Data privacy
Privacy Policy
1) Information about the collection of personal data and contact data of the Controller
1.1 We are delighted that you have visited our website and thank you for your interest. Below, we provide information on how your personal data is handled when you visit our website. In this context, personal data is all data that can be used to personally identify you.
1.2 Controller for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is exocad GmbH, Julius-Reiber-Straße 37, 64293 Darmstadt, Germany, tel.: +49 61 51 / 629 48 90, fax: +49 61 51 / 629 48 99, email: shop@exocad.com. The Controller for the processing of personal data is the natural or legal person that decides, alone or together with others, on the purposes and means of processing personal data.
1.3 The Controller has appointed a Data Protection Officer, who can be contacted as follows: Fieldfisher LLP, Riverbank House, Swan Lane 2 EC4R 3TT London / UK. Mail: Privacy@aligntech.com"
1.4 This website uses SSL and TLS encryption for security reasons and in order to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the Controller). A secure connection is designated by the prefix “https://” and the padlock icon in your browser line.
2) Data recording when visiting our website
When you visit our website purely for information purposes, i.e. do not register or transmit information to us in any other way, we only collect the data that your browser transmits to our server (known as server log files). When you access our website, we collect the following data, which is a technical requirement that allows us to display the website:
- Our website you are visiting
- Date and time of access
- Quantity of data transmitted in bytes
- Source/link from which you accessed the page
- Browser used
- Operating system used
- IP address used (in anonymized form if applicable)
Processing is in accordance with Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in improving the stability and function of our website. The data is not disclosed or used in any other way. However, we retain the right to check the server log files subsequently should concrete indications of unlawful use arise.
3) Cookies
In order to make visiting our website more attractive and allow the use of certain functions, we use cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are erased at the end of the browser session, i.e. when the browser is closed (session cookies). Other cookies remain on your end device and allow us or our partner companies (cookies from third party providers) to recognize your browser on your next visit (persistent cookies). Where cookies are saved, they collect and process certain user information, such as browser and location data and IP address values, in an individual scope. Persistent cookies are automatically erased after a prescribed period, which differs from cookie to cookie.
Some cookies are used to simplify the order process by saving settings (e.g. remembering the content of a virtual shopping cart for a subsequent visit to the website). Where individual cookies implemented by us also process personal data, this processing is either in accordance with Art. 6 Para. 1 lit. b GDPR in order to perform the contract or in accordance with Art. 6 Para. 1 lit. f GDPR in order to protect our legitimate interests in the best possible function of the website and a customer-friendly and effective design of the page visit.
In some circumstances, we work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also saved on your computer when you visit our website in this case (cookies from third party providers). When we work with the aforementioned advertising partners, you will be individually and separately notified of the use of such cookies and the scope of the information collected in each case within the paragraphs below.
Please note that you can make settings in your browser to ensure that you are notified of the saving of cookies and can decide whether to accept cookies on a case-by-case basis, in certain cases, or not at all. Each browser differs in the way the cookie settings are managed. This is described in the Help menu of each browser, where you can find out how to change your cookie settings. You will find these under the following links for the respective browsers:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that not accepting cookies may impair the function of our website.
4) Contacting us
Personal data is collected when you contact us (e.g. using the contact form or via email). In the case of contact forms, each contact form shows which data is collected. This data is saved and used exclusively for the purpose of responding to your concern, making contact, and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to you concern in accordance with Art. 6 Para. 1 lit. f GDPR. If the objective of your contacting us is to conclude a contract, Art. 6 Para. 1 lit. b GDPR is an additional legal basis. Your data is erased once your inquiry has been fully processed; this is the case when the circumstances indicate that the situation concerned has been conclusively clarified and no statutory retention periods apply.
5) Data processing and transfer when opening an account and for contract processing
In accordance with Art. 6 Para. 1 lit. b GDPR, personal data continues to be collected and processed when you disclose it to us in order to execute a contract or open a customer account. Each form shows which data is collected.
The following information is collected:
In case you are a Student, the following additional information is collected:
Your webshop customer account can be erased at any time by sending a message to the address of the Controller above. We save and use the data you share with us for contract processing. Following full processing of the contract or erasure of your customer account, your data is blocked, taking retention periods under tax and trade law into account. It is then erased after expiry of these periods, unless you have explicitly given permission for further use of your data or we have retained the right to further data use as permitted by the law. We provide information on this below.
Data transfer within our corporate network
When you purchase certain products (e.g. exocad Credits) related to a my.exocad.com account through our webshop, certain user data is securely transferred to my.exocad.com, a web portal operated by exocad GmbH. This transfer is necessary to enable you to use our services (e.g. cloud services).
The following information is transferred:
The my.exocad.com portal is owned and managed by exocad GmbH, ensuring that your data remains within the same corporate entity and is handled in accordance with our strict privacy standards. Importantly, no personal or transactional information is shared with or sold to third parties outside of our corporate network.
6) Comments function
In the comments function on this website, information about the time the comment was created and the user name selected by you are saved and published on the website alongside your comment. Your IP address is also logged and saved. This saving of the IP address is for security reasons and in case the affected person violates the rights of third parties with a comment posted or posts unlawful content. We require your email address in order to contact you if a third party makes a complaint that the content you have published is unlawful. The legal basis for the saving of your data is Art. 6 Paras. 1 lit.b and f GDPR. We retain the right to delete comments where a third party makes a complaint that they are unlawful.
As a user, you can subscribe to the follow-up comments. When you do so, you will receive a confirmation email to ensure that you are the holder of the email address provided (double opt-in process). The legal basis for data processing in the case of subscription to comments is Art. 6 Para. 1 lit.a GDPR. You can cancel ongoing comment subscriptions at any time with effect for the future; please see the confirmation email for more information on this option.
7) Use of your data for direct advertising
7.1 Subscription to our email newsletter
If you subscribe to our email newsletter, we will send you regular information on our offers. The only piece of information that is compulsory in order to receive the newsletter is your email address. Any further data is provided on a voluntary basis and used to address you personally. We use the double opt-in process for sending the newsletter. This means that we will only begin sending you the email newsletter once you have explicitly confirmed your permission for the sending of the newsletter. We will then send you a confirmation email, in which you are asked to click a link to confirm that you would like to receive the newsletter in future.
By activating the confirmation link, you grant us permission to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. When you register for the newsletter, we save the IP address entered for you by your internet service provider (ISP) and the date and time of registration in order to trace any potential misuse of your email address at a later date. The data we collect upon registration for the newsletter is used exclusively for advertising purposes within the scope of the newsletter. You can unsubscribe from the newsletter at any time using the link in the newsletter or by notifying the Controller named at the top of this page. Once you have successfully unsubscribed, your email address will be immediately deleted from our newsletter mailing list, unless you have explicitly given consent for further use of your data or we have retained the right to make further use of your data that is permitted under the law and about which we inform you in this Privacy Policy.
7.2 Sending the newsletter via CleverReach
Our newsletter is sent by the technical services provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede (“CleverReach”), to whom we disclose the data you provide when registering for the newsletter. This disclosure is in accordance with Art. 6 Para. 1 lit. f GDPR and serves our legitimate interest in the use of a promotionally effective, secure and user-friendly newsletter system. The data you enter for the purpose of receiving the newsletter (e.g. email address) is saved on the CleverReach servers in Germany and Ireland.
CleverReach uses this information to send and statistically analyze the newsletter on our behalf. For this analysis, the emails sent contain web beacons or tracking pixels – one-pixel image files that are saved on our website. This enables us to determine whether a newsletter message has been opened and which links have been clicked. Using conversion tracking, we can also analyze whether clicking the link in the newsletter is followed by a pre-defined action (e.g. purchase of a product on our website). Technical information (e.g. time of access, IP address, browser type and operating system) is also recorded. The data is collected exclusively in pseudonymized form and is not linked to other personal data on you; direct reference to a person is ruled out. This data is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to adapt future newsletters better to the interests of the recipients.
If you would like to object to this data analysis for the purposes of statistical analysis, you need to unsubscribe from the newsletter.
We have concluded an order processing contract with CleverReach, in which we obligate CleverReach to protect our customers’ data and prohibit them from disclosing it to third parties.
You can find further information on data analysis by CleverReach here:
https://www.cleverreach.com/de/funktionen/reporting-und-tracking/
You can view the CleverReach Privacy Policy here:
https://www.cleverreach.com/de/datenschutz/.
7.3 Advertising by mail
Based on our legitimate interest in personalized direct advertising, we retain the right to save your full name, your postal address and – where we have received such additional information from you as part of the contractual relationship – your title, academic status, year of birth, profession, sector and business in accordance with Art. 6 Para. 1 lit. f GDPR and to use such data in order to send interesting offers and information on our products by mail.
You can object to the saving and use of your data for this purpose at any time by sending a message to this effect to the Controller.
8) Data processing for order processing
8.1 The personal data we collect is disclosed to the transport company commissioned with delivery as part of contract processing, where this is necessary in order to deliver the goods. We disclose your payment data to the commissioned bank as part of payment processing, where this is required for payment processing. Where payment service providers are used, we provide explicit notification of this below. The legal basis for such disclosure of data is Art. 6 Para. 1 lit. b GDPR.
8.2 Use of payment service providers (payment services)
- Novalnet
For payments made via the payment methods "pay by invoice" or "direct debit", the purchase price claim is assigned via Novalnet AG as payment institution to Financial Management Solutions GmbH (under the brand InfinitePay), (hereinafter referred to as "InfinitePay"). The data required for payment processing is transmitted to InfinitePay. One of the purposes of the data transfer is to enable InfinitePay to carry out an identity and credit check in order to process your purchase with your selected payment method. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interests of providing multiple payment methods and protection against non-payment. You have the right to object at any time, for reasons arising from your particular situation, to this processing of personal data concerning you, based on Art. 6 para. 1 lit. f GDPR, by notifying us. The InfinitePay privacy policy can be found here: https://www.infinitepay.de/datenschutzhinweise
If you wish to receive information about the use of personal data concerning you, you can contact datenschutz@fms-mainz.de at any time. The provisioning of your data is necessary for the conclusion of the contract with the payment method you have selected. Failure to do so will mean that the contract cannot be concluded with your selected payment method.
When you select the payment type “invoice” or “direct debit” via Novalnet, you will be asked to enter your personal data (full name, full postal address, date of birth, email address and telephone number) during the order process. In order to protect our legitimate interest in determining our customers’ ability to pay, we disclose this data to Novalnet AG, Gutenbergstr. 2, 85737 Ismaning (“Novalnet”), in accordance with Art. 6 Para. 1 lit. f GDPR for the purpose of a credit check. Based on the personal data you have entered and further data (such as shopping cart, invoice total, order history, payment experience), Novalnet checks whether the payment option you have selected can be accepted with regard to payment and/or default risks. In addition to the internal Novalnet criteria, in accordance with Art. 6 Para. 1 lit. f GDPR, identity and creditworthiness information from the following credit agencies may also be consulted for the decision regarding application checking:
- infoscore Consumer Data GmbH (arvato), Rheinstraße 99, D-76532 Baden-Baden, tel.: +49 (0)7221-5040-1000, fax: -1001
- atriga GmbH, Pittlerstr. 47, 63225 Langen
- informa solution GmbH, Rheinstrasse 99, 76532 Baden-Baden
The credit check may contain probability values (scores). Where scores are included in the result of the credit check, these are based on a scientifically recognized mathematical and statistical process. The calculation of the score values includes, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to the data processing Controller or to Novalnet. However, Novalnet may still be entitled to process your personal data where this is necessary for contractual payment processing. - Paypal
In the case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – payment by invoice or payment in installments via PayPal, we disclose your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) as part of payment processing. This disclosure is in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that it is required for payment processing.
PayPal retains the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal and – if offered – payment by invoice and payment in installments via PayPal. To do this, your payment data may be disclosed to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR based on PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of a credit check in relation to the statistical probability of default for the purposes of deciding whether to provide the respective payment method. The credit check may contain probability values (known as scores). Where scores are included in the result of the credit check, these are based on a scientifically recognized mathematical and statistical process. The calculation of the score values includes, but is not limited to, address data. Please see the PayPal Privacy Policy for further information under data protection law, including the credit agencies to be used: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may remain entitled to process your personal data where this is required for contractual payment processing.
8.3 Execution of credit checks
- CRIF Bürgel GmbH Hamburg
Where we are to provide services before payment (e.g. in the case of delivery with payment by invoice), we retain the right to conduct a credit check based on mathematical and statistical processes in order to protect our legitimate interest in determining our customers’ ability to pay. We transmit the personal data required for a credit check to the following service providers in accordance with Art. 6 Para. 1 lit. f GDPR:
CRIF Bürgel GmbH
Friesenweg 4, Haus 12
22763 Hamburg
The credit check may contain probability values (known as scores). Where scores are included in the result of the credit check, these are based on a scientifically recognized mathematical and statistical process. The calculation of the score values includes, but is not limited to, address data. We use the result of the credit check in relation to the statistical probability of default for the purposes of decision-making regarding the establishment, execution or termination of a contractual relationship.
You can object to this processing of your data at any time by sending a message to the Controller responsible for data processing or to the credit agency listed above. However, we may remain entitled to process your personal data where this is required for contractual payment processing. - CRIF Bürgel GmbH Karlsruhe
Where we are to provide services before payment (e.g. in the case of delivery with payment by invoice), we retain the right to conduct a credit check based on mathematical and statistical processes in order to protect our legitimate interest in determining our customers’ ability to pay. We transmit the personal data required for a credit check to the following service providers in accordance with Art. 6 Para. 1 lit. f GDPR:
CRIF Bürgel GmbH
Kaiserstraße 217
76133 Karlsruhe
The credit check may contain probability values (known as scores). Where scores are included in the result of the credit check, these are based on a scientifically recognized mathematical and statistical process. The calculation of the score values includes, but is not limited to, address data. We use the result of the credit check in relation to the statistical probability of default for the purposes of decision-making regarding the establishment, execution or termination of a contractual relationship.
You can object to this processing of your data at any time by sending a message to the Controller responsible for data processing or to the credit agency listed above. However, we may remain entitled to process your personal data where this is required for contractual payment processing. - CRIF Bürgel GmbH München
We transmit personal data collected as part of a contractual relationship regarding the application for, execution of and termination of the business relationship, as well as data regarding non-contractual or fraudulent behavior, to CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 München.
The legal basis for this transmission is Article 6 Paragraph 1 Clause b and Article 6 Paragraph 1 Clause f of the General Data Protection Regulation. Transmission on the basis of Article 6 Paragraph 1 Clause f GDPR is only permitted where this is required in order to protect the legitimate interests of our company or of third parties and where the interests or basic rights and freedoms of the affected person, which require the protection of personal data, do not prevail. Data exchange with CRIFBÜRGEL also serves to fulfill statutory obligations to conduct credit checks on customers (§ 505a and 506 of the German Civil Code).
CRIFBÜRGEL processes the data contained and also uses it for the purpose of profile formation (scoring), in order to give its contractual partners in the European Economic Area, in Switzerland and, if applicable in further third countries (where there is an adequacy decision from the European Commission) information, such as on the assessment of creditworthiness of natural persons. Further information on the activities of CRIFBÜRGEL can be found in the CRIFBÜRGEL information sheet or online at www.crifbuergel.de/de/datenschutz.
9) Use of social media: Videos
Use of YouTube videos
This website uses the YouTube embedding function to display and play videos from the provider “YouTube”, which is part of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
This is done using the enhanced data protection mode, which the provider claims only triggers the saving of user information when the video is played. If embedded YouTube videos are played, the provider uses YouTube cookies to collect information about the user behavior. According to information from YouTube, the functions of this include recording video statistics, improving user friendliness and preventing improper conduct. If you are logged in to Google, your data will be matched directly to your account when you click on a video. If you do not want your profile to be matched by YouTube, you must log out before activating the button. Google saves and analyzes your data as a usage profile (even for users who are not logged in). This analysis is conducted in particular in accordance with Art. 6 Para. 1 lit.f GDPR based on the legitimate interests of Google in showing personalized advertising, market research and/or needs-based website design. You have the right to object to the formation of these user profiles; to exercise it, you must contact YouTube. When you use YouTube, your personal data may be transmitted to the servers of Google LLC. in the USA.
Regardless of whether the embedded videos are played, every time this website is accessed, a connection to the Google network is established. This may trigger further data processing processes not under our control.
Where personal data is transmitted to Google LLC. in the USA, Google LLC. is certified under the EU-US Privacy Shield, which guarantees adherence to the level of data protection applicable in the EU. A current certificate is available here: https://www.privacyshield.gov/list
Further information on data protection at YouTube is available in the provider’s Privacy Policy at: https://www.google.de/intl/de/policies/privacy
10) Web analysis services
Matomo (formerly Piwik)
On this website, data is collected and saved using the web analysis service software Matomo (www.matomo.org), a service from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”) based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes in accordance with Art. 6 Para. 1 lit. f GDPR. This data may be used to create and analyze pseudonymized usage profiles for the same purpose. Cookies may be used to do this. Cookies are small text files that are saved locally in the cache of the internet browser used by the person visiting the site. Cookies allow the internet browser to be recognized, for example. The data collected using the Matomo technology (including your pseudonymized IP address is processed on our servers.
The information generated by the cookie in the pseudonymized user profile is not used to identify the user of this website personally, nor combined with personal data on the holder of the pseudonym.
If you do not agree with the saving and analysis of this data from your visit, you can object to the saving and use at any time with a click of the mouse. In this case, an opt-out cookie will be saved in your browser, which results in Matomo not collecting any session data. Please note that deleting all your cookies will also result in the opt-out cookie being deleted; you may need to activate it again.
11) Tools and miscellaneous
11.1 Borlabs
This website uses the cookie preference management service Borlabs from the provider Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (“Borlabs”). This places two cookies (borlabsCookie and borlabsCookieUnblockContent) which are technically required in order to save your cookie preference. The processing described above is conducted in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in providing cookie preference management for visitors to the website.
The Borlabs cookie does not process any personal data. The preference you selected when you accessed the website is saved in the borlabsCookie cookie. The borlabsCookieUnblockContent cookie saves the (external) media/content that you would like to be unblocked automatically at all times. If you would like to object to these settings, simply delete the cookies in your browser. You will be asked for your cookie preferences again when you access/load the website again.
11.2 Google reCAPTCHA
On this website, we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function serves primarily to differentiate whether an entry has been made by a natural person or improperly by mechanical or automated processing. The service includes sending the IP address and any further data needed by Google for the reCAPTCHA service to Google and is conducted in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in determining the individual willingness of actions on the internet and in preventing misuse and spam. When Google reCAPTCHA is used, your personal data may be transmitted to the servers of Google LLC. in the USA.
Where personal data is transmitted to Google LLC. in the USA, Google LLC. is certified under the EU-US Privacy Shield, which guarantees adherence to the level of data protection applicable in the EU. A current certificate is available here: https://www.privacyshield.gov/list
You can find more information on Google reCAPTCHA and the Google Privacy Policy at: https://www.google.com/intl/de/policies/privacy/
11.3 Google Maps
On our website, we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service used to display interactive maps in order to visually present geographical information. Using this service allows us to show you our location and makes it easier to find us.
Even simply accessing the pages of our website in which the map from Google Maps is integrated causes information about your use of our website (such as your IP address) to be transmitted to Google servers and saved there. This may also include transmission to Google LLC. servers in the USA and occurs regardless of whether Google provides a user account into which you are logged in, or there is no user account. If you are logged in to Google, your data will be matched directly to your account. If you do not want your profile to be matched by Google, you must log out before activating the button. Google saves and analyzes your data as a usage profile (even for users who are not logged in). Collection, saving and analysis of data are conducted in accordance with Art. 6 Para. 1 lit.f GDPR based on the legitimate interests of Google in showing personalized advertising, market research and/or needs-based design of Google websites. You have the right to object to the formation of these user profiles; to exercise it, you must contact Google.
Where personal data is transmitted to Google LLC. in the USA, Google LLC. is certified under the EU-US Privacy Shield, which guarantees adherence to the level of data protection applicable in the EU. A current certificate is available here: https://www.privacyshield.gov/list
If you do not agree with the future transmission of your data to Google as part of your use of Google Maps, you also have the option of fully deactivating the web service of Google Maps by switching off the JavaScript application in your browser. This will mean that Google Maps and thus the maps displayed on this website cannot be used.
You can view the Google terms of use at https://www.google.de/intl/de/policies/terms/regional.html. You will find the additional terms of use for Google Maps at https://www.google.com/intl/de_US/help/terms_maps.html
Detailed information on data protection in connection with the use of Google Maps can be found on the Google website (“Google Privacy Policy”): https://www.google.de/intl/de/policies/privacy/
11.4 Google Web Fonts
To ensure that fonts are displayed consistently, this website uses Web Fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). When a website is accessed, your browser loads the required Web Fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to the Google servers; this may cause your personal data to be transmitted to the servers of Google LLC. in the USA. This informs Google that our website has been accessed from your IP address. Google Web Fonts is used in the interest of consistent and attractive presentation of our online services. This is a legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. If your browser does not support Web Fonts, your computer will use a default font.
Where personal data is transmitted to Google LLC. in the USA, Google LLC. is certified under the EU-US Privacy Shield, which guarantees adherence to the level of data protection applicable in the EU. A current certificate is available here: https://www.privacyshield.gov/list
You can find more information on Google Web Fonts at https://developers.google.com/fonts/faq and in the Google Privacy Policy: https://www.google.com/policies/privacy/
12) Rights of data subject
12.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) against the Controller regarding the processing of your personal data. We inform you of these rights below:
- Right of access in accordance with Art. 15 GDPR: In particular, you have a right to information on the personal data we process; the purposes of processing; the categories of personal data concerned; the recipients or categories of recipients to whom your data has been or will be disclosed; the planned storage duration and the criteria for determining the storage duration; the existence of a right to rectification or erasure of personal data or restriction of processing of personal data or to object to such processing; the right to lodge a complaint with a supervisory authority; the origin of your data if it was not collected by us from you; the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing; your right to be informed of the safeguards that apply in accordance with Art. 46 GDPR when your data is transferred to third countries.
- Right to rectification in accordance with Art. 16 GDPR: You have a right to immediate rectification of incorrect data concerning you and/or to completion of incomplete data on you saved by us.
- Right to erasure in accordance with Art. 17 GDPR: You have the right to demand the erasure of your personal data where the prerequisites set out in Art. 17 Para. 1 GDPR apply. This right does not apply, however, in particular where processing is required in order to exercise the right of free speech and the right to information, to meet a legal requirement, for reasons of public interest, or in order to assert, exercise or defend legal claims.
- Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to demand the restriction of processing of your personal data as long as the accuracy of your data contested by you is checked; if you reject erasure of your data due to impermissible data processing and instead demand the limitation of processing of you data; if you require your data in order to assert, exercise or defend legal claims; after we no longer require this data in order to achieve our purpose; of if you have submitted an objection due to your particular situation, as long as it has not yet been determined whether our legitimate grounds prevail.
- Right to notification in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing towards the Controller, the Controller is obligated to inform all recipients to whom the personal data concerned has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to demand transmission to another Controller, where this is technically feasible.
- Right to withdraw consent granted in accordance with Art. 7 Para. 3 GDPR: You have the right to withdraw consent for data processing once granted at any time with effect for the future. Where consent is withdrawn, we will erase the data concerned immediately unless processing can be supported by a legal basis for non-consensual processing. This withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint in accordance with Art. 77 GDPR: If you are of the opinion that the processing of the personal data concerning you violates the GDPR, you have the right – notwithstanding any other legal remedy under administrative law or before a court – to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement.
12.2 RIGHT OF OBJECTION
IF, AS PART OF A WEIGHING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA BASED ON OUR PREVAILING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE BASED ON GROUNDS THAT RESULT FROM YOUR PARTICULAR SITUATION.
IF YOU USE YOUR RIGHT OF OBJECTION, WE WILL TERMINATE PROCESSING OF THE DATA. HOWEVER, WE RETAIN THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE URGENT GROUNDS FOR SUCH PROCESSING THAT ARE WORTHY OF PROTECTION OR THAT OUTWEIGH YOUR INTERESTS, BASIC RIGHTS AND BASIC FREEDOMS, OR IF PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA IN ORDER TO CONDUCT DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF DATA CONCERNING YOU FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. YOU CAN EXERCISE THIS OBJECTION AS DESCRIBED ABOVE.
IF YOU USE YOUR RIGHT OF OBJECTION, WE WILL TERMINATE PROCESSING OF THE DATA CONCERNED FOR THE PURPOSES OF DIRECT ADVERTISING.
13) Period of storage of personal data
The period of storage of personal data depends on the statutory retention period in each case (e.g. retention periods under trade and tax law). Following expiration of the deadline, the relevant data is routinely erased, unless it is still required for contract fulfillment or contract initiation and/or we have a legitimate interest in its continued storage.