Privacy policy
1. Information on the Collection of Personal Data and Contact Details of the Controller
2. Data Collection When Visiting Our Website
3. Contacting Us
4. Cookies
5. Data Processing for Order Fulfilment
6. Data Processing When Opening a Customer Account and for Contract Processing
7. Comment Function
8. Use of Your Data for Direct Marketing
9. Online Marketing
10. Web Analytics Services
11. Use of a Live Chat System
12. Tools and Other Services
13. Rights of the Data Subject
14. Duration of Storage of Personal Data
1. Information on the Collection of Personal Data and Contact Details of the Controller
1.1 Thank you for visiting our website. Below, we would like to inform you about how we handle your personal data when you use our website. Personal data generally means any data by which you can be personally identified.
1.2 The controller responsible for data processing on our website within the meaning of the General Data Protection Regulation (GDPR) is:
SENVOLON GmbH
Dolomitstr. 37
50226 Frechen
Germany
Phone: +49 155 66290292
Email: info@senvolon.de
1.3 To protect the security of your data during transmission, we use encryption methods that correspond to the current state of the art, such as SSL or TLS, via HTTPS.
2. Data Collection When Visiting Our Website
Each time our website is accessed, our system automatically collects data and information that your browser transmits to our server, known as server log files. The following data, which is technically necessary for us, is collected:
* Our visited website
* Date and time of access
* Amount of data sent in bytes
* Source/referrer from which you reached the page
* Operating system used
* Browser used
* IP address used, where applicable in anonymised form
The legal basis for processing is Art. 6(1)(f) GDPR, based on our legitimate interest in improving the stability and maintaining the functionality of our website. The data is not passed on or used in any other way.
Temporary storage of the IP address by the system is necessary in order to deliver the website to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session.
We reserve the right to subsequently review the server log files if there are specific indications of unlawful use. The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session has ended.
If the data is stored in log files, deletion takes place after seven days at the latest. Storage beyond this period is possible. In this case, users' IP addresses are deleted or anonymised so that they can no longer be assigned to the accessing client.
The collection of data for the provision of the website and the storage of data in log files are strictly necessary for operating the website. Consequently, the user has no option to object.
3. Contacting Us
If you contact us via a contact form, the data entered into the input form will be transmitted to us and stored. The data collected can be seen from the respective input form. If you contact us by email, only the data you enter there will be transmitted to us.
The data will be used exclusively for processing the conversation and your request. The legal basis for processing the data is Art. 6(1)(a) GDPR where the user has given consent. The legal basis for processing data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact is aimed at concluding a contract, Art. 6(1)(b) GDPR is an additional legal basis for processing.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected and provided that no statutory retention obligations prevent deletion. For personal data from the input form of the contact form and data sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when the circumstances indicate that the matter in question has been conclusively clarified.
The user has the option to withdraw consent to the processing of personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
4. Cookies
We use cookies and similar technologies on our website to enable the operation of the website, provide functions and, depending on your selection, fulfil statistical and marketing purposes. Cookies are small text files that are stored on your device.
Necessary cookies are required for the technical operation of the website, for example shopping cart, checkout and security functions, and are used without consent (Art. 6(1)(b) and (f) GDPR; Section 25(2) TTDSG).
We only use statistics, marketing and preference cookies if you have given your consent in the cookie banner (Art. 6(1)(a) GDPR; Section 25(1) TTDSG).
You can change or withdraw your consent at any time with effect for the future by accessing the cookie settings via the banner. In addition, you can delete or block cookies in your browser settings; however, this may restrict the functionality of the website.
Further details on the analytics and marketing services we use can be found in the corresponding sections of this privacy policy.
5. Data Processing for Order Fulfilment
5.1 If you wish to place an order in our online shop, it is necessary for the conclusion of the contract that you provide the personal data we require to process your order. We process the data you provide in order to fulfil your order.
In some cases, we work with external service providers to process your order. For this purpose, we must pass on the personal data required for this purpose.
If we commission transport companies to deliver your goods, we pass on the data required for delivery to the respective transport company. For the processing of payments, we pass on your data to the commissioned credit institution to the extent necessary. If we use payment service providers, you will also be informed of this below.
The legal basis for passing on your data is Art. 6(1)(b) GDPR.
5.2 Use of Payment Service Providers
5.3 Apple Pay
If you select the payment method "Apple Pay", a service provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the "Apple Pay" function of your iOS, watchOS or macOS device by charging a payment card stored with "Apple Pay".
Your transaction is protected by the security functions of your device's hardware and software. To approve a payment, it must be authorised by entering a code and verified using the "Face ID" or "Touch ID" function of your device.
The information you provide during the order process, together with information about your order, is transmitted to Apple in encrypted form for the purpose of payment processing. Apple then encrypts this data again and transmits it to the payment service provider of the payment card stored in Apple Pay in order to process the payment. Encryption ensures that only the website on which the order was placed can access the payment data.
After payment, Apple sends the device account number and a transaction-specific, dynamic security code to the shop website to confirm the payment.
Personal data may be processed in the course of the processes described above. In this case, this is done for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.
When Apple Pay is used on an iPhone or Apple Watch to complete a purchase made via Safari on a Mac, the Mac and the authorising device communicate via an encrypted channel on Apple's servers. Apple may process or store data in this context. However, this is done in a format that cannot be used to identify you personally.
Information on data protection for Apple Pay is available here:
https://support.apple.com/de-de/HT203027
5.4 Bancontact
When paying via "Bancontact" through PayPal Checkout, payment is processed by the payment service provider PayPal (Europe) S.a r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal").
Further information on PayPal Checkout can be found in the corresponding section below.
5.5 BLIK
When paying via "BLIK" through PayPal Checkout, payment is processed by the payment service provider PayPal (Europe) S.a r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal").
Further information on PayPal Checkout can be found in the corresponding section below.
5.6 Google Pay
If you select the payment method "Google Pay", a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing is mediated via the "Google Pay" application on your Android device, which must run at least Android 4.4 "KitKat" and have NFC functionality. Payment is made using one of the payment cards stored with Google Pay or another verified payment system stored there, such as PayPal.
To approve a payment via Google Pay of more than EUR 25.00, you must first unlock your mobile device. The information you provide during the order process is forwarded to Google for the purpose of payment processing. Google generates a one-time transaction number, which is transmitted to the order website to verify the payment. This transaction number is merely a numerical token and does not contain any information about your data. The actual transaction is carried out between the user and the order website by charging the payment method stored with Google Pay.
Personal data may be processed in the course of the processes described above. In this case, processing is carried out for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.
The terms of use for Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection for Google Pay can be found at the following address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
Further information on Google's data protection practices can be found here:
https://business.safety.google/privacy/
5.7 MyBank
When paying via "MyBank" through PayPal Checkout, payment is processed by the payment service provider PayPal (Europe) S.a r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal").
Further information on PayPal Checkout can be found in the corresponding section below.
5.8 PayPal Checkout
We use PayPal Checkout on this website, provided by PayPal (Europe) S.a r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal").
PayPal Checkout is an online payment solution from PayPal that supports both PayPal payment methods and local payment methods from third-party providers.
If you select, where offered, the payment methods PayPal, credit card via PayPal, direct debit via PayPal or "Pay Later" via PayPal, we pass on your necessary payment data to PayPal for the purpose of payment processing. This transfer is permitted pursuant to Art. 6(1)(b) GDPR.
For the payment methods credit card via PayPal, direct debit via PayPal or "Pay Later" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, PayPal may pass on your necessary payment data to credit agencies. Processing is carried out on the legal basis of Art. 6(1)(f) GDPR. PayPal has a legitimate interest in determining your solvency. You may object to this processing of your data at any time by sending a message to PayPal; however, further processing of your personal data by PayPal may remain justified if it is necessary for contractual payment processing.
If you select the PayPal invoice purchase payment method, we first transmit your payment data to PayPal pursuant to Art. 6(1)(b) GDPR. PayPal then forwards your data to Ratepay GmbH, Ritterstr. 12-14, 10969 Berlin, Germany, for payment processing. Ratepay then carries out an identity and credit check in its own name. The legal basis for this is Art. 6(1)(f) GDPR, the legitimate interest in determining solvency. For this purpose, Ratepay passes on your payment data to credit agencies pursuant to Art. 6(1)(f) GDPR.
Ratepay may access the following credit agencies:
https://www.ratepay.com/legal-payment-creditagencies/
If you select a local third-party provider payment method, we first pass on your payment data to PayPal pursuant to Art. 6(1)(b) GDPR. PayPal then forwards your payment data to the provider selected by you for payment processing pursuant to Art. 6(1)(b) GDPR:
- iDEAL (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
- Giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)
- Sofort (SOFORT GmbH, Theresienhoehe 12, 80339 Munich, Germany)
- Bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- BLIK (Polski Standard Platnosci sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznan, Poland)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
Further information can be found in PayPal's privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
5.9 Shop Pay
On our website, we also offer payment via Shop Pay, provided by Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shop Pay").
When paying with Shop Pay, personal data about you is collected. Your data is transmitted to Shop Pay on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for the performance of the contract) and only to the extent necessary.
You have the option to withdraw your consent to data processing at any time. Withdrawal does not affect the lawfulness of processing operations carried out in the past.
Further information on data protection for Shop Pay:
https://www.shopify.com/pay
and in Shop Pay's privacy policy at:
https://www.shopify.de/legal/datenschutz
5.10 Stripe
If you select a payment method provided by the payment service provider Stripe, payment is processed via Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland ("Stripe").
We pass on your personal data together with information about your order, such as name, address, account number, bank code, if applicable credit card number, invoice amount, currency and transaction number, to Stripe exclusively for the purpose of payment processing and only to the extent necessary pursuant to Art. 6(1)(b) GDPR.
5.11 Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2, Ireland.
If you choose a payment method offered via the payment service provider Shopify Payments, payment processing is carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. We transmit to Stripe the information you provided during the order process together with information about your order, such as name, address, account number, bank code, if applicable credit card number, invoice amount, currency and transaction number, pursuant to Art. 6(1)(b) GDPR.
Your data is transmitted exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose.
Further information on data protection for Shopify Payments can be found at the following address:
https://www.shopify.com/legal/privacy
Data protection information for Stripe Payments Europe Ltd. can be found here:
https://stripe.com/de/privacy
6. Data Processing When Opening a Customer Account and for Contract Processing
If you open a customer account with us, personal data is collected and processed pursuant to Art. 6(1)(b) GDPR. The scope of the data can be seen from the input form. The data you enter is stored and used by us for contract processing.
You can delete your customer account at any time. This can be done by sending a message to the controller's address or, if offered, directly in the customer account. In this case, we will block your data taking into account tax and commercial law retention periods and delete it after these periods have expired. This is subject only to your consent to permanent storage or any further use of data permitted by law on our part.
7. Comment Function
If you use the comment function on our website, in addition to the content of your comment, information on the time the comment was created and the commentator name selected by you will be stored and published on the website. Your IP address will also be logged and stored.
The legal bases for storing your data are Art. 6(1)(b) and (f) GDPR. The IP address is stored for security reasons and in the event that the data subject violates the rights of third parties or publishes unlawful content by submitting a comment. Your email address is required in order to contact you if a third party objects to your published content as unlawful. We reserve the right to delete comments if third parties object to them as unlawful.
8. Use of Your Data for Direct Marketing
Newsletter
It is possible to subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input form is transmitted to us. The only mandatory information is your email address. If you provide further voluntary information, it will only be used for personal address.
The legal basis for processing your data after registration for the newsletter is Art. 6(1)(a) GDPR, provided that the user has given consent. We obtain this consent by sending you a confirmation email after you register for the newsletter, which contains a confirmation link. When you click this link, you also give your consent to receiving the newsletter.
When the newsletter registration is submitted, we store your IP address and the date and time of registration. This storage serves to enable us to trace any possible misuse of your email address.
We use the data collected during newsletter registration exclusively for the purpose of sending the newsletter.
You can unsubscribe from the newsletter at any time. A corresponding link can be found in every newsletter for this purpose. This also enables withdrawal of consent to the storage of personal data collected during the registration process.
9. Online Marketing
Use of Google Ads Conversion Tracking
This website uses the online advertising programme "Google Ads" and, as part of Google Ads, conversion tracking by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
With the help of advertising materials, known as Google AdWords, we advertise our offers on external websites. Our legitimate interest lies in displaying advertising that is of interest to you and in achieving fair calculation of advertising costs. The legal basis is Art. 6(1)(f) GDPR.
Google Ads uses cookies for conversion tracking, which are set when you click on an AdWords ad placed by Google.
These cookies generally expire after 30 days and are not used for personal identification. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across the websites of Ads customers.
The information obtained in this way is used to create conversion statistics for Ads customers regarding the total number of users who clicked on their advertisement and were redirected to a page with a conversion tracking tag.
You cannot be personally identified by this.
If you wish to prevent tracking, you can deactivate the Google conversion tracking cookie via your internet browser under user settings.
Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the level of data protection applicable in the EU.
Further information on Google's privacy policy can be found at the following address:
http://www.google.de/policies/privacy/
Further information on Google's data protection practices can be found here:
https://business.safety.google/privacy/
You can permanently deactivate conversion cookies by adjusting your browser settings accordingly or by downloading and installing the browser plug-in available at the following link:
http://www.google.com/settings/ads/plugin?hl=de
In this case, certain functions of this website may not be available or may be available only to a limited extent.
Further information on Google's data protection practices can be found here:
https://business.safety.google/privacy/
10. Web Analytics Services
10.1 Google Analytics 4
We use Google Analytics 4 on our website, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("GA4").
Google Analytics uses cookies. These are small text files that are stored on your device and enable analysis of your use of the website. The information generated about your use of this website, including the shortened IP address, is transmitted to a Google server and stored and further processed there; transmission to the USA is possible. IP addresses are anonymised by default. For IPv4 addresses, the last octet is set to zero, and for IPv6 addresses, the last 80 bits are set to zero in memory and are therefore anonymised. Personal identification is excluded. Transmission to servers of Google LLC based in the USA cannot be ruled out.
During your visit to the website, GA4 records your user behaviour in the form of events, such as page views, first visit to the website, session start, your click path, interaction with the website, scrolls, clicks on external links, internal searches, interaction with videos, file downloads, viewed/clicked advertisements and language settings. GA4 also records your approximate location (region), your IP address in anonymised form, technical information about your browser and the devices you use, such as language settings and screen resolution, your internet service provider and the referrer URL, meaning the website or advertising medium through which you reached this website.
On our behalf, Google uses this information to evaluate your use of the website, compile reports on website activities and provide us with other services relating to website use and internet use. Your anonymised IP address collected in this context will not be merged with other Google data.
The data collected in this context is stored for two months.
The legal basis for the data processing described here and the setting of cookies is your express consent pursuant to Art. 6(1)(a) GDPR. This consent can be withdrawn at any time with effect for the future, for example by deactivating this Google service via the cookie consent tool through which you previously gave your consent.
Without your consent, Google Analytics 4 will not be used during your visit to the website. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the cookie consent tool provided on the website.
Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the level of data protection applicable in the EU.
We have also concluded a data processing agreement with Google.
Further information on data protection by Google Analytics 4 can be found on the following websites:
https://policies.google.com/technologies/partner-sites
and
https://policies.google.com/privacy?hl=de&gl=de
Demographic Features
The "demographic features" function of GA4 can create statistics that make statements about the age, gender and interests of website visitors. For this purpose, advertising and information from third-party providers are analysed and target groups for specific marketing activities can be identified. However, no personal assignment of data takes place. The data is deleted after two months.
User IDs
If we use the extended "User IDs" function, your activities, including conversions, can be analysed across devices. In this case, the analysis is not pseudonymous.
This is possible if you have given your consent to the use of Google Analytics 4 pursuant to Art. 6(1)(a) GDPR, have created an account on this website and log in to this account on different devices.
Google Signals
If we use the "Google Signals" extension, we can have cross-device reports created on your usage behaviour. However, we only receive statistics and no personal data. This analysis is only possible if you have activated personalised ads in your Google account and linked your devices to a Google account. Your consent to the use of Google Analytics pursuant to Art. 6(1)(a) GDPR must also be in place. Cross-device analysis can be prevented by deactivating the "personalised advertising" function in your Google account. Further information on Google Signals can be found here:
https://support.google.com/analytics/answer/7532985?hl=de
Further information on Google's data protection practices can be found here:
https://business.safety.google/privacy/
10.2 Shopify Analytics
We use Shopify's web analytics service, provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
To safeguard our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes, Shopify collects, evaluates and stores pseudonymised visitor data, from which pseudonymised usage profiles can be created and evaluated. Shopify uses cookies to recognise the browser and thereby enable more accurate determination of statistical data. Your IP address is also collected, but is pseudonymised immediately after collection and before storage, so that personal identification is excluded.
The legal basis is Art. 6(1)(f) GDPR.
Shopify does not associate your IP address with other Shopify data.
To object to data collection and the creation of pseudonymised user profiles as well as the setting of cookies for the future, you can generally deactivate the use of cookies on your computer by configuring your internet browser so that no cookies can be stored on your computer in the future or so that cookies already stored are deleted. However, disabling all cookies may mean that some functions on our websites can no longer be used in full.
Shopify's privacy policy can also be found at:
https://www.shopify.de/legal/datenschutz
11. Use of a Live Chat System
Shopify Chat
On this website, we use the live chat system provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
Anonymised data is collected and stored for the purpose of web analysis and operating the live chat system to answer live support enquiries. Usage profiles can be created from this anonymised data under a pseudonym. Cookies may also be used for this purpose. These cookies enable the internet browser to be recognised. If the information collected in this way has a personal reference, the legal basis for processing is Art. 6(1)(f) GDPR.
Our legitimate interest lies in effective customer support and the statistical analysis of user behaviour for optimisation purposes. The data is not used to personally identify visitors to this website without the consent of the data subject. No data is merged with personal data about the bearer of the pseudonym.
You can prevent cookies from being stored by configuring your internet browser so that no cookies can be stored on your computer in the future or so that cookies already stored are deleted. However, this may result in some functions of our website no longer being available.
You have the option to object at any time with effect for the future to the collection and storage of data for the purpose of creating a pseudonymised usage profile. Please send your objection informally by email to the email address stated at the beginning of this privacy policy.
Further information on data processing by Shopify can be found in Shopify's privacy policy:
https://www.shopify.com/legal/privacy
12. Tools and Other Services
Google Tag Manager
We use Google Tag Manager on our website, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Tag Manager, we can integrate tracking or statistics tools and other technologies into our website via tags. Tags are code sections that record certain activities on the website. The tags usually originate from other Google programmes but may also be integrated by other companies. The tags can collect browser data, integrate buttons or set cookies, for example.
Google Tag Manager itself does not create user profiles, store cookies or carry out independent analyses; it only serves to manage and deploy the tools integrated via it.
Your IP address is collected via Google Tag Manager and may also be transferred to Google's parent company in the United States.
The legal basis for the use of Google Tag Manager is Art. 6(1)(a) GDPR, namely your consent.
Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the level of data protection applicable in the EU.
Further information on Google's privacy policy can be found at the following address:
http://www.google.de/policies/privacy/
Further information on Google's data protection practices can be found here:
https://business.safety.google/privacy/
13. Rights of the Data Subject
13.1 The applicable data protection law grants you extensive data subject rights against the controller with regard to the processing of your personal data, namely rights of access and intervention, about which we inform you below:
- Right of access pursuant to Art. 15 GDPR:
You may request confirmation from the controller as to whether personal data concerning you is being processed by the controller. In addition, you have the right to obtain information about the purposes of processing, the categories of personal data, the recipients, the planned duration of storage and the existence of further rights, such as rectification of the data or the existence of a right to lodge a complaint with a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the significance and envisaged consequences of such processing for you, as well as your right to be informed about the safeguards pursuant to Art. 46 GDPR in the event that your data is transferred to third countries.
- Right to rectification pursuant to Art. 16 GDPR:
You have the right to obtain without undue delay the rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us. Rectification or completion must take place without undue delay.
- Right to restriction of processing pursuant to Art. 18 GDPR:
You have the right to request restriction of the processing of your personal data for as long as the accuracy of your data disputed by you is being verified; if you oppose the deletion of your data due to unlawful data processing and instead request restriction of the processing of your data; if you require your data for the establishment, exercise or defence of legal claims after we no longer need this data once the purpose has been achieved; or if you have objected on grounds relating to your particular situation, pending verification of whether our legitimate grounds override yours.
Where processing of personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted, you will be informed by the controller before the restriction is lifted.
- Right to erasure pursuant to Art. 17 GDPR:
You have the right to obtain the erasure of your personal data without undue delay if the requirements of Art. 17(1) GDPR are met. However, this right to erasure does not apply in particular, but not exclusively, if processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- Right to notification pursuant to Art. 19 GDPR:
If you have exercised your right to rectification, erasure or restriction of processing, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients.
- Right to data portability pursuant to Art. 20 GDPR:
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller, where technically feasible.
- Right to withdraw consent pursuant to Art. 7(3) GDPR:
You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
You also have the right to withdraw your declaration of consent under data protection law at any time with effect for the future. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
- Right to lodge a complaint pursuant to Art. 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
13.2 Right to Object
You have the right to object to the processing of your data at any time with effect for the future if we process your data on the basis of our overriding legitimate interest after weighing the interests involved.
If you exercise this right to object, we will stop processing your data unless compelling legitimate grounds worthy of protection can be demonstrated that override the termination of processing, or unless further processing serves the establishment, exercise or defence of legal claims.
14. Duration of Storage of Personal Data
The duration of storage of personal data depends in each case on statutory retention periods. After these periods have expired, we routinely delete the data if it is no longer required for the fulfilment or initiation of a contract and/or if we no longer have a legitimate interest in continued storage.