Privacy statement
IMMS Institut für Mikroelektronik- und Mechatronik-Systeme gemeinnützige GmbH (IMMS GmbH)
We place great importance on the protection of your personal data. As the protection of both your privacy and your business data is of particular importance to us, we observe the data protection regulations applicable in Germany.
In the following, we would like to inform you in detail about what data are collected during your visit to our site and the use of our offerings there, and how they are subsequently processed or used by us, as well the accompanying technical and organisational protective measures we have taken.
1. Responsible body/Service provider
The responsible body in accordance with Art. 4(7) GDPR is
IMMS Institut für Mikroelektronik- und Mechatronik-Systeme gemeinnützige GmbH (IMMS GMBH)
Prof. Dr. Ralf Sommer, Dipl.-Kfm. Martin Eberhardt
Ehrenbergstraße 27
98693 Ilmenau
GERMANY
imms(at)imms.de.
Data Protection Officer
TRIAPILA GmbH
Torgauer Straße 231
04347 Leipzig
GERMANY
Datenschutz.Beauftragter(at)imms.de
.
2. Collection and processing of non-personal data
(1) If you simply visit the website, we do not collect any personal data.
However, every server automatically stores the accesses to websites. The temporary storage of the IP address by the system is necessary in order to allow delivery of the website to the user's computer. This requires that the user’s IP address is stored for the duration of the session. For the purpose of system security, our web server temporarily records the IP address of the requesting computer, the browser you are using, the operating system, the date and time of access, the webpages you visit, the Uniform Resource Locators (URL) requested on our website and the previously visited website (referrer URL). This information is stored anonymously and not associated with your personal information. Conclusions cannot be drawn as to your person or your individual behaviour. The legal basis for the temporary storage of the data and log files is Art. 6(1) lit. f GDPR.
(2) Computer-related data are stored by us to record trends and compile statistics.
These stored data also serve the purpose of identifying and tracking unauthorised attempts to access our server. We create profile information about the use of our own websites exclusively in anonymised form and only to improve user navigation and to optimise the offering based on user interests. Personal surfing profiles or similar are not created or processed from this.
(3) The website uses the following cookies in various locations.
PHPSESSID
Matomo: PIWIK_SESSID, _pk_id.*.; _pk_ses.*, _pk_ignore.
Cookies are small text files that are downloaded to your computer and stored by your browser. Cookies are used to make our website more user-friendly, more effective and more secure. These purposes are also the basis for our legitimate interests in the processing of personal data according to Art. 6(1) lit. f GDPR. Session cookies are automatically deleted after your visit.
All of the cookies used by us per se on this website are so-called session cookies, which are deleted automatically after your visit to the website ends. The exception is a permanent cookie, which you as the user can actively set in order to deactivate our web analytics tool, Matomo. For details, please refer to paragraph 3 on Matomo.
The following data can be transmitted using session cookies: Search terms entered, the number of page views, use of website functions. The data pertaining to the user collected in this way is pseudonymised by technical means. Therefore, the data can no longer be assigned to the calling user. The data are not stored together with other personal data pertaining to the user. When you visit our website, the user is informed of the use of cookies for analysis purposes and of this privacy statement by an info banner. In this context, information is also provided as to how the storage of cookies can be prevented in the browser settings.
Browser settings for cookies
You can determine whether cookies are to be set and retrieved in your browser settings. You can completely deactivate the storage of cookies in your browser, limit this to certain websites, or restrict or configure your browser in such a way that it automatically notifies you when a cookie is set and asks you for a response regarding this. However, for technical reasons, the aforementioned session cookies have to be enabled in order to enable the full functionality of our website. We do not collect or store personal data in cookies in this regard. Neither do we use techniques that connect information obtained through the use of cookies with user data.
The legal basis for the processing of personal data using cookies is Art. 6(1) lit. f GDPR.
(4) The data are deleted as soon as they are no longer required to achieve the purpose of their collection.
In the case of the collection of data for the provision of the website, this applies when the respective session has ended. IP addresses are in principle deleted no later than seven days after the date of their collection. Further storage beyond this is possible. In this case, the IP addresses of the users are deleted or altered, so that assignment of the calling client is no longer possible.
(5) Collection of the data in order to provide the site and the storage of the data in log files is absolutely necessary for the operation of the website.
Therefore, there is no right of objection on the part of the user.
3. Matomo analysis service does not store any personal data for analysis
Our website uses Matomo for the purpose of web analytics. This is a so-called web analytics service. This open source software complies with the applicable data protection provisions and is configured according to the recommendations of the Independent State Center for Data Protection (ULD). Matomo statistically evaluates visitor accesses and uses temporary session cookies to do so. These are deleted as soon as the browser is closed. The information about your use of our web presence is generated by the cookie and then stored on an IMMS GmbH server. We do not pass this generated information on to third parties. IP addresses of visitors are anonymised immediately after processing and before they are stored. When you access our website, your internet browser automatically transmits data to our web server. In particular, the following information is collected for the web analytics:
- date and time of access,
- URL of the referring website,
- IP address (anonymised),
- retrieved file,
- quantity of sent data,
- browser type/version and
- operating system.
These data are evaluated separately from other data that you actively enter on our pages. It is not possible for us to assign these data to a specific person.
Matomo also uses so-called ‘cookies’. These are text files that are stored on your computer and used by us to analyse use of the website. To this end, the usage information generated by the cookie (including your abbreviated IP address) is transmitted to our server and stored to be used for analysis purposes, which in turn is used for website optimisation on our part. Your IP address is immediately anonymised during this process, so that as a user you remain anonymous to us. The information generated by the cookie about your use of this website is not disclosed to third parties.
You can disable anonymous analysis by Matomo
You can prevent the use of cookies by selecting the appropriate setting in your browser software; however, in this case you may not be able to use the full functionality of this website. If you do not agree to the storage and evaluation of these data from your visit with the help of Matomo, you can also object to the use and storage per mouse click as follows at any time. In this case, a so-called opt-out cookie is saved to your browser, which means that Matomo does not collect any session data. Warning: If you delete your cookies, this means that the opt-out cookie is deleted and may need to be re-activated by you.
4. Video links to YouTube
Our website contains embedded cookie-free YouTube videos or is merely linked to them. When you click on a video thumbnail or text link to a video, you leave our website and when you play the videos, you leave the scope of our privacy policy. These videos are stored on the servers of the providers YouTube. The advanced data protection mode is made available by YouTube and thus ensures that YouTube does not store any cookies with personal data on your computer. Data may possibly be transmitted to Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA, as the operator of YouTube. By playing videos stored on YouTube, based on current conditions, the following data at least are transmitted to Google Inc. as the operator of YouTube and operator of the DoubleClick Network: IP address and cookie, the specific address of the site visited, system date and time of the call, identification of your browser. Just one click on a video can trigger further processing operations over which we have no influence as the operator of this website. Detailed information regarding the integration of YouTube videos can be found on the YouTube website: https://support.google.com/youtube/answer/171780?hl=de. For more information about the handling of user data, please refer to the YouTube privacy policy at: https://www.google.de/intl/de/policies/privacy
5. Collection and use of personal data
(1) We only collect, store and process the personal data actively transmitted by you
(for example: your name, address or e-mail address), insofar as this is required for the processing of requests or the fulfilment of our contractual obligations. Personal data are generally only collected from our users and used after the user has consented. One exception applies in cases where obtaining consent beforehand is not possible on factual grounds and the processing of the data is permitted by law or required for the fulfilment of our contract. Insofar as we obtain consent from the data subject for personal data processing operations, Art. 6(1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. With regard to the processing personal data that is required to fulfil a contract to which the data subject is party, Art. 6(1) lit. b GDPR serves as the legal basis. This also applies for processing operations that are necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is required to comply with a legal obligation on the part of our company, Art. 6(1) 1 lit. c GDPR serves as the legal basis. If the processing is required to protect a legitimate interest of our company or a third party and if the interests, rights and fundamental freedoms of the person concerned do not outweigh the first interest mentioned, Art. 6(1) lit. f GDPR serves as the legal basis for the processing.
(2) Your registered data are always encrypted on our systems.
This protects the communication between you and our server and prevents the misuse of data. For encryption we use a recognised and widely used system that is deemed to be secure in the respective current version.
(3) We can be contacted using the e-mail address provided, imms(at)imms.de.
In this case, the user’s personal data transmitted with the e-mail is stored. Data will not be forwarded to third parties without your consent. The data are used exclusively to process the conversation. The legal basis for the processing of the data is the consent of the user Art. 6(1) lit. a GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6(1) lit. f GDPR. If the aim of contact by e-mail is the conclusion of a contract, the additional legal basis for the processing is Art. 6(1) lit. b GDPR. The processing of personal data is solely used by us to process the establishment of contact. The necessary legitimate interest in the processing of the data also lies herein.
(4) The personal data of the data subject are deleted or disabled as soon as the purpose of storage expires.
For the personal information sent via e-mail, this is the case when the conversation with the user has ended. The conversation has ended if it is clear from the circumstances that the subject matter in question has been conclusively clarified. The additional personal data collected during the send process are pseudonymised or deleted at the latest after a period of seven days. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. Furthermore, storage may also occur if so required by European or national law under European Union regulations, laws or other provisions to which we are subject. Blocking or deletion of data is also carried out if a storage period specified by the standards referred to expires, unless there is a need for further storage of the data in order to conclude or execute a contract.
(5) Job application management, Tools from BITE GmbH
We use tools from the BITE GmbH company (Magirus-Deutz-Straße 12, 89077 Ulm, Germany) for job application management. The data required for the application process is processed via the servers of BITE GmbH. A corresponding contract for commissioned data processing in accordance with article 28 GDPR has been concluded with BITE GmbH. The server location is Germany. The terms of services of the job application platform are included in the online application process.
6. Right to information
You can request confirmation from us as to whether personal data pertaining to you is processed by us.
If such processing does take place, you can request information from us on the following:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data pertaining to you is or has been disclosed;
- the planned duration of the storage of personal data pertaining to you or, if specific details of this are not possible, criteria for determining the duration of storage;
- the existence of a right to correction or deletion of personal data pertaining to you, the right to restrict the processing by us or the right to object to this processing;
- the existence of a right to file a complaint with a supervisory authority;
- all available information on the origin of the data, if the personal data is not collected from the data subject;
- the existence of automated decision-making including profiling according to Art. 22 (1) and (4) GDPR and - at least in these cases - pertinent information on the logic involved as well as the scope and desired impact of such processing for the data subject.
You have the right to demand information as to whether or not the personal data pertaining to you is transmitted to a third country or an international organisation. In this context, you can demand to be informed via the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.
7. Right to correction
You have a right to correction and/or completion, insofar as the processed personal data pertaining to you is inaccurate or incomplete. We will make the correction immediately.
8. Right to restriction of processing
Under the following conditions, you can demand that the processing of personal data pertaining to you is restricted, if:
- you dispute the accuracy of the personal date pertaining to you for a period that allows us to check the accuracy of the personal data;
- the processing is unlawful and you waive deletion of the personal data and instead demand the restriction of use of the personal data;
- the personal data is no longer required for the purposes of processing but is still required for the assertion, exercise or defence of legal claims, or
- you have submitted an objection to the processing in accordance with Art. 21(1) GDPR and it has not yet been decided whether our legitimate reasons outweigh your reasons.
If the processing of personal data pertaining to you is restricted, these data – apart from their storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or of a Member State.
If the restriction of processing according to the above-mentioned prerequisites is restricted, you will be informed of this by us before the restriction is lifted.
9. Right to deletion
a) Mandatory deletion
You have the right to demand that we delete the personal data pertaining to you immediately, insofar as one of the following reasons applies:
- The personal data pertaining to you are no longer required for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing according to Art. 6(1) lit. a or Art. 9(2) lit. a GDPR was based and there is no other legal basis for the processing.
- You object to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21(2) GDPR.
- The personal data pertaining to you has been processed unlawfully.
- The deletion of the personal data pertaining to you is required in order to comply with a legal obligation in accordance with Union law or the law of the Member States to which we are subject.
- The personal data pertaining to you were collected in relation to information society services in accordance with Art 8(1) GDPR.
b) Information to third parties
If we have made the personal data pertaining to you public and if we are obliged to delete such data according to Art. 17(1) GDPR, taking into account the available technology and the implementation costs, we shall take appropriate measures, including those of a technical nature, to inform those responsible for data processing who process the personal data that you as the data subject have requested the deletion of all links to these personal data or copies or replicas of these personal data.
c) Exceptions
The right of deletion does not apply if the processing is required
- in order to ensure the exercise of the right to freedom of expression and information;
- in order to fulfil a legal obligation which required processing in accordance with the law of the Union or the Member States to which we are subject, or for the performance of a task in the public interest or in the exercise of public authority that has been transferred to us;
- for reasons of public interest in the area of public health according to Art. 9(2) lit. h and i as well as Art. 9(3) GDPR;
- for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, insofar as the rights referred to in paragraph a) make the achievement of the objectives of this processing impossible or seriously impair them, or
- for the assertion, exercise or defence of legal claims.
10. Right to information
If you have asserted the right to correction, deletion or restriction of the processing against us, we are obliged to inform all recipients to whom the personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or would involve disproportionate effort.
You have the right to be informed of these recipients by us.
11. Right to data portability
You have the right to receive the personal data pertaining to you that you provided to us in a structured, common and machine-readable format. You also have the right to have these data processed by another responsible body without interference from us, if
- the processing is based on a consent according to Art. 6(1) lit. a GDPR or Art. 9(2) lit. a GDPR or on a contract according to Art. 6(1) lit. b GDPR and
- the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data pertaining to you transmitted directly to another responsible body by us, insofar as this is technically feasible. Liberties and rights of other persons shall not be affected by this.
The right to data portability does not apply to the processing of personal data that is required for the performance of a task in the public interest or in the exercise of public authority that has been transferred to us.
12. Right of revocation and objection
You have the right, for reasons related to your specific situation, to object at any time to the processing of personal data pertaining to you that is carried out on the basis of Art. 6(1) lit. e or f GDPR; this also applies for profiling based on these provisions.
We then no longer process the personal data pertaining to you, unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing is used for the assertion, exercise or defence of legal claims.
If the personal data pertaining to you is processed in order to operate direct advertising, you have the right at any time to object to the processing of the personal data pertaining to you for the purposes of such advertising; this also applies for profiling, insofar as it is in connection with such direct advertising. If you object to the processing for purposes of direct advertising, the personal data pertaining to you will no longer be processed for these purposes.
You have the option in connection with the use of information society services - regardless of Directive 2002/58/EC - to exercise your right of objection by means of automated processes in which technical specifications are used.
Right of revocation of the declaration of consent under data protection law
You have a right of revoke your declaration of consent at any time under data protection law. By revoking consent, the legality of the processing carried out on the basis of the consent up until revocation shall not be affected.
13. Right to file a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the Member State of your place of residence, workplace or the location of the alleged infringement, if you are of the opinion that the processing of personal data pertaining to you breaches GDPR.
The supervisory authority to which the complaint is submitted informs the complainant of the status and the results of the complaint including the possibility of a judicial remedy according to Art. 78 GDPR.
14. Confidentiality
(1) We keep all information that is to be handled as confidential given to us in the run-up to and within the context of the contractual relationship secret
and only use this subject to the prior agreement of the respective other contracting party with respect to third parties - irrespective of the purpose. Information that is to be handled as confidential includes information that is expressly described as confidential information by the party that provided it and information that is clearly confidential based on the circumstances of its provision. In particular, your personal data and the data used, should we become aware of this, is to be treated as confidential.
(2) The obligations according to paragraph 1 do not apply for such information or parts thereof for which we have to prove that they
- were known to us or publicly accessible before the date of receipt;
- were known to the public before the date of receipt or were generally accessible;
- were known to the public after the date of receipt or were generally accessible without us being responsible for this.
(3) Public statements by the parties concerning a cooperation will only be made subject to prior mutual agreement.
(4) The obligations according to paragraph 1 continue to exist after the contract has ended for an indefinite period of time, for as long as an exceptional case according to paragraph 2 has not been proven.
15. Scope of application
This privacy statement applies to the services of IMMS Institut für Mikroelektronik- und Mechatronik-Systeme gemeinnützige GmbH (IMMS GmbH) on the website www.imms.de.
16. Availability of the privacy statement
You can retrieve and print this privacy statement from any page of the website using the link.
17. Validity of this privacy statement
This privacy statement is currently valid and is dated 25/05/2018. If circumstances arise that require a new privacy statement, the updated privacy statement will be published here and will apply from the date of publication.
Information on privacy according to DSGVO for special interest groups
We place great importance on the protection of your personal data. As the protection of both your privacy and your business data is of particular importance to us, we observe the data protection regulations applicable in Germany.
In the following, we will inform you about the collection of personal data at the time of collection of this data.
1. Responsible body in accordance with Art. 4(7) GDPR
The responsible body in accordance with Art. 4(7) GDPR is
IMMS Institut für Mikroelektronik- und Mechatronik-Systeme gemeinnützige GmbH
Prof. Dr. Ralf Sommer, Dipl.-Kfm. Martin Eberhardt
Ehrenbergstraße 27
98693 Ilmenau
GERMANY
imms(at)imms.de.
Data Protection Officer
TRIAPILA GmbH
Torgauer Straße 231
04347 Leipzig
GERMANY
Datenschutz.Beauftragter(at)imms.de
2. Collection and use of personal data
Job application management, Tools from BITE GmbH
We use tools from the BITE GmbH company (Magirus-Deutz-Straße 12, 89077 Ulm, Germany) for job application management. The data required for the application process is processed via the servers of BITE GmbH. A corresponding contract for commissioned data processing in accordance with article 28 GDPR has been concluded with BITE GmbH. The server location is Germany.
The terms of services of the job application platform are included in the online job application process.
We place great importance on the protection of your personal data. As the protection of both your privacy and your business data is of particular importance to us, we observe the data protection regulations applicable in Germany.
In the following, we will inform you about the collection of personal data at the time of collection of this data.
1. Responsible body in accordance with Art. 4(7) GDPR
The responsible body in accordance with Art. 4(7) GDPR is
IMMS Institut für Mikroelektronik- und Mechatronik-Systeme gemeinnützige GmbH (IMMS GmbH)
Prof. Dr. Ralf Sommer, Dipl.-Kfm. Martin Eberhardt
Ehrenbergstraße 27
98693 Ilmenau
GERMANY
imms(at)imms.de.
Data Protection Officer
TRIAPILA GmbH
Torgauer Straße 231
04347 Leipzig
GERMANY
Datenschutz.Beauftragter(at)imms.de
2. Collection and use of personal data
(1) When you contact us by phone, e-mail, fax or via a contact form, the personal data actively transmitted by you (for example: your name, address or e-mail address) are stored and processed, insofar as this is required for the processing of requests or the fulfilment of our contractual obligations. Personal data is generally only collected from our users and used after the user has consented. One exception applies in cases where obtaining consent beforehand is not possible on factual grounds and the processing of the data is permitted by law.
Insofar as we obtain consent from the data subject for personal data processing operations, Art. 6(1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
With regard to the processing of personal data that is required to fulfil a contract to which the data subject is party, Art. 6(1) lit. b GDPR serves as the legal basis. This also applies for processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is required to comply with a legal obligation on the part of our company, Art. 6(1) 1 lit. c GDPR serves as the legal basis.
If the processing is required to protect a legitimate interest of our company or a third party and if the interests, rights and fundamental freedoms of the data subject do not outweigh the first interest mentioned, Art. 6(1) lit. f GDPR serves as the legal basis for the processing.
(2) Your registered data are always stored in encrypted form on our systems. This prevents data misuse. For encryption we use a recognised and widely used system that is deemed to be secure in the respective current version.
(3) The personal data of the data subject are deleted or disabled as soon as the purpose of storage expires. This is the case when the respective conversation with the user has ended. The conversation has ended if it is clear from the circumstances that the subject matter in question has been conclusively clarified. Furthermore, storage may also occur if so required by European or national law under European Union regulations, laws or other provisions to which we are subject. Blocking or deletion of data is also carried out if a storage period specified by the standards referred to expires, unless there is a need for further storage of the data in order to conclude or execute a contract.
(4) We regularly forward the personal data that has to be collected for the purposes of preparing the financial accounting and business management analyses for submission to the tax authority to our tax advisor.
(5) We regularly forward the personal data that is required to prepare the wage and salary accounting to DATEV eG.
(6) Furthermore, personal data are collected at our principal bank as soon as you make a deposit. These data are subject to the obligation of confidentiality.
3. Right to information
You can request confirmation from us as to whether personal data pertaining to you is processed by us.
If such processing does take place, you can request information from us on the following:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data pertaining to you is or has been disclosed;
- the planned duration of the storage of personal data pertaining to you or, if specific details of this are not possible, criteria for determining the duration of storage;
- the existence of a right to correction or deletion of personal data pertaining to you, the right to restrict the processing by us or the right to object to this processing;
- the existence of a right to file a complaint with a supervisory authority;
- all available information on the origin of the data, if the personal data is not collected from the data subject;
- the existence of automated decision-making including profiling according to Art. 22 (1) and (4) GDPR and - at least in these cases - pertinent information on the logic involved as well as the scope and desired impact of such processing for the data subject.
You have the right to demand information as to whether or not the personal data pertaining to you is transmitted to a third country or an international organisation. In this context, you can demand to be informed via the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.
4. Right to correction
You have a right to correction and/or completion, insofar as the processed personal data pertaining to you is inaccurate or incomplete. We will make the correction immediately.
5. Right to restriction of processing
Under the following conditions, you can demand that the processing of personal data pertaining to you is restricted, if:
- you dispute the accuracy of the personal date pertaining to you for a period that allows us to check the accuracy of the personal data;
- the processing is unlawful and you waive deletion of the personal data and instead demand the restriction of use of the personal data;
- the personal data is no longer required for the purposes of processing but is still required for the assertion, exercise or defence of legal claims, or
- you have submitted an objection to the processing in accordance with Art. 21(1) GDPR and it has not yet been decided whether our legitimate reasons outweigh your reasons.
If the processing of personal data pertaining to you is restricted, these data - apart from their storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or of a Member State.
If the restriction of processing according to the above-mentioned prerequisites is restricted, you will be informed of this by us before the restriction is lifted.
6. Right to deletion
a) Mandatory deletion
You have the right to demand that we delete the personal data pertaining to you immediately, insofar as one of the following reasons applies:
- The personal data pertaining to you are no longer required for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing according to Art. 6(1) lit. a or Art. 9(2) lit. a GDPR was based and there is no other legal basis for the processing.
- You object to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21(2) GDPR.
- The personal data pertaining to you has been processed unlawfully.
- The deletion of the personal data pertaining to you is required in order to comply with a legal obligation in accordance with Union law or the law of the Member States to which we are subject.
- The personal data pertaining to you were collected in relation to information society services in accordance with Art 8(1) GDPR.
b) Information to third parties
If we have made the personal data pertaining to you public and if we are obliged to delete such data according to Art. 17(1) GDPR, taking into account the available technology and the implementation costs, we shall take appropriate measures, including those of a technical nature, to inform those responsible for data processing who process the personal data that you as the data subject have requested the deletion of all links to these personal data or copies or replicas of these personal data.
c) Exceptions
The right of deletion does not apply if the processing is required
- in order to ensure the exercise of the right to freedom of expression and information;
- in order to fulfil a legal obligation which required processing in accordance with the law of the Union or the Member States to which we are subject, or for the performance of a task in the public interest or in the exercise of public authority that has been transferred to us;
- for reasons of public interest in the area of public health according to Art. 9(2) lit. h and i as well as Art. 9(3) GDPR;
- for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, insofar as the rights referred to in paragraph a) make the achievement of the objectives of this processing impossible or seriously impair them, or
- for the assertion, exercise or defence of legal claims.
7. Right to information
If you have asserted the right to correction, deletion or restriction of the processing against us, we are obliged to inform all recipients to whom the personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or would involve disproportionate effort.
You have the right to be informed of these recipients by us.
8. Right to data portability
You have the right to receive the personal data pertaining to you that you provided to us in a structured, common and machine-readable format. You also have the right to have these data processed by another responsible body without interference from us, if
- the processing is based on a consent according to Art. 6(1) lit. a GDPR or Art. 9(2) lit. a GDPR or on a contract according to Art. 6(1) lit. b GDPR and
- the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data pertaining to you transmitted directly to another responsible body by us, insofar as this is technically feasible. Liberties and rights of other persons shall not be affected by this.
The right to data portability does not apply to the processing of personal data that is required for the performance of a task in the public interest or in the exercise of public authority that has been transferred to us.
9. Right of revocation and objection
You have the right, for reasons related to your specific situation, to object at any time to the processing of personal data pertaining to you that is carried out on the basis of Art. 6(1) lit. e or f GDPR; this also applies for profiling based on these provisions.
We then no longer process the personal data pertaining to you, unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing is used for the assertion, exercise or defence of legal claims.
If the personal data pertaining to you is processed in order to operate direct advertising, you have the right at any time to object to the processing of the personal data pertaining to you for the purposes of such advertising; this also applies for profiling, insofar as it is in connection with such direct advertising. If you object to the processing for purposes of direct advertising, the personal data pertaining to you will no longer be processed for these purposes.
You have the option in connection with the use of information society services - regardless of Directive 2002/58/EC - to exercise your right of objection by means of automated processes in which technical specifications are used.
Right of revocation of the declaration of consent under data protection law
You have a right of revoke your declaration of consent at any time under data protection law. By revoking consent, the legality of the processing carried out on the basis of the consent up until revocation shall not be affected.
10. Right to file a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the Member State of your place of residence, workplace or the location of the alleged infringement, if you are of the opinion that the processing of personal data pertaining to you breaches GDPR.
The supervisory authority to which the complaint is submitted informs the complainant of the status and the results of the complaint including the possibility of a judicial remedy according to Art. 78 GDPR.
11. Confidentiality
(1) We keep all information that is to be handled as confidential given to us in the run-up to and within the context of the contractual relationship secret and only use this subject to the prior agreement of the respective other contracting party with respect to third parties - irrespective of the purpose. Information that is to be handled as confidential includes information that is expressly described as confidential information by the party that provided it and information that is clearly confidential based on the circumstances of its provision. In particular, your personal data and the data used, should we become aware of this, are to be treated as confidential.
(2) The obligations according to paragraph 1 do not apply for such information or parts thereof for which we have to prove that they
- were known to us or publicly accessible before the date of receipt;
- were known to the public before the date of receipt or were generally accessible;
- were known to the public after the date of receipt or were generally accessible without us being responsible for this.
(3) Public statements by the parties concerning a cooperation will only be made subject to prior mutual agreement.
(4) The obligations according to paragraph 1 continue to exist after the contract has ended for an indefinite period of time, for as long as an exceptional case according to paragraph 2 has not been proven.