 89 Para. 1 GDPR, in so far as the right named in section a) probably makes the reaching of the objectives of the processing impossible or impairs it seriously, or
- for the advancing, exercising or defending of legal claims.
Moreover, the right to deletion does not exist in so far as the personal data has to be stored by the controller in order to fulfill legal duties to preserve records and legal retention periods. In such a case instead of deletion blockage of the personal data applies.
Right to information
If you have advanced the right to the correcting, deleting or restricting of the processing vis à vis the controller, then the latter is obliged to inform all recipients, to which the personal data relating to you was disclosed, of this correction or deletion of the data or of the restricting of the processing, unless this proves itself to be impossible or linked with unreasonable expenditure.
You are entitled to the right vis à vis the controller to be informed about these recipients.
Right to data portability
You have the right to receive the personal data relating to you, which you made available to the controller, in a structured, conventional and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was made available, in so far as
- the processing is based on a consent in accordance with Article 6 Para. 1 lit. a GDPR or Article 9 Para. 2 lit. a GDPR or on a contract in accordance with Article 6 Para. 1 lit. b GDPR and
- the processing is carried out with the aid of automated processes.
In exercising this right, you have in addition the right to bring about the situation that the personal data relating to you is transferred directly from one controller to another controller in so far as this is technically possible. The freedoms and rights of other persons may not be impaired thereby.
The right to data portability does not hold good for the processing of personal data, which is necessary for the carrying out of a task, which lies in the public interest or in the exercising of public authority and which task was transferred to the controller.
Right to object
For reasons which result from your particular situation you have the right to advance at any time objection to the processing of the personal data relating to you, which processing is carried out on the basis of Article 6 Para. 1 lit. e or f GDPR; this right also holds good for profiling based on these provisions.
The controller shall then no longer process the personal data relating to you, unless he/she can demonstrate compelling reasons worthy of protection, which reasons overweigh your interests, rights and freedoms or where the processing serves the advancing, exercising or defending of legal claims.
If the personal data relating to you is processed for the carrying out of direct advertising, then you have the right to advance at any time objection to the processing of the personal data relating to you for purposes of such advertising; this holds good too for profiling in so far as this is carried out in connection with such direct advertising.
If you object to the processing for purposes of direct advertising, then the personal data relating to you will no longer be processed for these purposes.
You have the opportunity – in connection with the use of services of the information company and regardless of directive 2002/58/EC – to exercise your right of objection with the aid of automated processes in which technical specifications are used.
Right to withdraw from the declaration of consent under data protection law
You have the right to withdraw your consent at any time and without giving reasons. In the event of withdrawal we immediately will delete your personal data and no longer process it. The legality of the processing carried out on the basis of your given consent and carried out prior to your withdrawal is not affected by you withdrawal.
Automated decision-making in individual cases including profiling
You have the right to not subject yourself to a decision based solely on an automated processing process – including profiling – which unfolds a legal effect vis à vis yourself or which impairs you significantly in a similar way. This does not hold good if the decision
- is necessary for the concluding or fulfilment of a contract between you and the controller,
- is permissible on the basis of legal regulations of the European Union or of its member states, which the controller is subject to, and these regulations contain reasonable measures for the maintenance of your rights and freedoms as well as for your legitimate interests or
- is carried out with your explicit consent.
However, these decisions may not be based on particular categories of personal data in accordance with Article 9 Para. 1 GDPR, in so far as Article 9 Para. 2 lit. a or g does not hold good and reasonable measures have been taken for the protection of the rights and freedoms as well as of your legitimate interests.
In respect of the cases named in (1) and (3) above the controller shall take reasonable measures to ensure the rights and freedoms as well as your legitimate interests, whereby belonging thereto is at the least the right to the affecting of the intervention of a person on the side of the controller for the representation of the controller’s standpoint and to the challenging of the decision.
Right to complain at a supervisory authority
Regardless of another regulatory or judicial remedy, you are entitled to the right to lodge a complaint at a supervisory authority and here in particular at a supervisory authority in the member state of your place of residence, of your place of work or of the place where the suspected infringement took place when you are of the opinion that the processing of the personal data relating to you infringes the GDPR.
In this situation the supervisory authority, at which the complaint was lodged, shall inform the complainant on the status and the results of the complaint including the possibility of a judicial remedy in accordance with Article 78 GDPR.
Status: 14.06.2021
Controller: FirmCatalyst GmbH & Co. KG