Privacy Policy - Humane Society International - Europe
Donate

Privacy Policy

Privacy Policy

Data Protection
Humane Society International-Europe

I. Who We Are and What This Declaration Is About

Humane Society International-Europe is a non-profit organization as defined legally on June 21st, 1821, based in Kunstlaan 50, 1000 Brussels Belgium, and is the entity responsible for the website http://www.hsi-europe.org (the „website”). It is affiliated with Humane Society International, HSI, a non-profit organization based in 1255 23rd Street, NW, Suite 450, Washington, DC, USA, one of the world’s largest animal rights groups with partner organizations in several countries that share the mission of advancing animal welfare and fighting animal suffering. Furthermore, Humane Society International promotes educating the public on the animal kingdom, animals in general, and animal husbandry.
For purposes of this data protection clause, the terms (“HSI, we“, “our“, “us“) all refer to Humane Society International-Europe.

Within our group of companies, transmission of personal data takes place. Insofar as the transmission takes place for organizational reasons, it is based on the legal basis of Art. 6 Para. 1 lit. f

We revise this declaration regularly. HSI reserves the right to amend or supplement this data protection declaration at any time and without stating reasons. Please check regularly for updates or amendments to this declaration.

II. Concrete Information on the Processing of Personal Data

1. Visiting the Website

a) Purpose of Data Processing

Every time a user accesses a page to learn about our work every time a file stored on the internet presence, access data on this operation is saved in a log file. Every data set consists of:

(1) the page the file was requested from,

(2) the name of the file,

(3) the date and time it was requested,

(4) the data volume transmitted,

(5) the access status (file transmitted, file not found, etc.),

(6) a description of the type of operating system and web browser used,

(7) the host name of the accessing computer,

(8) the client IP address.

We use this data to operate our website, especially to determine the utilization of the website as well as malfunctions of the website and make changes or improvements. The client IP address is used for the purpose of transmitting the requested data; after the technical necessity ceased, it is anonymized by deleting its last numerical block (Ipv4) or last octet (Ipv6).

The personal data is passed on to service providers that perform IT tasks in support of the website operator (such as hosting service providers or providers of plugins).

b) Storage Duration

Every time a user accesses a page of our website and every time our internet presence is loaded, the data is stored and will be deleted as soon as it is no longer required for the purpose of its collection, which will be the case no later than after the expiry of 12 months starting from the end of the month of you visiting the website.

c) Legal Basis

The temporary storage of the forementioned data takes place on the legal basis of Art. 6 Para. 1 lit. f GDPR. The legitimate interest is constituted by making our website available, ensuring stability and security, and investigating misuse.

d) Possibilities of Objection and Disposal

The person concerned may object to the processing by waiving to use our website and can, subject to the requirements laid out in greater detail below in the section “Rights,” demand deletion of their data collected this way by means of an informal declaration.

2. Cookies

a) Purpose of Data Processing

In order to make visiting our website technically possible, we transmit so-called cookies to the device of the person concerned. Cookies are tiny text files that allow for identification of the device of the person concerned, usually by collecting the domain name the cookie data was sent from, information on how old the cookie is, and an alphanumeric identifier. By storing the cookie on the device used—without interfering with the operating system—it becomes recognizable, allowing us to make potentially existing settings available immediately. We use this information to adjust our website and the services we provide to your needs and to accelerate access to our website.

The personal data is transmitted to third party providers to analyze the usage of our website insofar as this is required for analytical purposes. So far as the cookies are used for tracking purposes, we inform you about that separately in this data protection declaration.

b) Storage Duration

The storage duration varies for different cookies but never exceeds two years. They are stored locally on your device, not on our server, which is why the actual time until deletion is dependent on the configurations of your browser software. Please find how to delete cookies placed by us based on triggers or automatically in your browser software’s manual.

c) Legal Basis

Absolutely necessary cookies are based on the legal basis of Art. 6 para. 1 lit. f DSGVO, in order to enable the visit of our website; in particular, some functions on our website cannot be used without cookies, as the user and their already made settings would otherwise not be recognized when changing pages, language settings would be lost and searches could not be executed.

 

The use of cookies that are not required (such as marketing statistics or third-party cookies) is based on consent given by means of the cookie banner on our website and on the legal basis of § 15 para 3 TMG and Art. 6 para 1 lit a. DSGVO and for the transfer of data to third countries based on Art. 49 para. 1 p. 1 lit. a DSGVO.

d) Possibilities of Objection and Disposal

The person concerned may block the usage of cookies on the device used or the cookie banner displayed, or delete them after usage. However, some features of our offering may not be usable then. You can find how to block cookies and delete those that are already placed in your browser software’s manual. More information on cookies and how to manage them can be found at http://www.allaboutcookies.org/.

3. Donations and Purchases

a) Purpose of Data Processing

Name, address, bank details, payment information, email address, and client IP address at the time of making a donation are collected, stored, and processed solely for the purpose of carrying out the donation, which in particular includes the processing of the donation itself.

Personal data will be passed on to third parties if this is necessary for the purpose of carrying out the donation or for the purpose of determining the willingness to donate. The disclosure takes place within the group of companies. It will also be made to appropriate service providers when using an authorized payment services company or to determine financial disposability if we believe their programs and services may be of interest or benefit to you from HSI partner organizations or sponsors. We never share your credit card/payment information with third parties, except for processing payments.

b) Storage Duration

Insofar as the data processed for the purpose of carrying out the donation is subject of documents as laid out in §§ 147 Para. 1 No. 2, 3 & 5 AO (German tax code), 257 Para. 1 No. 2 & 3 HGB (German commercial code), the data is deleted after the expiry of 6 years by the end of the year, unless longer or shorter storage durations are permissible according to other tax laws. If the data is part of documents as laid out in §§ 147 Para. 1 No. 1, 4, 4a AO (German tax code), 257 Para. 1 No. 1 & 4 HGB (German commercial code), the data may be deleted after the expiry of 10 years by the end of the year. These periods begin with the end of the calendar year the data was collected in.

c) Legal Basis

The processing of the forementioned data takes place on the legal basis of Art. 6 Para.  1 lit. b, lit. c as well as lit. f GDPR in order to fulfill the obligations resulting from the contract and to render the services required for performing the contract and – in relation to Art. 6 (1) lit f DSGVO – for target group refinement, which helps to determine the willingness to donate and thus serves our legitimate interest in more targeted advertising.

d) Possibilities of Objection and Disposal

Due to legally binding retention periods and since the data must remain stored and processed for carrying out the donation, no objection or deletion is possible.

4. Making contact

a) Purpose of Data Processing

You may contact us via email, message to our accounts on social media and telephone. We store the data transmitted to us that way for processing your request. This data usually includes name and email address, date and time of request, and the description of the issue, in case of contact by phone the phone number, and as the case may be donation data, if the request is in regards to carrying out a donation.

Insofar as the personal data is sent via email, it is transmitted to service providers that make the sending possible (involved mail providers or providers of social networks).

b) Storage Duration

We store personal data we collect and process for the purpose of making contact for three years until the end of the year after all performance requirements have been fulfilled on both sides. Insofar as the data is subject of business letters as laid out in §§ 147 Para. 1 No. 2 & 3, 257 Para. 1 No. 2 & 3 HGB (German commercial code), the data will be deleted after 6 years by the end of the year. The same applies if it is part of other documents that are relevant to taxation as laid out in § 147 Para. 1 No. 5 AO (German tax code), unless other tax laws permit shorter retention periods. If the data is part of accounting records as laid out in §§ 147 Para. 1 No. 1, 4, 4a AO (German tax code), 257 Para. 1 No. 1 & 4 HGB (German commercial code), the data may be deleted after the expiry of ten years by the end of the year. These periods begin with the end of the calendar year the data was collected in.

c) Legal Basis

The processing of the forementioned data takes place on the legal basis of Art. 6 Para. 1 lit. b GDPR in the course of a contract initiation or performance, or in accordance with Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is to be able to process the contact request and prevent misuse of the contact request.

d) Possibilities of Objection and Disposal

The person concerned at any moment has the possibility to object to the processing. In that case, the data stored about the process is deleted. Should a donation have been made, the explanations made above under the headline “Donations” apply in this respect.

5. Newsletters

a) Purpose of Data Processing

We offer the possibility of subscribing to newsletters. If the person concerned subscribes to the newsletter, the data provided by the person concerned during registration is transmitted to us from the input mask. That is the name provided, contact data such as phone number and email address, IP address, and time and date of registration and any other information the person provided on the form. Furthermore, in the course of the double opt-in procedure we register and save that a link was clicked, what link that was, from what IP address, and when. The data collected is necessary in order to be able to send the newsletter and prove the registration.

Insofar as the newsletters are sent via email, they are transmitted to service providers (involved mail providers or providers of plugins or an email marketing software) that make the sending possible.

b) Storage Duration

The data is anonymised as soon as it is no longer required for meeting the purpose and the person concerned unsubscribed from the newsletter. After that follows a retention for ten years starting from the last newsletter that was sent as proof in case of inquiries about existing consent having regard to the limitation period.

c) Legal Basis

The processing of the forementioned data takes place on the legal basis of § 15 Abs. 3 TMG and Art. 6 Para. 1 lit. a GDPR and only after consent has been given as part of the registration. The legality of the processing of personal data that took place based on consent before its revocation is not affected by the possibility of revocation at any time.

d) Possibilities of Objection and Disposal

The usage of data for receiving the newsletter can be objected to at any time with effect for the future by unsubscribing from the newsletter. This can be done by means of a declaration to us. If the person concerned wishes to unsubscribe from the newsletter, they, for example, find an accordingly labeled link in every newsletter that needs to be just clicked.

6. Direct Advertising

a) Purpose of Data Processing

We will, so far as legally admissible, use data obtained in connection with a donation received from the person concerned for marketing and fundraising of our charitable work.

Insofar as the direct advertising is done using service providers that make the sending of advertisements possible (involved mail providers or providers of plugins), the personal data is transmitted to these service providers.

b) Storage Duration

We will retain the data for as long as it is required to fulfill the purpose, after which it is deleted, which is the case once the person concerned objected to direct advertising or once the lapse of time after the last advertising measure adhering to the right of objection calls for it, which is the case twelve months after the last advertising measure.

c) Legal Basis

The legal basis for marketing and fundraising is Art. 6 Para. 1 lit. f GDPR. Legitimate interest is the pursuit of supports and donors to enable us to conduct charitable activities in line with our mission.

d) Possibilities of Objection and Disposal

The person concerned may at any time object to future usage.

7. Hotjar

a) Purpose of Data Processing

This website uses the web analysis service Hotjar (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta) to better understand the needs of our users and optimize the offering on this website. By means of Hotjar’s technology, we get a better understanding of our users‘ experience (e.g. how much time users spend on what sites, what links they click, what they do and do not like, etc.), and that helps us align our offering with the feedback from our users. Hotjar works with cookies and other technologies to obtain information on the behavior of our users and on their devices (especially the device’s IP address is recorded and stored only anonymized), screen size, device type (Unique Device Identifiers), information on the browser used, and location (country only) for displaying our website in the preferred language. Hotjar stores this information in a pseudonymized user profile. This information is used neither by Hotjar nor by us to identify individual users, nor is it merged with additional data on individual users. According to Hotjar, no transmission of the data to third parties takes place.

You can find further information in Hotjar’s privacy statement at https://www.hotjar.com/legal/policies/privacy.

b) Storage Duration

We will retain the data for as long as is required for fulfilling the purpose, after which it is deleted by us.

c) Legal Basis

The processing is carried out on the legal basis § 15 para. 3 TMG and Art. 6 para. 1 lit. a DSGVO only after consent was given.

d) Possibilities of Objection and Disposal

You can block the usage of cookies on the device used or the cookie banner displayed, or delete the cookies after usage. You can learn how to block cookies and delete cookies saved already from your browser software’s manual; however, we would like to point out that in this case possibly not all features of this website can be used in their entirety. Furthermore, Hotjar has advised us that you may object to the storage of a user profile and information on your visit of our website by Hotjar as well as the placing of cookies by Hotjar by clicking this opt-out link (https://www.hotjar.com/legal/compliance/opt-out)

8. Google Analytics

a) Purpose of Data Processing

This website uses Google Analytics, a web analysis service by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, affiliate of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses so-called “cookies,” text files that are stored on the device of the user concerned and that allow for analyzing the usage of the website. The information on the usage of this website generated by the cookie is usually also transmitted to a server of Google in the US and stored there. Because IP anonymization is activated on this website though, the IP address of the person concerned is shortened before that by Google within member states of the European Union or other signatories of the European Economic Area. Only in exceptional cases the entire IP address is transmitted to a server of Google in the US and shortened there. On behalf of the operator of this website, Google will use this data to analyze the usage of the website, to compile reports on the website’s activities, and to perform other services related to website usage and internet usage for the website operator. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google, unless you are logged into your Google account at the time of accessing the page.

At the internet address below, you can find further information on Google’s privacy policy

https://policies.google.com/privacy

b) Storage Duration

According to Google, as soon as the data is no longer required to fulfill the purpose, it is deleted, which is the case once the anonymization taking place within the European Union is completed. This takes less than one second.

[According to Google,] the data sent by us, that is merged with cookies, user data (e.g. user ID), or advertising IDs, is deleted automatically [by Google] after 14 months. The deletion of data that reached its retention period happens automatically once per month.

Further information can be found at https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de.

c) Legal Basis

The processing is carried out on the legal basis § 15 para. 3 TMG and Art. 6 para. 1 lit. a DSGVO only after consent was given.

d) Possibilities of Objection and Disposal

You may block the use of cookies on the device used or the cookie banner displayed, or delete the cookies after usage. You can find how to block cookies and delete cookies that are saved already from your browser software’s manual; however, we would like to point out that in this case possibly not all features of this website can be used in their entirety. Furthermore, you may prevent the collection of data generated by the cookie that relates to the usage of the website (incl. IP address) by Google by installing the browser plugin available at http://tools.google.com/dlpage/gaoptout?hl=de.

9. Facebook Tracking

a) Purpose of Data Processing

We use a tracking technology by the provider Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, affiliate of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA) on our website. In doing so, your IP address at the time of accessing the website, the browser and the operating system used, as well as the page you accessed are transmitted to the external provider. Insofar aside from us, Facebook is responsible for the data processing.

According to Facebook, Facebook as well as third parties may use cookies, web beacons and other storage technology to collect or obtain information on our website and other places on the internet and to then use this information for providing and measuring the ad targeting. We have no influence on this collection.

At the same time a cookie is placed that allows to track on what way—potentially via ads we placed on Facebook, but other ways too—you ended up on our website. At the same time it is tracked whether our advertising measure lead to a conclusion of contract (so-called conversion).

Using the data, we are able to track the effectiveness of our advertising measures and allow Facebook to invoice our advertising measures with us. Furthermore, the data is used to link the information that our website was visited with your Facebook profile in case you are a customer of Facebook and log in there during or after you visit our website. For Facebook, this process serves the purpose of determining your interests and likings in order to be able to present customized advertisements to you.

The data collected this way is made available to us by Facebook only anonymized; we store no personal data on our own in this context.

You can find further information on Facebook’s privacy policy at the below internet address

https://www.facebook.com/about/privacy

b) Storage Duration

According to Facebook, the data collected this way is stored for a duration of 90 days. After 90 days elapsed, the data is anonymized so it can no longer be related to you.

c) Legal Basis

The processing is carried out on the legal basis § 15 para. 3 TMG and Art. 6 para. 1 lit. a DSGVO only after consent was given.

d) Possibilities of Objection and Disposal

You may block the usage of cookies on the device used or the cookie banner displayed, or delete them after usage. You can learn how to block cookies and delete cookies already saved from the browser software’s manual; however, we would like to point out that in this case possibly not all features of this website can be used in their entirety.

Furthermore, you can object to the data collection by Facebook or limit the scope of data collected by accessing the page https://optout.aboutads.info or by making the according choices at http://www.youronlinechoices.eu/. At https://www.facebook.com/settings?tab=ads, the settings for data usage for advertising purposes can be adjusted.

10. Google Ads

a) Purpose of Data Processing

We use the offering Google Ads (formerly Google Adwords) by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, affiliate of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) in order to bring attention to our offerings on external websites. For this purpose, ad server cookies are used by which certain parameters for performance assessment, such as showing of adverts or clicks by users, can be measured. If you reach our website via a Google advert, a cookie is stored on your device by Google Ads. These cookies usually lose their validity after 30 days and are not meant to identify you personally. In addition to this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post view conversions), as well as opt-out information (a mark that the user does not wish to be addressed in the future) are usually saved as analytical values.

These cookies allow Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website with a cookie on their device that is not invalid yet, Google and the customer are able to see that the user clicked on the advert and was forwarded to this page. Every Ads customer is assigned a different cookie. Thus, according to Google, cookies cannot be tracked via the websites of Ads customers.

We process no personal data in the mentioned advertising measures on our own. All we receive from Google are statistical evaluations. By means of these evaluations we are then able to identify which of the advertising measures applied are especially effective. We do not receive any further data from the usage of advertising means, in particular we are not able to identify users from this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with servers of Google. We have no influence on the extent and the further usage of the data Google collects by using this tool and thus inform you according to our knowledge: By implementing Ads conversion, Google receives information that you accessed the respective section of our internet presence or clicked an advertisement by us. In case you are registered at one of Google’s services, Google is able to assign this visit to your account. Even if you are not registered at Google or are not logged in, there is a possibility for the provider to find out and store your IP address.

At the internet addresses below, you can find further information on Google Ads and Google’s privacy policy

https://policies.google.com/technologies/ads?hl=de

https://policies.google.com/privacy

b) Storage Duration

According to Google, the validity period of the cookie is 30 days, and they are deleted afterwards, unless you yourself—for example by means of appropriate browser settings—delete them before that.

c) Legal Basis

The processing is carried out on the legal basis § 15 para. 3 TMG and Art. 6 para. 1 lit. a DSGVO only after consent was given.

d) Possibilities of Objection and Disposal

You may block the usage of cookies on the device used or the cookie banner displayed, or delete them after usage. You can learn how to block cookies and delete cookies already saved from the browser software’s manual; however, we would like to point out that in this case possibly not all features of this website can be used in their entirety.

11. Payment Services

a) Purpose of Data Processing

We use the third-party tools listed hereunder for simplified ordering and payment processing:

PayPal, an offering by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. For further information on the privacy policy of PayPal, visit

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Stripe, an offering by Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA). For further information on the privacy policy of Stripe, visit

https://stripe.com/de/privacy

When accessing the shopping cart, using scripts integrated into our website, these providers check whether the user is a customer of the respective provider and logged in there. This takes place by comparing cookies potentially placed by the provider in the user’s browser.

For this purpose, IP address, browser in use, operating system, and the respective page that is accessed are transmitted to the third-party provider. We collect data on our own only once a customer of a provider uses third-party services and in doing so causes the personal information stored there—namely order address and billing address—to be transmitted to us as well as, where applicable, have the payment processed according to the terms of use of the service the customer has contractual relations with.

b) Storage Duration

On our part, only data that is transmitted to us from the third-party provider on behalf of the customer in order to perform the contract is processed. Insofar the explanations regarding storage duration apply as stated above under the heading “Donations.”

Insofar as the third-party provider processes data on behalf of the person concerned, the storage duration results from the data protection regulation applicable there that we hereby refer to.

c) Legal Basis

Legal basis for the processing is Art. 6 Para. 1 lit b GDPR insofar as the data is used for processing donations via our website. Insofar as payment services are concerned, the processing also is based on Art. 6 Para. 1 lit c GDPR since the data collected this way is relevant for taxation and thus is required for us to meet our tax obligations. The processing at the same is based on Art. 6 Para. 1 lit f GDPR because it serves our legitimate interest in enabling customers to use the respective services of their contractual partners and ensure a swift and comfortable payment processing.

d) Possibilities of Objection and Disposal

Since legal retention periods apply here and the data needs to remain stored and processed in order to process the donation, no objection or disposal is possible.

III. Your Rights

If personal data of users is processed on our website, the person concerned holds the following rights against the entity responsible as per GDPR.

1. Right of Access as per Art. 15 GDPR

The person concerned holds the right to the following information:

a) the purposes of processing;

b) the categories of personal data being processed;

c) the recipients or categories of recipients personal data was or still is disclosed to, especially in case of recipients in third countries or in case of international organizations;

d) if possible, the intended storage duration for the personal data, or, if this is not possible, the criteria for determining this duration;

e) the existence of a right of correction or deletion of personal information concerning them, or a right of limitation of processing by the responsible entity, or a right of objection against this processing;

f) the existence of a right of objection at a supervisory authority;

g) if the personal data is not collected from the person concerned, all available information on the origin of the data;

h) the existence of automated decision making, including profiling, as per Art. 22 Para. 1 and 4 GDPR and—at least for these cases—meaningful information on the logic involved as well as the implications and intended impact of such a processing for the person concerned.

i) if personal data is transmitted to a third country or an international organization, the person concerned holds the right to be informed about appropriate guarantees as per Art. 46 GDPR in connection with the transmission.

We provide a copy of the personal data that is subject to processing to the person concerned. For any additional copies the person concerned requests, the entity responsible may ask for an appropriate remuneration based on the administrative costs.

2. Right of Correction as per Art. 16 GDPR

The person concerned holds the right to immediately demand from the entity responsible the correction of personal data concerning them that is incorrect. Having regard to the purposes of processing, the person concerned holds the right to demand—also by means of a complementary explanation—the completion of incomplete personal data.

3. Right of Deletion as per Art. 17 GDPR

The person concerned holds the right to demand immediate deletion of personal data concerning them from the entity responsible, and the entity responsible is obligated to immediately delete personal data if one of the following reasons applies:

a) the personal data is no longer required for the purposes it was collected or otherwise processed for;

b) the person concerned revokes their consent the processing was based on as per Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR and there is no other legal basis for the processing;

c) the person concerned in accordance with Art. 21 Para. 1 GDPR objects to the processing, and there are no overriding justified reasons for the processing, or the person concerned objects to the processing in accordance with Art. 21 Para. 2 GDPR;

d) the personal data was processed unlawfully;

e) the deletion of the personal data is required to fulfill a legal obligation of European Union law or national law of the member states the entity responsible is subject to;

f) the personal data was collected in regards to services offered by the information society as per Art. 8 Para. 1 GDPR.

4. Right of Limitation of Processing as per Art. 18 GDPR

The person concerned holds the right to demand the limitation of processing from the entity responsible if one of the following conditions is met:

a) the correctness of the personal data is disputed by the person concerned for a period of time that allows the entity responsible to examine the correctness of the personal data,

b) the processing is unlawful and the person concerned declines the deletion of the personal data and instead demands the limitation of processing of the personal data;

c) the entity responsible no longer needs the personal data for the purpose of processing, but the person concerned needs it for asserting, exercising, or defending legal claims, or

d) the person concerned filed an objection against the processing in accordance with Art. 21 Para. 1 GDPR so long as it is still uncertain whether the legitimate reasons of the entity responsible outweigh those of the person concerned.

5. Right of Access to Information as per Art. 19 GDPR

If the person concerned asserted a correction regarding their personal data as per Art. 16 GPR, a deletion as per Art. 17 GDPR, or a limitation of processing as per Art. 18 GDPR against the entity responsible, and if the entity responsible informed all recipients to whom the personal data of the person concerned has been disclosed to (insofar as that was not impossible or accompanied by disproportionate effort), the person concerned holds the right to be informed about the recipients by the entity responsible.

6. Right of Data Portability as per Art. 20 GDPR

The person concerned holds the right to receive the data concerning them that they provided an entity responsible with in a structured, common, and machine-readable format, and they hold the right to transmit this data to another entity responsible without obstruction by us provided that

a) the processing is based on consent in accordance with Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a or on a contract in accordance with Art. 6 Para. 1 lit. b GDPR and

b) the processing takes place using automated systems.

The rights and freedoms of others must not be impaired in the process.

In the exercise of the right of data portability as per Para. 1, the person concerned holds the right to have us transmit the personal data directly to another entity responsible, insofar as that is technically feasible.

The exercise of the right of data portability leaves unaffected the right of deletion as per Art. 17 GDPR. The right of data portability does not apply to any processing required to fulfill a task that is for the public benefit or happens in exercise of public authority that was bestowed upon the entity responsible.

7. Right of Objection as per Art. 21 GDPR

The person concerned holds the right to file an objection at any time for reasons that derive from their particular situation against the processing of their personal data taking place on the basis of Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on this regulation.

We cease processing the personal data unless we are able to demonstrate compelling, legitimate reasons for the processing to override the interests, rights, and freedoms of the person concerned, or the processing serves the assertion, exercise, or defense of legal claims.

If personal data is processed in order to carry out direct marketing, the person concerned holds the right to file an objection at any time against the processing of personal data concerning them for purposes of such advertisements; this also applies to profiling insofar as it is associated with such direct advertising. If the person concerned objects to the processing for purposes of direct advertising, the personal data is no longer processed for these purposes.

Consent given by the person concerned can be revoked by them at any time. Any collection and processing that took place before that, however, remains lawful.

8. Automated Decisions in Particular Cases Incl. Profiling as per Para. 22 GDPR

The person concerned holds the right not to be subjected to a decision based solely on automated processing—including profiling—that has legal effect on them or affects them in similar, significant ways.

This does not apply if the decision

a) is required for formation or fulfillment of a contract between the person concerned and us,

b) is permissible due to legal regulations of the European Union or member states we are subject to and if these legal regulations contain appropriate measures for protecting the rights and freedoms as well as the legitimate interests of the person concerned, or

c) comes about with explicit consent of the person concerned.

These decisions must not be based on special categories of personal data as per Art. 9 Para. 1 GDPR unless Art. 9 Para. 2 lit. a or g GDPR applies and appropriate measures for protecting the rights and freedoms as well as interests of the person concerned were taken.

In the cases described under characters a) and c), we take appropriate measures for protecting the rights and freedoms as well as the legitimate interests of the person concerned, which at minimum includes the right of having a person involved on our side, the right of explaining the own point of view, and the right of challenging the decision.

9. Right of Complaint at a Supervisory Authority as per Art. 77 GDPR

Any person concerned, without prejudice to any other remedy of administrative law or before a judge, holds the right of complaint at a supervisory authority, especially in the member state of their residence, their workplace, or the place of the suspected infringement if the person concerned is of the opinion that the processing of the data concerning them breaches the GDPR.

The supervisory authority where the complaint was filed informs the complainant on the state and the results of the complaint, including the possibility of applying to the courts in accordance with Art. 78 GDPR.

10. Right of Effectively Applying to the Courts as per Art. 79 GDPR

Any person concerned, without prejudice to an available remedy of administrative law or out of court, including the right of complaint at a supervisory authority as per Art. 77 GDPR, holds the right of effectively applying to the courts if they are of the opinion that the rights granted to them by the GDPR were breached as a result of a processing of their personal data that does not conform to the GDPR.

Courts of that member state where we or processors have a branch office have jurisdiction for legal actions against us or against a processor. Optionally, such legal actions can also be brought in at the courts of the member state where the person concerned has their place of residence, unless we or the processor are an authority of a member state that took action in execution of its sovereign powers.

Version of: 6th May 2021