Privacy policy

I. Name and address of the responsible person

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is the:

EURANEG GmbH

Lake leech 25

93354 Siegenburg

Germany

Tel.: +49 (0) 8704 86 81

E-mail: info@valoair.de

Website: www.valoair.de

II. Name and address of the data protection officer

The data protection officer of the controller is:

Markus Struppe, Dr. Sarah-Madeleine Ilmberger

Lake leech 25

93354 Siegenburg

Germany

E-mail: info@valoair.de

Website: www.valoair.de

III. General information on data processing

1. scope of the processing of personal data

As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website as well as our content and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.

2. legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) lit. d DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

3. data deletion and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

IV. Provision of the website and creation of log files

1. description and scope of data processing

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

(1) Information about the browser type and version used.

(2) The operating system of the user

(3) The Internet service provider of the user

(4) The IP address of the user

(5) Date and time of access

(6) Websites from which the user's system accesses our Internet site

(7) Websites that are called up by the user's system via our website

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.

3. purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.

4. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. possibility of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

V. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

(1) Language settings

(2) Articles of the shopping cart

(3) Use of website functions (registration, login, shopping cart)

(4) Advertising measures

We also use cookies on our website that enable an analysis of the user's surfing behavior.

In this way, the following data can be transmitted:

(1) Frequency of page views

(2) Session

When calling up our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of personal data used in this context is obtained. In this context, a reference to this privacy policy is also made.

b) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f DSGVO.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) lit. a DSGVO if the user has consented to this.

c) Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

(1) Adoption of language settings

(2) Use of website functions (registration, login, shopping cart)

(3) Advertising measures

The user data collected through technically necessary cookies are not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

(1) Frequency of page views

(2) Session

In these purposes also lies our legitimate interest in the processing of personal data according to Art. 6 para. 1 lit. f DSGVO.

e) Duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

VI Newsletter

1. description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us.

This concerns the e-mail address that is used as the recipient address for the subsequent dispatch of the newsletter.

In addition, the following data is collected during registration:

(1) IP address of the calling computer

(2) Date and time of registration

(3) Order information such as order number and name

For the processing of data, your consent is obtained during the registration process and reference is made to this privacy policy.

If you purchase goods or services on our website and enter your e-mail address, this may subsequently be used by us to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter.

No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.

2. legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

3. purpose of data processing

The collection of the user's e-mail address is used to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

4. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address will be stored as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is usually deleted after a period of seven days.

5. possibility of objection and elimination

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

This also enables the revocation of consent to the storage of personal data collected during the registration process.

VII Registration

1. description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:

(1) Name and first name

(2) Gender

(3) Addresses

(4) E-mail address

The following data is also stored at the time of registration:

(5) The IP address of the user

(6) Date and time of registration

As part of the registration process, the user's consent to the processing of this data is obtained.

2. legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.

3. purpose of data processing

User registration is required for the provision of certain content and services on our website.

4. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

This is the case for the data collected during the registration process, if the registration on our website is cancelled or modified.

5. possibility of objection and elimination

As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time.

VIII. Services & Services

1. mailchimp

The newsletter is sent by means of the dispatch service provider "MailChimp", a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement, thereby providing a guarantee of compliance with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

The shipping service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO and a contract processing agreement pursuant to Art. 28 para. 3 p. 1 DSGVO.

The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletters or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.

2. cloudFlare

To secure this website and optimize loading times, CloudFlare is integrated as a CDN ("Content Delivery Network"). These usually lose their validity after 24 hours. Cloudflare collects various technical data (browser type, operating system, IP address, as well as the accessed website). No personal data such as names or addresses are transmitted to Cloudflare. According to Cloudflare, the collected raw data is deleted there within 4 hours, at the latest after 3 days.

Cloudflare can set a cookie for different calls from a shared IP address. This is used so that Cloudflare can distinguish between the different calls, no personal data is stored or linked with other possibly collected data (https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-Cloudflare-cfduid-cookie-do-).

Cloudflare's operating company is Cloudflare Inc, 101 Townsend St,

San Francisco, CA 94107 USA

Cloudflare is used on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO and a contract processing agreement pursuant to Art. 28 (3) p. 1 DSGVO.

Cloudflare is certified under the Privacy Should Agreement and thereby offers a guarantee to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active)

Further information on data protection at CloudFlare can be found at the following link: https://www.cloudflare.com/security-policy .

3. google analytics

The controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and analysis of data about the behavior of visitors to websites. A web analysis service collects, among other things, data on which website a data subject came to a website from (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is predominantly used for the optimization of a website and for the cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The controller uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our Internet pages takes place from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.

By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option to object to the collection of data generated by Google Analytics and related to the use of this website as well as to the processing of this data by Google and to prevent such processing. For this purpose, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information regarding visits to Internet pages may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the data subject's information technology system is deleted, formatted or reinstalled at a later point in time, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within the data subject's sphere of control, it is possible to reinstall or reactivate the browser add-on.

Weitere Informationen und die geltenden Datenschutzbestimmungen von Google können unter https://www.google.de/intl/de/policies/privacy/ und unter https://www.google.com/analytics/terms/de.html abgerufen werden. Google Analytics wird unter diesem Link https://www.google.com/intl/de_de/analytics/ genauer erläutert.

4. facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate and interact with each other in virtual space. A social network can serve as a platform for sharing opinions and experiences or enables the Internet community to provide personal or company-related information. Facebook allows users of the social network to create private profiles, upload photos and network via friend requests, among other things.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller of personal data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

By each call of one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. Within the scope of this technical procedure, Facebook receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Facebook at the same time, Facebook recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged into Facebook at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If such transmission of this information to Facebook is not desired by the data subject, this transmission can be prevented by logging out of your Facebook account before calling up our website.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

Our website uses "Facebook Pixel" developed by Facebook, Inc (1601 S. California Ave, Palo Alto, CA 94304, USA)("Facebook"). This functionality is an advertising cookie. This allows to store the behavior of users who have clicked on a Facebook Ad. Then the redirection to the website of the relevant provider takes place. The effectiveness of Facebook Ads can then be assessed for statistical and market research purposes, which in turn can be used to improve future marketing efforts. The data we receive is anonymized. That is, they do not allow any conclusion about the identity of a user. The information is stored and processed by Facebook on their servers in Princeville, Oregon (USA) to enable a connection to the respective user profile. Facebook may use the data for their own advertising purposes in accordance with their data policy(https://www.facebook.com/about/privacy/). Therefore, Facebook and their partners may include ads both inside and outside of Facebook.

5. instagram

The controller has integrated components of the service Instagram on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data on other social networks.

The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

By each call of one of the individual pages of this website, which is operated by the controller and on which an Instagram component (Insta button) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Instagram component to download a representation of the corresponding component from Instagram. Within the scope of this technical procedure, Instagram receives knowledge about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Instagram at the same time, Instagram recognizes which specific subpage the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject activates one of the Instagram buttons integrated on our website, the data and information thus transmitted will be assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.

Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is simultaneously logged into Instagram at the time of calling up our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, he or she can prevent the transmission by logging out of his or her Instagram account before accessing our website.

Further information and the applicable privacy policy of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

6. YouTube

The controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programs, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

On our website, we use videos from YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a Google LLC company, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Here, we use the "Enhanced Privacy Mode" option provided by YouTube.

When you visit a page that has an embedded video, a connection to the YouTube servers is established and the content is displayed on the Internet page by notifying your browser. In this mode, YouTube does not set any cookies to record user behavior. The usage behavior is therefore not observed in order to personalize the video playback. However, if you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website. Further information on YouTube's data protection is provided by Google under the following link: https://www.google.de/intl/de/policies/privacy/

7. newrelic

On this website, data is collected and stored by New Relic, a performance analysis service of the provider New Relic Inc (101 Second Street, 15th Floor, San Francisco, CA 94105). Data is collected and stored, from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are evaluated to improve and tailor our offer. Cookies may be used for this purpose. The pseudonymized usage profiles are not combined with personal data about the bearer of the pseudonym without the express consent of the person concerned, which must be given separately.

Darüber hinaus dient New Relic als Werkzeug dazu, die technische Performance der Website zu messen und zu überwachen, d.h. beispielsweise festzustellen, ob die Website aufgerufen werden kann und wie schnell die jeweilige Seite bei einem Aufruf angezeigt wird. Dazu erhebt New Relic Daten über diese Website, etwa Systemdaten zu eingesetzten Add-Ons, Nutzungszeiten, eingesetzte Browser, eingesetzte Hard- und Software (so genannte „Applikationsdaten“). Zudem setzt New Relic hierfür einen oder mehrere Cookies in Ihrem Browser. Die Applikationsdaten werden auf den Servern von New Relic gespeichert und für die Analyse der Performance dieser Website auch dazu genutzt, angebotsübergreifende Performance-Vergleiche zwischen unterschiedlichen Websites anzustellen. Weitere Informationen über New Relic finden Sie unter www.newrelic.com. Die Datenschutzerklärung ist unter https://newrelic.com/privacy abrufbar.

9. freshdesk

On our website, we offer, among other things, the possibility of contacting us and viewing frequently asked questions (FAQ). The provider of this service is Freshworks Inc, 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066 (hereinafter "Freshdesk").

When you open a support ticket via Freshdesk, the data you enter is transmitted to Freshdesk.

The transfer of your data to Freshdesk is based on Art. 6 para. 1 lit. a DSGVO (consent). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.

For more information about Freshdesk's use of data, please see Freshdesk's privacy policy: https://freshdesk.com/de/dsgvo/.

10. mandrill

For sending the newsletter, we also use an add-on from Mailchimp called Mandrill. This is also a service of The Rocket Science Group, LLC, 512 Means Street, Suite 404 Atlanta, GA 30318 ("Mandrill"). This service allows us to internally manage a database of email contacts. The service maintains data about when an email we sent was read, or links contained within it were opened. As in the case of Mailchimp, Mandrill is based in the USA. Your personal data is therefore transferred to a country outside the European Economic Area, where the same level of protection for personal data does not exist as within the European Economic Area. For this reason, we have entered into a contractual agreement with The Rocket Science Group, LLC (so-called EU standard contractual clauses), by which Mandrill undertakes to provide special protection for personal data of our newsletter subscribers and to process the personal data only on our behalf and on our instructions. For more information about Mandrill and data protection at Mandrill, please see Mailchimp's privacy policy: https://mailchimp.com/legal/privacy/

11. ZOHO (Chatbot, Forms, Analytics and PageSense)

For our chatbot service, form ordering, and social media and website analytics, we use services from Zoho Tools (Chatbot, Forms, Analytics, and PageSense), Zoho Corporation B.V. Beneluxlaan 4B, 3527 HT UTRECHT, The Netherlands, Phone: +31 85 066 670. Chatbot and Forms allow us to help and guide our customers through the website and find a solution to their need. PageSense and Analytics help us measure and track data to improve our performance. More information and the applicable Zoho Tools privacy policy can be found at Zoho.

IX. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. right to information

You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If there is such processing, you can request information from the controller about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage duration;

(5) the existence of a right to rectify or erase personal data concerning you, a right to have the controller restrict processing or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information on the origin of the data, if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.

2. right to rectification

You have a right to rectification and/or completion vis-à-vis the controller, insofar as the processed personal data concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

3. right to restriction of processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims; or

(4) if you have objected to the processing pursuant to Art. 21(1) DSGVO and it is not yet clear whether the controller's legitimate grounds override your grounds.

Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. right to deletion

a) Obligation to delete

You may request the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete such data without undue delay, if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a DSGVO and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.

(4) The personal data concerning you have been processed unlawfully.

(5) The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

c) Exceptions

The right to erasure does not exist insofar as the processing is necessary to

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

(5) to assert, exercise or defend legal claims.

5. right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the data controller.

6. right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

(1) the processing is based on consent pursuant to Art. 6 Para. 1 lit. a DSGVO or Art. 9 Para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 Para. 1 lit. b DSGVO and

(2) the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) DSGVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.

8. right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or

(3) is done with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms of, and the legitimate interests of, the data subject, which shall include, at least, the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

10. right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Applications

The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. The processing may also take place electronically. This is the case, in particular, when an applicant submits relevant application documents to the controller by electronic means, for example, by e-mail or via a web form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).