Privacy Policy

We appreciate your visit to our website, oni.de, and your interest in our company.

The protection of your personal data, such as your date of birth, name, phone number, address, etc., is very important to us.

The purpose of this Privacy Policy is to inform you about the processing of your personal data that we collect when you visit our website. Our data protection practices comply with the legal provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The following privacy policy serves to fulfill the information obligations arising from the GDPR. These can be found, for example, in Art. 13 and Art. 14 et seq. of the GDPR.

Controller

The controller within the meaning of Article 4(7) of the GDPR is the person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

With regard to our website, the controller is:

ONI-Wärmetrafo GmbH
Niederhabbach 17
51789 Lindlar
Germany
Email: info@oni.de
Tel.: 02266-4748-0

Contact Information for the Data Protection Officer

We have appointed a Data Protection Officer in accordance with Art. 37 GDPR. You can reach our Data Protection Officer using the following contact details:

Niederhabbach 17
51789 Lindlar
Germany
Email: datenschutz@oni.de

Provision of the Website and Creation of Log Files

Every time our website is accessed, our system automatically collects data and information from the device used to access it (e.g., computer, mobile phone, tablet, etc.).

What personal data is collected and to what extent is it processed?

(1) Information about the browser type and version used;
(2) The operating system of the accessing device;
(3) Hostname of the accessing computer;
(4) The IP address of the accessing device;
(5) Date and time of access;
(6) Websites and resources (images, files, other page content) accessed on our website;
(7) Websites from which the user’s system accessed our website (referrer tracking);
(8) Notification of whether the access was successful;
(9) Amount of data transferred

This data is stored in our system’s log files. This data is not stored together with the personal data of a specific user, so individual website visitors cannot be identified.

Legal basis for the processing of personal data

Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest consists in ensuring the achievement of the purpose described below.

Purpose of data processing

The temporary (automated) storage of the data is necessary for the course of a website visit to enable the website to be delivered. The storage and processing of personal data also takes place to maintain the compatibility of our website for as many visitors as possible and to combat misuse and resolve malfunctions. To this end, it is necessary to log the technical data of the accessing computer in order to be able to respond as quickly as possible to display errors, attacks on our IT systems, and/or errors in the functionality of our website. In addition, the data is used to optimize the website and to generally ensure the security of our IT systems.

Duration of Storage

The aforementioned technical data is deleted as soon as it is no longer needed to ensure the website’s compatibility for all visitors, but no later than 3 months after accessing our website.

Right to object and right to erasure

You may object to the processing at any time pursuant to Art. 21 GDPR and request the erasure of data pursuant to Art. 17 GDPR. You can find information on your rights and how to exercise them at the bottom of this privacy policy.

Special Features of the Website

Our website offers various features; when you use them, we collect, process, and store personal data. Below, we explain what happens to this data:

Contact form(s)

• What personal data is collected and to what extent is it processed?

  We will process the data you enter into our contact forms—specifically, the information you provide in the contact form’s input fields—to fulfill the purpose described below.

• Legal basis for the processing of personal data

  Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (consent through a clear affirmative action or conduct, or explicit consent)

• Purpose of data processing

  We will use the data collected via our contact form(s) solely for the purpose of processing the specific contact inquiry received through the contact form.

• Duration of storage

  Once your inquiry has been processed, the collected data will be deleted immediately, provided there are no statutory retention periods.

• Right to Withdraw Consent and Request Deletion

  The options for withdrawal and deletion are governed by the general provisions regarding the right of withdrawal and the right to deletion under data protection law, as described below in this Privacy Policy.

• Requirement to Provide Personal Data

  The use of the contact forms is voluntary and is not required by contract or law. You are not obligated to contact us via the contact form; instead, you may also use the other contact options listed on our website. If you wish to use our contact form, you must fill out the fields marked as required. If you do not fill in the required fields of the contact form, you will either be unable to submit the inquiry, or we will unfortunately be unable to process your inquiry.

Automated Credit Check / Scoring

If you wish to enter into a contract with us, we reserve the right to process your personal data exclusively by automated means in order to check your creditworthiness. We are also entitled to make such an automated decision pursuant to Art. 22(2)(a) of the GDPR. Whether or not the contract can be concluded depends on the result of the automated credit check. During a credit check, statistical probabilities of default are calculated. The credit report may contain probability values (score values) calculated using scientifically recognized mathematical and statistical methods. These methods use a variety of characteristics—such as income, address data, occupation, marital status, and past payment history—to assess the customer’s future risk of default. The result is expressed as a payment value (so-called score). The information obtained in this way forms the basis of our decision regarding the establishment, execution, or termination of a contractual relationship. If you believe that you have been wrongfully excluded from entering into a contract due to the credit check, please feel free to explain your position to us via email. We will then review the automated decision in accordance with Art. 22(3) GDPR on a case-by-case basis. In order to conduct the credit check, we are permitted to store and process your personal data in accordance with Art. 6(1)(b) GDPR.

In connection with the pending contract, we will transfer your data to the following provider(s) in the cases listed below:

• Creditreform Köln v. Padberg GmbH & Co. KG:

  Our company regularly checks your creditworthiness when concluding contracts and, in certain cases where there is a legitimate interest, also for existing customers. To this end, we work together with Creditreform Köln v. Padberg GmbH & Co. KG, Gustav-Heinemann-Ufer 68, 50968 Cologne, Germany (https://www.creditreform.de/koeln/), from whom we receive the necessary data. On behalf of Creditreform Köln v. Padberg GmbH & Co. KG, we are providing you with the following information in advance pursuant to Art. 14 of the EU GDPR:

  Creditreform Köln v. Padberg GmbH & Co. KG is a consumer credit reporting agency. It operates a database in which creditworthiness information about private individuals is stored.

  On this basis, Creditreform Köln v. Padberg GmbH & Co. KG provides credit reports to its customers. Customers include, for example, credit institutions, leasing companies, insurance companies, telecommunications companies, debt collection agencies, mail-order, wholesale, and retail companies, as well as other companies that supply goods or provide services. Within the framework of legal provisions, a portion of the data contained in the credit information database is also used to supply other corporate databases, including for use in address trading.

  The database of Creditreform Köln v. Padberg GmbH & Co. KG stores, in particular, information regarding the name, address, date of birth, email address (if applicable), payment history, and ownership interests of individuals. The purpose of processing the stored data is to provide information regarding the creditworthiness of the person in question. The legal basis for the processing is Art. 6(1)(f) of the EU GDPR. Information regarding this data may only be provided if a customer credibly demonstrates a legitimate interest in obtaining this information. If data is transferred to countries outside the EU, this is done on the basis of the so-called “Standard Contractual Clauses,” which you can find at the following link:

  http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32001D0497&from;=DE

  or have them sent to you from there.

  The data will be stored for as long as access to it is necessary to fulfill the purpose of storage. Access is generally required for an initial storage period of three years. After this period, we will review whether continued storage is necessary; otherwise, the data will be deleted on the exact date. In the event that a matter is resolved, the data will be deleted on the exact date three years after resolution. Entries in the debtor registry will be deleted on the exact date three years after the date of the entry order, in accordance with Section 882e of the German Code of Civil Procedure (ZPO).

  Legitimate interests within the meaning of Article 6(1)(f) of the EU GDPR may include: credit decisions, business development, ownership interests, claims, credit checks, insurance contracts, and enforcement information. You have the right to request information from Creditreform Köln v. Padberg GmbH & Co. KG regarding the data stored there about you. If the data stored about you is incorrect, you have the right to have it corrected or deleted. If it cannot be immediately determined whether the data is incorrect or correct, you have the right to have the respective data blocked until the matter is clarified. If your data is incomplete, you may request that it be completed.

  If you have given your consent to the processing of the data stored at Creditreform Köln v. Padberg GmbH & Co. KG, you have the right to revoke this consent at any time. Revocation does not affect the lawfulness of the processing of your data that took place on the basis of your consent up until the time of revocation.

  If you have any objections, requests, or complaints regarding data protection, you may contact the Data Protection Officer at Creditreform Köln v. Padberg GmbH & Co. KG at any time. The Data Protection Officer will assist you promptly and confidentially with all matters related to data protection. You may also file a complaint regarding the processing of your data by Creditreform Köln v. Padberg GmbH & Co. KG with the State Data Protection Commissioner responsible for your federal state.

  The data that Creditreform Köln v. Padberg GmbH & Co. KG has stored about you comes from publicly available sources, from collection agencies, and from their clients.

  To assess your creditworthiness, Creditreform Köln v. Padberg GmbH & Co. KG calculates a score based on your data. The score is based on data regarding age and gender, address information, and, in some cases, payment history. These data points are factored into the score calculation with varying weights. Creditreform Köln v. Padberg GmbH & Co. KG’s clients use the scores as a tool when making their own credit decisions.

  Right to Object:

  The processing of data stored by Creditreform Köln v. Padberg GmbH & Co. KG is carried out for compelling legitimate reasons related to creditor and credit protection, which generally outweigh your interests, rights, and freedoms, or serves to assert, exercise, or defend legal claims. You may object to the processing of your data only if there are reasons arising from a specific situation on your part that must be substantiated. If such specific reasons are demonstrably present, the data will no longer be processed. If you object to the processing of your data for advertising and marketing purposes, the data will no longer be processed for these purposes.

  The controller within the meaning of Article 4(7) of the EU GDPR is Creditreform Köln v. Padberg GmbH & Co. KG, Gustav-Heinemann-Ufer 68, 50968 Cologne, Germany (https://www.creditreform.de/koeln/). You can contact Creditreform Köln v. Padberg GmbH & Co. KG regarding any questions using the following contact information: Tel.: 02 21 / 3 76 60-0, Fax: 02 21 / 3 76 60-64, Email: info@koeln.creditreform.de

  You can contact the responsible data protection officer at the following contact details: Creditreform Köln v. Padberg GmbH & Co. KG, Data Protection Officer, Gustav-Heinemann-Ufer 68, 50968 Cologne, Germany, https://www.creditreform.de/koeln/.

Statistical Analysis of Visits to This Website - Web Tracker

When you access this website or individual files on the website, we collect, process, and store the following data: IP address, website from which the file was accessed, file name, date and time of access, amount of data transferred, and a notification regarding the success of the access (so-called web log). We use this access data exclusively in a non-personalized form for the continuous improvement of our website and for statistical purposes. We also use the following web trackers to analyze visits to this website:

• Google

  We use the Google service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com, website: https://www.google.com/, on our site. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision regarding the EU-US Data Privacy Framework issued by the European Commission pursuant to Article 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection under the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, which you provided on our website.

  We use Google to load additional Google services on the website. The service is used to provide additional Google services, such as the data processing required for the provision of streams and fonts, as well as relevant content from Google Search. It is technically necessary to exchange the information about the website visitor already available to Google between Google services and to provide the website visitor with personalized content tailored to their Google Account.

  For the processing itself, the service or we collect the following data: Background data stored in the Google user account or with other Google services regarding the website visitor, background data for the provision of Google services such as streaming data or advertising data, data regarding the website user’s interaction with Google Search, information about the user’s device, IP address, and browser, and additional data from Google services required to provide Google services related to our website.

  If the service is active on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. As part of data processing on behalf of Google, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transmit and process information from other Google services to provide background services for the display and data processing of the services provided by Google. To this end, data may also be transferred to the Google services Google APIs, DoubleClick, Google Cloud, Google Ads, and Google Fonts in accordance with the Google Privacy Policy. You can view the provider’s certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You may revoke your consent at any time. Further information on revoking your consent can be found either in the consent form itself or at the end of this privacy policy.

  Further information on the handling of the transferred data can be found in the provider’s privacy policy at https://policies.google.com/privacy.

  The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Google Analytics

  We use the Google Analytics service on our website, provided by Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision regarding the EU-US Data Privacy Framework issued by the European Commission pursuant to Article 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection under the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, which you provided on our website.

  Google Analytics is a web tracker that analyzes the behavior of website visitors and their interactions with our website and provides us with evaluations and forecasts regarding the content and products on our website and their popularity (so-called tracking). We have integrated Google Analytics so that the service can compile an analysis of website users’ browsing behavior. To this end, Google collects data on visitors’ interactions with our website and, where applicable, existing information derived from cookies or other storage technologies, and processes this data statistically for us. Google Analytics uses data processing technologies that enable the tracking of individual visitors and their interactions with other Google services, such as the Google Ads advertising network. Data from other Google services is also used to close data gaps and generate comprehensive statistics on the content of our website using machine learning technologies, modeled statistics, and forecasting functions. If Google Analytics is active on our website, the data collected by Google Analytics is transferred to servers operated by Google Ireland Limited. As part of data processing, personal data may also be transferred to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. We use Google Analytics to continuously optimize our website and improve its availability. This constitutes what is known as audience measurement.

  For the processing itself, the service or we collect the following data: Data on site visitors’ interactions with the website’s content, data on the use of the services displayed on our website, data from external Google services to the extent they interact with our website (e.g., advertising data or data on advertising-related behavior), data on approximate geographic origin, the browser and operating system used, as well as further information regarding the device used.

  Google Analytics will store the data relevant to the provision of web tracking for as long as necessary to fulfill the booked web service. Data collection and storage are anonymized. To the extent that individual interactions by website visitors make it possible to subsequently establish a personal connection to specific actions, we will delete the collected data once the purpose has been achieved. The data will be deleted at the latest when it is no longer subject to any legal retention obligations. As a rule, we will delete this data after 12 months at the latest. You can view the provider’s certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You may revoke your consent at any time. Further information on revoking your consent can be found either in the consent form itself or at the end of this privacy policy.

  Further information on the handling of the transferred data can be found in the provider’s privacy policy at https://policies.google.com/privacy.

  The provider also offers an opt-out option at https://tools.google.com/dlpage/gaoptout?hl=de.

• Google Tag Manager

  We use the Google Tag Manager service on our site, provided by Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision regarding the EU-US Data Privacy Framework issued by the European Commission pursuant to Article 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection under the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, which you provided on our website.

  Google Tag Manager provides a technical platform for executing other web tools and web tracking programs using so-called “tags” and for controlling them in a consolidated manner. In this context, Google Tag Manager stores cookies on your computer and, to the extent that web tracking tools are executed via Google Tag Manager, analyzes your browsing behavior (so-called “tracking”). The data generated by the “tags” is consolidated, stored, and processed by Google Tag Manager under a unified user interface. All integrated “tags” are listed separately again in this privacy policy. When using our website with Google Tag Manager “tags” enabled, data—including, in particular, your IP address and your user activities—is transmitted to servers operated by Google. The tracking tools used in Google Tag Manager ensure, through IP anonymization of the source code, that the IP address is anonymized by Google Tag Manager prior to transmission. Tag Manager allows metrics from various service providers (Google and third-party providers) to be linked and analyzed based on so-called tag management. Google Tag Manager helps us compile reports on website activity and control the web tools on our website.

  For the processing itself, the service or we collect the following data: Cookies, web tracking data, outgoing or incoming links, information generated during the integration and activation of JavaScript code on the website by Google Tag Manager and the web tools triggered by Google Tag Manager.

  You can view the provider’s certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You may revoke your consent at any time. Further information on revoking your consent can be found either in the consent form itself or at the end of this privacy policy.

  Further information on the handling of the transferred data can be found in the provider’s privacy policy at https://policies.google.com/privacy.

  The provider also offers an opt-out option at https://policies.google.com/privacy.

• usercentrics

  We use the usercentrics service on our site, provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, email: contact@usercentrics.com, website: https://usercentrics.com/. Personal data is transmitted exclusively to servers within the European Union.

  The legal basis for processing is Art. 6(1)(c) of the GDPR. The use of this service helps us fulfill our legal obligations.

  By integrating Usercentrics, we fulfill our legal obligation regarding the consent management required for cookies.

  You can find out what rights you have regarding the processing of your data at the end of this privacy policy.

  Further information on the handling of the transferred data can be found in the provider’s privacy policy at https://usercentrics.com/de/datenschutzerklaerung/.

  The provider also offers an opt-out option at https://usercentrics.com/de/datenschutzerklaerung/.

Integration of external web services and processing of data outside the EU

On our website, we use active content from external providers, so-called web services. When you visit our website, these external providers may receive personal information about your visit to our website. In this context, data processing outside the EU may occur. You can prevent this by installing a corresponding browser plugin or by disabling the execution of scripts in your browser. This may result in functional limitations on the websites you visit.

We use the following external web services:

• Legal Text Snippet and Modules

  We use the service “Legal Text Snippet and Modules” provided by Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany, email: support@website-check.de, website: https://www.website-check.de/, on our site. Personal data is transmitted exclusively to servers within the European Union.

  The legal basis for the processing is Art. 6(1)(c) of the GDPR. The use of this service helps us fulfill our legal obligations.

  With the help of this service, the content of our legal texts is loaded onto our website. The current legal texts are loaded via the integration on our site. Through this integration, additional technical modules related to the legal texts or legally required elements may also be loaded.

  You can find the rights you have regarding this processing at the end of this privacy policy.

  Further information on the handling of the transferred data can be found in the provider’s privacy policy at https://www.website-check.de/datenschutzerklaerung/.

• WordPress

  We use the WordPress service on our site, provided by Automattic Inc., 60 29th Street #343, CA 94110 San Francisco, United States, email: help@wordpress.com, website: https://automattic.com/. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision regarding the EU-US Data Privacy Framework issued by the European Commission pursuant to Article 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection under the GDPR applies to the transfer.

  The legal basis for the processing of personal data is our legitimate interest pursuant to Art. 6(1)(f) GDPR. Our legitimate interest lies in achieving the purpose described below.

  WordPress is the technical system behind our website that enables the operation of our WordPress site. We require this integration so that we can display our website to you and edit its content.

  You can view the provider’s certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  With regard to the processing, you have the right to object as set forth in Art. 21. Further information can be found at the end of this privacy policy.

  Further information on the handling of the transferred data can be found in the provider’s privacy policy at https://automattic.com/privacy/.

• eRecht24

  We use the eRecht24 service on our website, provided by eRecht24 GmbH & Co. KG, Lietzenburger Str. 94, 10719 Berlin, Germany, email: kontakt@e-recht24.de, website: http://www.e-recht24.de/. Personal data is transmitted exclusively to servers within the European Union.

  The legal basis for processing is Art. 6(1)(c) of the GDPR. The use of this service helps us fulfill our legal obligations.

  The service is used to display or reload legal texts and cookie banners on our website. This enables us, among other things, to fulfill our legal obligations to provide information and our obligations regarding consent management for cookies.

  You can find out what rights you have regarding this processing at the end of this privacy policy.

  Further information on the handling of the transferred data can be found in the provider’s privacy policy at https://www.e-recht24.de/datenschutzerklaerung.html.

Data Security and Privacy, Communication via Email

Your personal data is protected by technical and organizational measures during collection, storage, and processing so that it is not accessible to third parties. In the case of unencrypted email communication, we cannot guarantee complete data security during transmission to our IT systems; therefore, we recommend encrypted communication or postal mail for information requiring a high level of confidentiality.

Right to access and requests for correction – Deletion & restriction of data – Withdrawal of consent – Right to object

Right to access

You have the right to request confirmation as to whether we are processing your personal data. If this is the case, you have the right to access the information specified in Article 15(1) of the GDPR, provided that this does not infringe upon the rights and freedoms of others (see Article 15(4) of the GDPR). We will also be happy to provide you with a copy of the data.

Right to Rectification

Pursuant to Article 16 of the GDPR, you have the right to have any personal data stored by us that may be incorrect (such as your address, name, etc.) corrected at any time. You may also request at any time that the data stored by us be completed. Any necessary corrections will be made immediately.

Right to erasure

Pursuant to Article 17(1) of the GDPR, you have the right to have us erase the personal data collected about you if

• the data is no longer needed;
• the legal basis for processing has ceased to exist due to the withdrawal of your consent;
• you have objected to the processing and there are no legitimate grounds for the processing;
• your data is being processed unlawfully;
• a legal obligation requires it or collection has taken place pursuant to Article 8(1) of the GDPR.

This right does not apply pursuant to Article 17(3) of the GDPR if

• the processing is necessary for the exercise of the right to freedom of expression and information;
• your data has been collected on the basis of a legal obligation;
• the processing is necessary for reasons of public interest;
• the data is necessary for the establishment, exercise, or defense of legal claims.

Right to restriction of processing

Pursuant to Art. 18(1) of the GDPR, you have the right in certain cases to request the restriction of the processing of your personal data.

This is the case if

• you contest the accuracy of the personal data;
• the processing is unlawful and you do not consent to erasure;
• the data is no longer needed for the purpose of processing, but the collected data is necessary for the establishment, exercise, or defense of legal claims;
• an objection to the processing has been lodged pursuant to Article 21(1) of the GDPR and it is still unclear which interests prevail.

Right to Withdraw Consent

If you have given us your explicit consent to the processing of your personal data (Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR), you may withdraw this consent at any time. Please note that this does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

Right to object

Pursuant to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you that has been collected on the basis of Art. 6(1)(f) (within the scope of a legitimate interest). You are only entitled to this right if there are specific circumstances that speak against the storage and processing.

How can you exercise your rights?

You may exercise your rights at any time by contacting us using the contact details below:

ONI-Wärmetrafo GmbH
Niederhabbach 17
51789 Lindlar
Germany
Email: info@oni.de
Phone: 02266-4748-0

Right to Data Portability

Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you. We will provide the data in a structured, commonly used, and machine-readable format. The data may be sent either to you or to a controller designated by you.

Upon request, we will provide you with the following data in accordance with Article 20(1) of the GDPR:

• Data collected on the basis of explicit consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR;
• Data that we have received from you pursuant to Art. 6(1)(b) GDPR within the scope of existing contracts;
• Data that has been processed as part of an automated procedure.

We will transfer the personal data directly to a controller of your choice, provided this is technically feasible. Please note that we are not permitted to transfer data that infringes upon the freedoms and rights of other individuals pursuant to Article 20(4) of the GDPR.

Right to lodge a complaint with the supervisory authority pursuant to Art. 77(1) GDPR

If you suspect that your data is being processed unlawfully on our site, you may, of course, seek judicial clarification of the matter at any time. In addition, all other legal remedies are available to you. Irrespective of this, pursuant to Art. 77(1) GDPR, you have the option to contact a supervisory authority. You have the right to lodge a complaint pursuant to Art. 77 GDPR in the EU Member State of your residence, your workplace, and/or the location of the alleged infringement; that is, you may choose the supervisory authority to which you wish to appeal from among the locations mentioned above. The supervisory authority to which the complaint was submitted will then inform you of the status and results of your submission, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.