Chapter III of the EU Data Protection Regulation (GDPR) provides for extensive rights for data subjects, which we will explain to you below with regard to the processing of your personal data:

1) The right to be informed
This specification applies in particular to the following data processing details:

• The purpose of the processing operation
• Categories of data
• If necessary, recipient or categories of recipients
• If necessary, the planned storage duration or the criteria for determining this duration
• Information on the respective right to correction, deletion, restriction or objection
• Existence of a right of appeal to a supervisory authority
• If necessary, origin of the data (if not collected from you)
• If necessary, existence of automated decision making including profiling, and including meaningful information about the logic involved, the scope and the expected effects
• If necessary, (planned) transfer to a third country or international organisation

2) The right of rectification
If necessary, we will correct faulty data immediately if you inform us about the circumstance accordingly.

3) Right to deletion (right to be forgotten)
If the processing is no longer necessary and one of the following conditions is fulfilled:

• Expiry of the purpose of processing
• Withdrawal of your consent and the absence of any other legal basis for processing
• Opposition to processing without an important reason to the contrary
• Illegal processing
• Required to fulfil a legal obligation
• Data collection in accordance with Art. 8 para. 1 GDPR

As part of the deletion request, we may pass on your request to those third parties to whom your data was previously transferred.

4) The right to restriction of processing
Provided one of the following conditions is met:

• You dispute the accuracy of your data (restriction may be made on our site for the duration of the verification)
• In the event of unlawful processing and provided that the data is not to be deleted, deletion shall be replaced by restriction of processing
• If the processing purposes expire, at the same time you need your data to assert, exercise or defend legal claims
• After your objection pursuant to Art. 21 para. 1 GDPR and for the duration of the examination, whether our justified reasons outweigh yours.

5) The right to data portability
As long as it is technically possible and the rights and freedoms of other persons are not affected, we will – at your request – transfer your data to another recipient (data controller).

6) Right to object
If we collect personal data from you or have it collected and process it (on the basis of Art. 6 Para. 1(e) or (f) or Art. 9 Para. 2(a) GDPR), you have the right to object to data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be invalid, e.g. if we can prove compelling legitimate interests for processing that outweigh your interests, or processing serves to assert, exercise or defend legal claims. If we process your personal data for direct marketing purposes, you have the right to object to such processing at any time. This also applies to any profiling connected with such direct advertising. You also have the right to object to the processing of the data we hold about you, which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR unless such processing is necessary to fulfil a task in the public interest.

7) Automated individual decision-making including profiling
If we collect personal data from you or have it collected and process it, you have the right not to be subject to decision based exclusively on automated processing – including profiling – which has a legal effect on you or significantly impairs you in a similar manner. Exceptions to this requirement apply if the decision to conclude or fulfil a contract between you and us is necessary or if you have expressly consented to the processing. In any event, we will take reasonable measures to protect your rights and freedoms and your legitimate interests, including at least the right on our part to obtain the intervention of a person to express our position and to challenge the decision.

8) Right to withdraw consent under the data protection laws
You have the right to revoke your consent to the processing of personal data at any time.

9) The right to file a legal complaint with a supervisory authority
A list of supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection or via the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/Authorities_for_non-effective_area/Authorities_for_supervision_non-effective_area_list.html

We secure your personal data processed by us against loss, destruction, access, modification or distribution of your data by unauthorised persons by appropriate technical and organisational measures. However, despite regular checks, complete protection against all risks is not possible.

We process personal data according to the specifications of the GDPR, depending on the type and purpose of processing, as follows:

Our legitimate interest, as defined in Article 6 para. 1(f) GDPR, is based on the performance of our business activities to maintain our operability and to safeguard the employment of our employees.

After elimination of the storage purpose, the retention periods are generally at least six or ten years. As a rule, the deletion of data generally takes place without delay in accordance with our deletion plan, insofar as it does not preclude any obligation to retain data, the need to fulfil a contract or a legitimate interest.