Follow us on Facebook
Follow us on Instagram
DESwitch to German Website

Data protection

 

I. Name and address of the controller

Within the meaning of the General Data Protection Regulation and other national data protection laws of Member States, as well as other data protection regulations, the controller is:

Ruhr Tourismus GmbH
Centroallee 261
46047 Oberhausen
Germany
T 0208.899 59 100
E info@ruhr-tourismus.de
ruhr-tourismus.de

 

II. Name and address of the data protection officer

The data protection officer for the controller is:
Dr. Ralf W. Schadowski
ADDAG GmbH & Co KG
Krefelder Straße 121
52070 Aachen
Germany
T 0241.446 880
E info@addag.de
addag.de

III. General information on data processing

1. Scope of the processing of personal data

Essentially, we only process the personal data of our users insofar as this is necessary to provide a fully-functioning website, content and services. The processing of our users’ personal data takes place on a regular basis, but only with the consent of each individual user. An exception applies in cases in which prior consent can not be obtained for practical reasons, and the processing of the data is permitted by law.

 

2. Legal basis of the processing of personal data

Insofar as we obtain the consent of the data subject to process personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. If it is necessary to process personal data for the performance of a contract of which the contracting party is the data subject, Article 6(1)(b) GDPR serves as the legal basis. This is also applicable for processing operations which are necessary for implementing precontractual measures. If it is necessary to process personal data for the fulfilment of a legal obligation which our company is subject to, Article 6(1) (c) GDPR serves as the legal basis. If processing is necessary for the protection of a legal interest of our company or of a third party, and the interests, basic rights and basic freedoms of the data subject do not outweigh the interests of the former, Article 6(1)(f) GDPR serves as the legal basis for processing.

 

3. Data retention period and erasure

The personal data of the data subject is deleted or blocked as soon as the purpose of its retention ceases to exist. Data may also be retained if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data is also deleted or blocked if a retention period specified by the named standards expires, unless there is a requirement to continue to store the data for the conclusion or performance of a contract.

 

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Every time a user accesses our website, our system automatically collects data and information from the user’s computer system.
The following data is collected:

  • Information on the browser type and the version used
  • The user’s operating system
  • The IP address of the user
  • Date and time of access
  • Websites via which the user’s system accesses our website
  • Websites which are accessed by the user’s system via our website

The data is also stored in log files in our system. This data is not stored along with the user’s other personal data.

 

2. Hosting

The hosting services we use provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use to operate this website.
We, or our hosting providers, process the inventory data, contact details, content data, contractual details, usage data and the meta and communication data of customers, interested parties and visitors to our website, on the basis of our legitimate interest in the efficient and secure provision of our content, pursuant to Article 6(1) (f) GDPR and Article 28 GDPR (Conclusion of Processing Contract).

 

3. Legal basis of data processing

The legal basis for the temporary retention of data and log files is Article 6(1) (f) GDPR.

 

4. Purpose of data processing

The temporary storage of the IP address by the system is necessary, so that the content of the website can be accessed by the user’s computer. The IP address of the user must therefore be retained for the duration of the session. Data is stored in log files to ensure the functionality of the website. The data helps us to optimise the website, and to ensure the security of our information technology systems. In this context, the data is not evaluated for marketing purposes. For this purpose, our legitimate interest also lies in data processing pursuant to Article 6(1) (f) GDPR.

 

5. Duration of retention

The data is deleted if it is no longer needed for the purpose of its collection. When collecting data for the provision of the website, this is the case if the session has ended. When saving data in log files, this is the case after seven days at the latest. Further-reaching storage is possible. In this case, user IP addresses are deleted or distorted, so that it is no longer possible to identify customers who access the site.

 

6. Opposition and removal

The collection of data for the provision of the website, and the storage of the data in log files is essential for the operation of the website. There is therefore no possibility for the user to object.

 

V. Use of Cookies

1. Description and scope of data processing

Our website uses Cookies. Cookies are text files which are saved in/by the Internet browser on the user’s computer. When the user visits a website, a Cookie can be saved on the user’s operating system. This Cookie contains a character sequence that allows the browser to be uniquely identified when the website is reopened.
We use Cookies to make our website more user-friendly. Some elements of our website require the browser to be identified, even after a page change.
The following information is therefore saved and transferred in the Cookies:

  • Language settings
  • Log-in information
  • Access from the "correct" website (radrevier.ruhr, industriekultur.ruhr, ruhr-tourismus.de)

Our website also uses Cookies which enable the analysis of the user’s surfing behaviour. In this way, the following data can be transferred:

  • Search term entered
  • Frequency of site access
  • Use of website functions

User information which is stored in this way is pseudonymised by technical measures. It is no longer possible to assign data to the user. The data is not saved with other personal data relating to the user.
When accessing our website, users are informed of the use of Cookies via an info banner, and referred to this data protection declaration.
When accessing our website, the user is informed of the use of Cookies via an info banner, and he gives his consent for the personal data collected in this context to be processed. In this context, there is also a link to this data protection declaration.

 

2. Legal basis of data processing

The legal basis for the processing of personal data using technically necessary Cookies is Article 6(1)(f) GDPR. The legal basis for the processing of personal data using Cookies for analytical purposes with the consent of the user is Article 6(1) (f) GDPR.

 

3. Purpose of data processing

The purpose of the use of technically necessary Cookies is to facilitate access to websites for users. Some functions of our website cannot be offered if Cookies are not accepted. It is therefore necessary that the browser can be recognised, even after a page change.
Cookies are required for the following functions:

  • Booking process
  • Changes to language settings
  • Marking search terms

User data which is collected by Cookies for technical purposes is not used for the creation of user profiles.
Analysis Cookies are used to improve the quality of our website and its content. The analysis Cookies determine how the website is used, and allow us to continuously optimise our content. In addition, through the use of Cookies, the selected URL is displayed with the correct start page logo and corresponding content. For this purpose, our legitimate interest also lies in the processing of personal data pursuant to Article 6(1) (f) GDPR.

 

4. Duration of retention, opposition and removal

Cookies are saved on the user’s computer, from where they are transferred to our website. You, the user, therefore have full control of the use of Cookies. By changing the settings in your Internet browser, you can deactivate or limit the transfer of Cookies. Previously saved Cookies can be deleted at any time. This can also happen automatically. If Cookies are deactivated for our website, it may be that some functions of the website can no longer be used to their full extent.

VI. Newsletter

1. Description and scope of data processing

Our website offers you the chance to subscribe to a free newsletter. When you subscribe to the newsletter, the data from the input screen is transferred to us. This data comprises:

  • The IP address of the computer used
  • Date and time of registration
  • E-Mail address of the customer

For data processing, your consent is obtained during the login process, and you are referred to this data protection declaration. We use Mailchimp to send and analyse our newsletter. Your data is transferred to Mailchimp ®. Mailchimp ® is prohibited from using your data for purposes other than sending the newsletter. Mailchimp ® is not permitted to disclose or sell your data. Mailchimp ® is a certified German newsletter software provider, which has been carefully selected pursuant to the requirements of GDPR and BDSG. You can revoke your consent regarding the retention and use of your data for newsletter distribution at any time, e.g. by clicking on "Unsubscribe" in the newsletter.

Newsletter tracking

The Ruhr Tourismus GmbH newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic which is embedded in e-mails which are sent in HTML format, to enable log file recording and log file analysis. A statistical evaluation of the success or failure of online marketing campaigns can therefore be made. Using the embedded tracking pixels, Ruhr Tourismus GmbH can recognise if and when an e-mail has been opened by erasure, and which links included in the e-mail have been accessed by the data subject.
Such personal data which is obtained by the tracking pixels contained in the newsletters is saved and evaluated by the controller, in order to improve newsletter distribution, and to better adapt the content of future newsletters to the interests of the data subject. This personal data will not be disclosed to third parties. Data subjects are able to revoke their declaration of consent granted through the double opt-in procedure at any time. Following revocation, this personal data is deleted by the controller. Unsubscribing from the newsletter is automatically seen by Ruhr Tourismus GmbH as revocation.

 

2. Legal basis of data processing

The legal basis for the processing of personal data with the consent of the user, when the user subscribes to the newsletter, is Article 6(1)(f) GDPR.

 

3. Purpose of data processing

The user’s e-mail address is obtained so that the newsletter can be delivered.

 

4. Duration of retention

The data is deleted if it is no longer needed for the purpose of its collection. The user’s e-mail address is retained for as long as the newsletter subscription is active.

 

5. Opposition and removal

The user can terminate his subscription to the newsletter at any time. For this purpose, there is a link in each edition of the newsletter.

SSL encryption

For security reasons and for the protection of confidential content, such as orders or queries which you send to us, this site uses SSL or TLS encryption. You can tell if you have a secure connection if the "http://" in the address bar has changed to "https://", and if there is a padlock symbol in the browser line.
If the SLL or TLS encryption has been activated, the data that you submit to us cannot be accessed by third parties.

 

VII. E-mail contact

1. Description and scope of data processing

Our website features a contact form, which can be used for contacting us electronically. If the user contacts us this way, the information entered in the input mask will be transferred to, and saved by, us.
When the message is submitted, the following data is also saved:

  • The IP address of the user
  • Date and time of registration

2. Legal basis of data processing

The legal basis for the processing of personal data with the consent of the user is Article 6(1)(f) GDPR.

 

3. Purpose of data processing

The personal data is only processed for contact purposes. In the case of contact by e-mail, this also includes the required legitimate interest for processing the data.
The other personal data processed when messages are sent serve to prevent misuse, and to ensure the security of our information technology systems.

 

4. Duration of retention

The data is deleted if it is no longer needed for the purpose of its collection. For the personal data from the input form of the contact form, and messages sent by e-mail, this is the case if contact with the user has ended. Contact ends when it can be derived from the circumstances that the facts of the case have been clarified.
Additional personal data which is collected during the sending process will be deleted after seven days at the latest.

 

5. Opposition and removal

The user has the option to revoke his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such cases, contact cannot continue. The user must clearly declare his revocation in writing. In this case, all personal data which has been saved during contact will be deleted.

 

IX. Disclosure of personal data to third parties

1. Scope of the processing of personal data

On our website, we give users the opportunity to order brochures. This requires users to enter personal data. The data is entered into an input screen, and transferred to and saved by us. For the purposes of processing, the data is transferred to my.IRS GmbH, Dornierstr. 4, 82178 Puchheim and to HID Werkstätten Karthaus, Industriestrasse 7, 48249 Dülmen.
This data is:

  • Surname
  • Given name
  • E-Mail
  • Telephone
  • Street and house number
  • Postcode and city
  • Country

2. Legal basis of the processing of personal data

The collected data serves the fulfilment of a contract to which the user is a party, or the implementation of pre-contractual measures, pursuant to the additional legal basis for the processing of data, Article 6(1) (b) GDPR.

 

3. Purpose of data processing

The personal data of the user is collected so that the requested brochure can be provided.

 

4. Duration of retention

The data that you enter in the input form will be retained by us until you ask us to delete it, or you revoke your consent for it to be stored, or the purpose for data retention ceases to exist (e.g. following completion of your request). Mandatory statutory provisions – especially retention periods – remain unaffected.

 

5. Opposition and removal

The user has the option to revoke his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may object to the storage of his personal data at any time.
The user must clearly declare his revocation in writing.
In this case, all personal data which has been saved during the ordering process will be deleted.

 

X. Website analysis services

1. Description and scope of data processing

This website uses functions of the website analysis service Google Analytics. The operating company is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland. Google Analytics uses so-called "Cookies". These are text files which are saved to your computer, and enable your use of the website to be analysed. The information relating to your use of this website which is compiled by the Cookies is usually transferred to a Google server in the USA, and stored there.

 

2. Legal basis of the processing of personal data

Article 6(1) (f) GDPR is the legal basis for the retention of Google Analytics Cookies. The website operator has a legitimate interest in analysing user behaviour, so as to optimise both its website and its advertising.

 

3. Purpose of data processing

The website operator has a legitimate interest in analysing user behaviour, so as to optimise both its website and its advertising. You can prevent the storage of Cookies using the corresponding settings in your browser software. However, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you may prevent Google from collecting and processing the data generated by the Cookie relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

 

4. Opposition and removal

You can prevent the storage of Cookies using the corresponding settings in your browser software. However, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you may prevent Google from collecting and processing the data generated by the Cookie relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

 

5. Opposition to data collection

You can prevent your data being collected by Google Analytics, by clicking on the link below. An opt-out Cookie is created, which will prevent the recording of your data during future visits to this website: https://adssettings.google.com/anonymous?hl=de&sig=ACi0TChVmevmsGgtwDdljrftL3IiFgyMPAyXecL6tIHU9zVeljWkqh1qD-5CARUH0OE-Thkp3vUU6Sg4MHuYN_zyroCJUguOszFkkZeYsNRNyknLcVQIP0M. More information on the processing of user data by Google Analytics can be found in the Google data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de.

 

XI. Google AdWords

1. Data protection regulations on the implementation and use of Google AdWords

The controller has integrated PayPal components into the Google AdWords website. Google AdWords is an online advertising service which allows advertisers to display their adverts in Google search results and in the Google advertising network. Google AdWords allows advertisers to select predetermined key words so that their adverts will only be shown in Google search results when a user looks for a key word-relevant search result. In the Google advertising network, adverts are displayed on relevant websites by means of an automatic algorithm, taking into account the predetermined key words.
The operating company of the Google AdWords service is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland.
The purpose of Google AdWords is to promote our website by including relevant advertisements on third-party websites and in Google search results, and by including external advertisements on our website.
If erasure accesses our website through a Google advert, Google stores a Conversion Cookie on the information technology system of the data subject. Please scroll up for an explanation of what Cookies are. A conversion Cookie becomes invalid after thirty days, and is not used to identify the data subject. If the Conversion Cookie has not expired, it is used to determine whether certain sub-pages – such as a shopping basket in an online store – have been accessed from our website. With the Conversion Cookie, we and Google can determine whether a data subject who has been directed to our site through an AdWords advertisement has generated a sale – i. e. completed or cancelled a purchase. The data and information collected by the Conversion Cookie are used by Google to create visitor statistics for our website. We use these user statistics to determine the total number of users who have come to our site through AdWords advertisements, and to evaluate the success or failure of the relevant AdWords advertisement, and therefore to improve our AdWords advertisements for future use. Neither our company not other advertising clients of Google AdWords obtains data from Google through which the data subject can be identified.
Personal data is saved by Conversion Cookies, e. g. from websites visited by the data subject. Each time someone visits our website, his personal data – including the IP address of the Internet connection used by the data subject – is transferred to Google in the United States of America. This personal data is saved by Google in the United States of America. In certain circumstances, Google may transfer personal data collected through the technical process to third parties.
The data subject can prevent the setting of Cookies by our website as shown above, at any time through the corresponding settings of the Internet browser used, and therefore permanently oppose the use of Cookies. Such settings in the Internet browser used also prevent Google from creating a Conversion Cookie on the information technology system of the data subject. Cookies created by Google AdWords can be deleted via the Internet browser or another software program at any time.
Furthermore, the data subject has the option to object to Google's interest-based advertising. The data subject must access www.google.de/settings/ads on each of his Internet browsers, and adjust the desired settings.

More information and the current Google data protection regulations can be seen at https://www.google.de/intl/de/policies/privacy/.

 

2. Data protection regulations on the implementation and use of Google Remarketing

The controller has integrated Google Remarketing services into this website. Google Remarketing is a function of Google AdWords which enables a company to show relevant adverts to previous visitors to the company’s website. The integration of Google Remarketing therefore allows a company to create user-appropriate advertisements, and to consequently show users online adverts relating to their interests.
The operating company of the Google Remarketing service is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland.
The purpose of Google Remarketing is to ensure that advertising relevant to the user’s interests is shown. Google Remarketing enables us to display online adverts which are in-line with the user’s needs and interests, via the Google advertising network.
Google Remarketing saves a Cookie to the information technology system of the data subject. Please scroll up for an explanation of what Cookies are. Setting Cookies means that Google is able to remember visitors to our website if they subsequently access websites which are also members of the Google advertising network. Every time the data subject visits a website onto which Google Remarketing services are integrated, the browser automatically identifies him through Google. As part of this technical process, Google is informed of personal data, such as the IP address or the surfing behaviour of the user, which Google uses, inter alia, show interest-related advertisements.
Personal data is saved by Cookies, e.g. from websites visited by the data subject. Each time someone visits our website, his personal data – including the IP address of the Internet connection used by the data subject – is transferred to Google in the United States of America. This personal data is saved by Google in the United States of America. In certain circumstances, Google may transfer personal data collected through the technical process to third parties. The data subject can prevent the setting of Cookies by our website as shown above, at any time through the corresponding settings of the Internet browser used, and therefore permanently oppose the use of Cookies. Such settings in the Internet browser used also prevent Google from creating a Cookie on the information technology system of the data subject. Cookies created by Google Analytics can be deleted via the Internet browser or another software program at any time.
Furthermore, the data subject has the option to object to Google's interest-based advertising. The data subject must access www.google.de/settings/ads on each of his Internet browsers, and adjust the desired settings.

More information and the current Google data protection regulations can be seen at https://www.google.de/intl/de/policies/privacy/.

 

XII. Social media embedding

1. Data protection regulations on the implementation and use of Facebook

The controller has integrated Facebook components into this website. Facebook is a social networking site. A social network is an Internet-based social meeting place, an online community which typically enables users to communicate with each other, and to interact on a virtual platform. A social network can be used as a platform on which to exchange opinions and experiences, or allows the online community to share personal or business information. Inter alia, Facebook enables users of its social network to create a private profile, upload photos, and network by means of friend requests.
The operating company of Facebook is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the data subject is not based in the USA or Canada, the controller for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each visit to an individual page of this website which is operated by the controller, and into which an Facebook component (Facebook plug-in) has been integrated, the Facebook component causes the Internet browser on the information technology system of the data subject to automatically download a representation of the corresponding Facebook component. An overview of all Facebook plug-ins can be seen at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook is informed of which specific section of our website is visited by the data subject. If the data subject is simultaneously logged into Facebook, Facebook can determine which specific sections of our website the data subject is visiting, each time the data subject visits our website and for the duration of each stay. This information is collected by the Facebook components, and mapped to the Facebook account of the data subject by Facebook. When the data subject clicks on one of the Facebook buttons on our site – e.g. the "Like" button – or writes a comment, Facebook assigns this information to the data subject’s account, and saves his personal data.
Through the Facebook components, Facebook is notified that the data subject has visited our website, if the data subject is logged into Facebook when accessing our website. This happens irrespective of whether or not the data subject clicks on the Facebook components. If the data subject does not want his personal data to be transferred to Facebook in this way, he can prevent this transfer by logging out of his Facebook account before accessing our website.
The data protection guidelines published by Facebook, which are accessible at https://de-de.facebook.com/about/privacy/, provide information on the collection, processing and use of personal data by Facebook. They also explain which options Facebook offers to protect the privacy of the data subject. Also available are various applications, which prevent data from being transferred to Facebook. The data subject can use such applications to prevent data transfers.

 

2. Data protection regulations on the implementation and use of Instagram

The controller has integrated Instagram components into this website. Instagram is a service which can be classified as an audio-visual platform, and allows users to share pictures and videos, and copy such data to other social networking sites.
The operating company of Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. With each visit to an individual page of this website which is operated by the controller, and into which an Instagram component (Insta Button) has been integrated, the Instagram component causes the Internet browser on the information technology system of the data subject to automatically download a representation of the corresponding Instagram component. As part of this technical process, Instagram is informed of which specific section of our website is visited by the data subject. If the data subject is simultaneously logged into Instagram, Instagram can determine which specific sections of our website the data subject is visiting, each time the data subject visits our website and for the duration of each stay. This information is collected by the Instagram components, and mapped to the Instagram account of the data subject by Instagram. When the data subject clicks on one of the Instagram buttons on our site, Instagram assigns this information and data to the data subject’s account, and saves and processes it.
Through the Instagram components, Instagram is notified that the data subject has visited our website, if the data subject is logged into Instagram when accessing our website. This happens irrespective of whether or not the data subject clicks on the Instagram components. If the data subject does not want his personal data to be transferred to Instagram in this way, he can prevent this transfer by logging out of his Instagram account before accessing our website.
More information and the current Google data protection regulations can be seen at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

XIII. Data subject rights

If your personal data is processed, you are the data subject pursuant to the GDPR, and you have the following rights against the controller:

 

1. Right of access

You can request a confirmation from the controller as to whether your personal data is processed by us. If such processing takes place, you can request a disclosure of the following information:

  1. the purposes for which the personal data is processed;
  2. the categories of personal data which is processed;
  3. the recipients, or the groups of recipients, to whom/which the personal data has been – or continues to be – disclosed;
  4. the planned duration of retention of your personal data, or – if concrete information is not available – criteria for determining the duration of retention;
  5. the existence of a right to rectify or erase your personal data, a right to restrict the processing of your personal data by the controller, or a right to object to the processing;
  6. the existence of the right to complain to a supervisory authority;
  7. all available information on the origin of the data, if the personal data has not been obtained from the data subject;
  8. the existence of automated decision-making, including profiling pursuant to Article 22(1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

You have the right to request a confirmation as to whether or not your personal data is transferred to a third country or an international organisation. In this context, you can request information on the guarantees relating to the transfer, pursuant to Article 46 GDPR.

 

2. Right to rectification

You have a right to rectification and/or completion against the controller, provided that the processed personal data is incorrect or incomplete. The controller must promptly carry out the rectification.

 

3. Right to restrict processing

Subject to the following prerequisites, you can request the restriction of the processing of your personal data:

  1. if you dispute the accuracy of your personal data for a period of time, the controller is able to verify the accuracy of your personal data;
  2. the processing is unlawful and you refuse the erasure of your personal data, and instead request the restriction of the use of your personal data;
  3. the controller no longer needs your personal data for the purposes of processing, but you need it to enforce, exercise or defend your rights, or
  4. if you have objected to the processing pursuant to Article 21(1) GDPR and it is uncertain as to whether the legitimate reasons of the controller prevail over your reasons.

If the processing of your personal data has been restricted, this data – apart from that which is stored – may only be processed with your consent or for the purpose of enforcing, exercising or defending legal claims, or protecting the rights of another natural or legal person or for reasons of substantial public interest of the European Union or a Member State.
If the restriction of the processing is limited pursuant to the conditions stated above, you will be informed by the controller before the restriction is waived.

 

4. Right to erasure

Erasure obligation 

You may make a request for the controller to delete your personal data immediately, and the controller is required to delete it immediately if one of the following is applicable:

  1. Your personal data is not longer required for the purpose for which it was collected, or processed in a certain way.
  2. You revoke your consent to the processing pursuant to Article 6(1) (a) or Article 9(2) (a) GDPR, and there is no other reason for the processing.
  3. You submit an objection to the processing of your data pursuant to Article 21(1) GDPR, and there are no legitimate grounds for processing, or you submit an objection pursuant to Article 21(2) GDPR.
  4. Your personal data has been processed unlawfully
  5. Your personal data must be deleted to fulfil a statutory requirement under EU Law, or the law of the Member State by which the controller is governed
  6. Your personal data has been processed in relation to the services offered by the information society, pursuant to Article 8(1) GDPR.

Provision of information to third parties

If the controller has made your personal data public, and is obliged to delete it pursuant to Article 17(1) GDPR, it must take appropriate measures – in consideration of the available technology and the implementation costs of these measures, as well as the technical means – to inform the controller that you are a data subject and have requested the erasure of all links to your personal data or copies/replications of it.

Exceptions

The right to erasure is waived if processing is necessary

  1. to exercise the right to free expression of opinion and information;
  2. to fulfil a statutory requirement under EU Law, or the law of the Member State by which the controller is governed, or to carry out a task for the benefit of the public, or to exercise public authority delegated to the controller
  3. to enforce, exercise or defend legal claims

 

5. Right of information

If you have asserted your right of rectification, erasure or restriction of processing against the controller, it is obliged to notify all recipients to whom your personal data has been disclosed of this correction or erasure of data or restriction of processing, unless this proves to be impossible or involves disproportionate effort.
You also have the right against the controller to be informed of these recipients.

 

6. Right to data portability

You have the right to obtain your personally identifiable data which has been provided to the controller in a structured, standard and machine-readable format. You also have the right to transfer the available personal data to another controller, without obstruction by the controller

  1. the processing is based on approval pursuant to Article 6(1) (a) or Article 9(2) (a) GDPR, or on a contract pursuant to Article 6(1) (b), and
  2. the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to obtain your personal data which is transferred directly from one controller to another, provided that this is technically feasible. The freedoms and rights of other people must not be affected by this.
The right to data portability does not apply to the processing of personal data which is necessary for carrying out a task for the benefit of the public, or to exercise public authority delegated to the controller.

 

7. Right of objection

You have the right, due to reasons arising from your situation, to object at any time to the processing of your personal data pursuant to Article 6(1) (e) or (f) GDPR. This also applies to profiling on the basis of these provisions.
The controller will no longer process your personal data, unless overriding and legitimate reasons arise which outweigh your interests, rights and freedoms, or processing is required to enforce, exercise or defend your rights.
If your personal data is processed to provide direct advertising, you have the right to object at any time to your personal data being used for the provision of this type of advertising. This also applies to profiling, if this is associated with such direct advertising.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for this purpose.
In connection with the use of the services offered by the information society – and irrespective of Directive 2002/58/EC – you have the option to exercise your right to object by means of automated procedures with technical specifications.

 

8. Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legitimacy of the processing carried out on the basis of the granting of consent until the revocation.

 

9. Automated decision in individual cases, including profiling

You have the right to not be subjected to a decision made solely on the basis of automated processing – including profiling – that will have a legal effect, or affect you in a similar manner. This is not applicable if the decision

  1. is required for the conclusion of a contract between you and the controller
  2. is permissible on the basis of European Union or Member State legislation by which the controller is governed, and that the legislation includes appropriate measures to protect all rights, freedoms and legitimate interests
  3. is made with your express permission

These decisions must not be based on special categories of personal data, pursuant to Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR is applicable and reasonable measures have been taken to protect all rights and freedoms, as well as your legitimate interests.
Regarding the cases referred to in (1) and (3), the controller must take appropriate measures to maintain all rights and freedoms, as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express individual positions, and to appeal decisions.

 

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedies, you have the right to complain to a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint is submitted will inform the plaintiff of the status and result of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

 

Deactivate Google Analytics

Deactivate Google Analytics capture on this website*
* A Cookie is set with you, which blocks the capture by Google Analytics on this website.

 

 

Back to top

Cookie-Policy

We use cookies to provide the best website experience for you. By clicking on "Accept tracking" you agree to this. You can change the settings or reject the processing under "Manage Cookies setup". You can access the cookie settings again at any time in the footer.
Data Protection Guidelines | Imprint

Cookie-Policy

We use cookies to provide the best website experience for you. By clicking on "Accept tracking" you agree to this. You can change the settings or reject the processing under "Manage Cookies setup". You can access the cookie settings again at any time in the footer.
Data Protection Guidelines | Imprint