Privacy Policy
I. Introduction and definitions
1. GENERAL
We process personal data in connection with the operation of our website with the URL https://kontornewmedia.com/ (hereinafter referred to as the “website”). We treat this data confidentially and process it in accordance with applicable laws, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG). With these data protection provisions, we want to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it, and, if applicable, to whom we disclose it. In addition, we will explain what rights you have to protect and enforce your data privacy.
2. TERMS
Our privacy policy contains technical terms that are used in the GDPR and the BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:
2.1 Personal data
“Personal data” is any information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR). Information about an identified person can be, for example, their name or email address. However, data is also considered personal if the identity is not immediately apparent but can be determined by combining your own or third-party information to find out who you are. For example, a person can be identified by providing their address or bank details, date of birth or user name, IP addresses, and/or location data. All information that allows conclusions to be drawn about a person in any way is relevant here.
2.2 Processing
Art. 4 No. 2 GDPR defines “processing” as any operation or set of operations which is performed on personal data. This applies in particular to the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
II. Controller and data protection officer
3. CONTROLLER
The controller responsible for data processing is:
Company: Kontor New Media GmbH (“we”)
Legal representative: Jens Thele; Michael Pohl (managing director)
Address: Neumühlen 17, 22763 Hamburg
Phone: +49 40 646 905 10
Email: contact (at) kontornewmedia.com
4. DATA PROTECTION OFFICER
We have designated an external data protection officer for our company. You can reach him at:
Name: Reinher Karl
Address: HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg
Phone: 040/ 46008966
Fax: 040/ 46008977
Email: datenschutz@habewi.de
III. Processing framework
5. PROCESSING FRAMEWORK: WEBSITE
Within the scope of the website, we process your personal data as detailed in section IV below. We only process data that you actively provide on the website (e.g., by filling out forms) or that you automatically provide when using our services.
Your data will be processed exclusively by us and will not be sold, lent, or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we, as the client, are authorized to issue instructions to our contractors. We use external service providers for the hosting of our website. We host our website with the external provider Mittwald CM Service GmbH & Co. KG (address: Königsberger Straße 4-6, 32339 Espelkamp) at the data center location in Frankfurt, Germany. If additional external service providers are used for individual processing operations listed in Section IV, they will be named there.
We do not transfer data to third countries and do not plan to do so. We will provide information about exceptions to this principle in the processing operations described below. Any data transfers to third countries are then carried out on the basis of the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/) or the EU Standard Contractual Clauses.
IV. The processing in detail
6. PROVISION OF THE WEBSITE AND SERVER LOG FILES
6.1 Description of processing
Each time you visit the website, we automatically collect information that your browser transmits to our server. This includes the following data:
- IP address
- Browser software used, as well as its version and language
- Operating system
- the website from which visitors accessed the website (known as the referrer)
- The subpages accessed on the website
- The date and time the website was accessed
- Internet service provider
- Country and city from which a user visited the website
These are also stored in our system’s log files. The temporary storage of your IP address by the system is necessary in order to deliver our website to a user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session. The IP address is shortened in the log files so that only the last three digits are recorded.
6.2 Purpose
The processing is carried out to enable the website to be accessed and to ensure its stability and security. In addition, the processing serves the statistical evaluation and improvement of our online offering.
6.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest lies in the purpose specified in section 6.2 .
6.4 Storage
The data will be erased as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. The log files are erased after 30 days.
7. COOKIES AND OTHER TRACKING TECHNOLOGIES
7.1 Description of processing
Our website uses cookies. Cookies are small text files that are stored on the user’s device when visiting a website. Cookies contain information that enables the recognition of a device and, if necessary, certain functions of a website. We distinguish between our own cookies and external, so-called third-party cookies. Our website uses so-called “session cookies” and “persistent cookies.” “Session cookies” are automatically erased when you end your Internet session and close your browser. Persistent cookies remain stored on your device for a longer period of time. In addition to cookies, we also use other tracking technologies, such as pixels or fingerprinting. If cookies are technically necessary for the operation of our site, your consent is not required. All other cookies and tracking technologies that are not technically necessary will only be set after you have actively consented to the use of cookies/tracking technologies via our consent tool. To obtain and document consent, we use the “Real Cookie Banner” service operated by devowl.io GmbH, Tannet 12, 94539 Grafling, Germany. The consent tool stores your selection in a cookie on your device. This means that you do not need to make a decision about cookies again when you visit our website again.
You can see which cookies are used on our website for what purpose, how long they are stored on your device, and what consents you may have already given in the settings of the consent tool.
7.2 Purpose
We use cookies/tracking technologies to make our website more user-friendly and to offer the functions described in section7.1 .
7.3 Legal basis
The processing is necessary with regard to technically necessary cookies and the use of the consent tool to safeguard the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR in conjunction with § 25 (2) TDDDG). Our legitimate interest lies in the purpose specified in section7.2 . For processing with regard to all other cookies/tracking technologies that are not technically necessary, the legal basis is consent (Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG). Such consent is voluntary.
7.4 Storage period, withdrawal of consent
Cookies are automatically erased at the end of a session or when the specified storage period expires. Since cookies are stored on your device, you as the user have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been stored can be erased. This can also be done automatically. If cookies/tracking technologies are deactivated, erased, or restricted for our website, it is possible that individual functions of our website cannot be used or can only be used to a limited extent. You can withdraw any consent you have given to the use of cookies at any time in the settings of the consent tool with effect for the future.
7.5 Recipients
When cookies/tracking technologies are used, data may be transmitted to the respective providers of these third-party services. In some circumstances, this may also involve transmission to third countries outside the European Union or the European Economic Area. We provide information about the recipients of data and third-country transfers in the settings of the consent tool or in the relevant section on the third-party service in these data protection provisions.
8. CONTACT FORM AND CONTACT BY E-MAIL
8.1 Description of processing
We have provided a contact form on our website for you to get in touch with us. For the contact form, we use the “Gravity Forms” service operated by Rocketgenius, Inc., 1620 Centerville Turnpike, Suite 102, Virginia Beach VA 23464-6500 United States. Further information on data protection at Gravity Forms can be found at: https://www.gravityforms.com/privacy/. In this form, you will be asked to enter your email address, your name, and a message to us. When you click the “Submit” button, the data will be transmitted to us using SSL encryption (see section21. ). The contact form can only be submitted if you confirm that you have read and understood this privacy policy by clicking the corresponding checkbox. You can also contact us via the email addresses provided on the website. In this case, we will process the personal data transmitted with the email.
8.2 Purpose
By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your email will be used exclusively for the purpose of processing and responding to your request.
8.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest lies in the purpose specified in section 8.2 . If the email contact is aimed at concluding or fulfilling a contract, the data processing is carried out for the purpose of fulfilling the contract (Art. 6 (1) (b) GDPR).
8.4 Storage period
We erase the data as soon as it is no longer necessary for the purpose for which it was collected. This is usually the case when the respective communication with you has ended. Communication is terminated when it can be inferred from the circumstances that your request has been conclusively clarified. If statutory retention periods prevent deletion, deletion will take place immediately after the statutory retention period has expired.
8.5 Recipients and transfer to third countries
We use the Gravity Forms service to manage and integrate forms. This is done within the framework of order processing. Gravity Forms is a service offered by Rocketgenius, Inc., 1620 Centerville Turnpike, Suite 102, Virginia Beach VA 23464-6500, USA. Rocketgenius, Inc. also processes your data in the USA. Further information on data protection can be found at: https://www.gravityforms.com/privacy/
9. SOCIAL NETWORKS
9.1 Description of processing
The Facebook, Instagram, and LinkedIn logos displayed on our website are merely linked to our company’s corresponding profiles on social networks. No data is transferred to social networks when the logos are integrated. If you click on one of the logos, you will simply be redirected to the external website of the respective social network.
Certain subpages of our website contain so-called social plugins offered by the external social networks Facebook, Instagram, and LinkedIn. When you visit a page that contains such a plugin, your browser establishes a direct connection to the servers of the social network. The content of the respective social plugin is transmitted directly from the social network to your browser and displayed on our website. To prevent this, we use the so-called two-click solution. We have integrated the social plugins on our website in such a way that the connection between the social plugins and the servers of the social networks is interrupted by default. If you want to communicate directly with a social network via the social plugin on our website and enable data exchange, you must click on the desired social plugin and thereby activate it. Once a social plugin has been activated, we no longer have any influence on the amount of data collected by the respective social network. We therefore inform you according to our state of knowledge. When you activate a social plugin, your IP address is transmitted to the respective social network in connection with the address of our website. If you are logged into the social network when you visit our website, this information will be assigned to your user account there. If you interact with an activated social plugin, e.g. by “sharing,” “liking,” or “retweeting” a post using the social plugin, this information is also transmitted directly to the respective social network and stored there in your user account.
However, our profiles within the social networks also constitute data processing. If you are logged into the respective social network when visiting such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. by commenting on, “sharing,” “liking,” or “retweeting” a post, this information will also be stored in your user account. As a rule, we can also view your interactions with our profile.
On the social networks Facebook and Instagram, we have the option of obtaining statistical data on the use of our Facebook page or our Instagram profile via the so-called “Insights” function. These statistics are provided by Facebook or Instagram. The “Insights” function is not optional. We cannot decide to enable or disable this feature. It is available to all Facebook fan page operators and all operators of an Instagram business account, regardless of whether you use the Insights feature or not.
Facebook Insights provides us with the following data in anonymized form for a selectable period of time with regard to fans, subscribers, people reached, and people interacting: Total number of page views, likes including origin, page activity, post interactions, reach, post reach (divided into organic, viral, and paid interactions), comments, shared content, responses, and demographic evaluations, i.e., country of origin, gender, and age. The Insights statistics do not allow us to identify subscribers and fans of our page or view their profiles.
Furthermore, Instagram Insights provides us with anonymized data on the development and reach of our Instagram profile, as well as the posts, stories, and videos we publish there. Instagram Insights also provides us with statistical information on the location, gender, and age of our Instagram profile subscribers.
The social networks with which you communicate store your data using pseudonyms as user profiles and use them for advertising purposes and market research. For example, advertisements that correspond to your presumed interests may be displayed to you within the social network and on other third-party websites. Cookies are usually used for this purpose, which the social network stores on your device. You have the right to object to the creation of these user profiles, which you must exercise by contacting the social networks directly.
9.2 Purpose
We maintain profiles on the aforementioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use the “Insights” function of Facebook and Instagram to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.
9.3 Legal basis
The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 (1) (f) GDPR). Our legitimate interest lies in the purpose stated in section 9.3 . If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 (1) lit. a GDPR. Data processing with regard to integrated social plugins is based on consent in accordance with Art. 6 (1) lit. a GDPR. We obtain this consent via the two-click solution at the point on our website where the social plugin is to be displayed. Such consent is voluntary. Data processing with regard to our presence on Facebook, Instagram, and LinkedIn is otherwise based on joint responsibility pursuant to Art. 26 GDPR.
9.4 Withdrawal of consent
You can withdraw any consent you have given to the use of social plugins with effect for the future.
9.5 Recipients and transfer to third countries
The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on social networks can be found in the linked data protection regulations.
- Facebook: Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Privacy policies: www.facebook.com/policy.php;www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other#applications and www.facebook.com/about/privacy/your-info#everyoneinfo.
- Instagram: Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Privacy Policy: help.instagram.com/155833707900388/.
- LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Privacy policy:www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy. The privacy agreement with LinkedIn can be found atwww.linkedin.com/legal/l/dpa. The joint responsibility agreement can be viewed atlegal.linkedin.com/pages-joint-controller-addendum .
Social networks also process your personal data in the USA.
10. FONT REPLACEMENT
When displaying our website, the standard fonts on your device are replaced by fonts. This is done to make the text on our website more readable and aesthetically appealing. We have opted for a privacy-friendly solution for font replacement. We do not integrate any external services, such as Google Fonts or Adobe Fonts. Instead, we store the fonts to be replaced locally on our server. This has the advantage that when you visit our site, your browser does not send any requests to external font replacement services and therefore no data, in particular your IP address in connection with the address of our website, is transmitted to third parties.
11. YOUTUBE
11.1 Description of processing
Our website uses services from “YouTube,” a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as “YouTube”). YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use YouTube by embedding individual videos from the platform on our website as so-called iFrames, so that they can be played directly on our website. The videos are embedded in the “extended data protection mode” offered by YouTube, i.e. no personal data about you is transferred to Google as long as you do not play the videos. Only when you play a video is data transferred to Google, over which we have no influence. If you play an embedded video on a subpage of our website, Google will be notified which subpage you visited and which video you watched. Your IP address may also be transmitted to Google. If you are logged in as a YouTube or Google user, Google will assign this information to your user account. Google stores your data as usage profiles and uses it for advertising purposes, market research, and/or to tailor the Google websites to your needs. You have the right to object to the creation of these user profiles, which you must exercise directly with Google. Further information on data protection at Google can be found at www.google.com/intl/de-DE/policies/privacy/.
11.2 Purpose
The processing is carried out in order to be able to display videos on our website.
11.3 Legal basis
Processing is based on consent in accordance with Art. 6 (1) (a) GDPR. We obtain this consent via the consent tool “Real Cookie Banner” (see7.1 ) or as part of a content blocker at the point on our website where a YouTube video is to be displayed. Such consent is voluntary.
11.4 Withdrawal of consent
You can withdraw your consent to the display of YouTube videos on our website at any time in the settings of the consent tool with effect for the future.
11.5 Recipients and transfer to third countries
By integrating YouTube, personal data may be transferred to YouTube LLC or Google. Google also processes your personal data in the USA.
12. MICROSOFT CLARITY
12.1 Description of processing
Our website uses “Microsoft Clarity,” a web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, or Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter referred to as “Microsoft”). Microsoft Clarity uses cookies and other tracking technologies (see section 7) that enable analysis of your use of our website. The service helps us to gain a better understanding of the experiences of people using our website. In particular, Microsoft Clarity records how much time you spend on which pages, how far you scroll, which links or areas you click on, as well as technical information such as the IP address of your device, screen size, device type, information about the browser you are using, and your location, limited to country information. The information generated by Microsoft Clarity about your use of this website is usually transferred to a Microsoft server in the USA and stored there. The data collected by Microsoft Clarity is stored in a pseudonymized usage profile. The information is not used by Microsoft Clarity or by us to identify individual users or to merge it with other data about individual users. For more information about data protection at Microsoft Clarity, please visit privacy.microsoft.com/en-us/privacystatement.
12.2 Purpose
The processing is carried out in order to analyze and evaluate the use of our website. Based on the feedback from our users, we can tailor our offering more precisely. The information obtained in this way is used to improve and tailor our online presence to your needs.
12.3 Legal basis
Processing is based on consent in accordance with Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG. We obtain this consent via the consent tool (see section 7.1). Such consent is voluntary.
12.4 Storage period and withdrawal of consent
Microsoft Clarity stores the collected information in a pseudonymized usage profile for a period of one year. We have explained the storage period and your control and setting options for cookies in section 7.4. You can withdraw your consent to Microsoft Clarity at any time in the settings of the consent tool with effect for the future. You can also object to data processing by Microsoft Clarity at any time by adjusting the privacy settings in your Microsoft account or by contacting Microsoft directly.
12.5 Recipients and transfer to third countries
By using Microsoft Clarity, personal data is transferred to Microsoft. Microsoft also processes your personal data in the USA.
13. ALL-IN-ONE SECURITY (AIOS)
13.1 Description of processing
Our website uses “All-In-One Security” (AIOS), a security plugin from UpdraftPlus / Updraft WP Software Licensing Ltd., Meadow View, 8 Round Meadow, Warwick, CV34 6UD, United Kingdom (hereinafter referred to as “AIOS”). AIOS serves to protect our website from security threats, hacker attacks, and misuse. The plugin collects and processes various data to ensure website security. This includes, in particular, visitors’ IP addresses, information about login attempts (successful and failed login attempts), timestamps of activities, browser information (user agent), and suspicious activity patterns. AIOS logs security events such as brute force attacks, blocked IP addresses , malware detections, and other security-related incidents. IP addresses can be automatically blocked when threats are detected. The plugin generates security reports and performs regular security scans of our website. The behavior patterns of website visitors are analyzed to detect bots and automated attacks.
13.2 Purpose
Processing is carried out to protect our website from cyber attacks, malware, brute force attacks, and other security threats. AIOS serves to maintain the availability, integrity, and security of our website and to protect the data stored on it. Logging security events enables us to detect and analyze attacks and take appropriate countermeasures.
13.3 Legal basis
Processing is necessary to safeguard the legitimate interests of the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in protecting our website from security threats and ensuring the secure operation of our online offering. If processing is necessary to fulfill legal obligations in the area of IT security, it is carried out on the basis of Art. 6 (1) (c) GDPR.
13.4 Storage period
AIOS security logs are generally stored for a period of 12 months in order to identify long-term attack patterns and continuously improve security. Blocked IP addresses are blocked for a period of 24 hours to 12 months, depending on the severity of the detected threat. After the storage period has expired, the data is automatically erased, provided that there are no legal retention obligations to the contrary.
13.5 Recipients
AIOS processes the data locally on our server. As a rule, no data is transferred to third parties. Only in the event of serious security incidents may anonymized threat data be transferred to specialized IT security service providers for analysis purposes. No personal data is transferred to third countries.
14. SHORTPIXEL IMAGE OPTIMIZER
14.1 Description of processing
Our website uses “ShortPixel Image Optimizer,” a service for optimizing and compressing images, which is operated by ShortPixel SRL, Str. Lunga nr. 25, Braila, 810081, Romania (hereinafter referred to as “ShortPixel”). ShortPixel optimizes and compresses the images displayed on our website in order to reduce the loading times of the website and improve the user experience. The image files are transferred to ShortPixel’s servers for processing, optimized there, and then sent back to our server. When optimized images are displayed on our website, a connection to the ShortPixel servers is established. Your IP address may be transmitted to ShortPixel in the process. ShortPixel does not use cookies on your device. Image optimization takes place on the server side. ShortPixel only processes technical data that is generated in the course of image delivery, such as IP addresses, browser type, and access times. For more information on data protection at ShortPixel, please visit: https://shortpixel.com/privacy).
14.2 Purpose
Processing is carried out in order to optimize and compress the images displayed on our website. This serves to shorten the loading times of our website and improve the user experience through faster page display.
14.3 Legal basis
Processing is based on consent in accordance with Art. 6 (1) (a) GDPR. We obtain this consent via the consent tool (see section 7.1). Such consent is voluntary.
14.4 Storage period and withdrawal of consent
You can withdraw your consent to ShortPixel Image Optimizer at any time in the settings of the consent tool with effect for the future. After revocation, images optimized via ShortPixel may no longer be displayed on our website or may only be displayed in non-optimized form, which may result in longer loading times.
14.5 Recipients and transfer to third countries
By using ShortPixel Image Optimizer, personal data may be transferred to ShortPixel SRL, Str. Lunga nr. 25, Braila, 810081, Romania. Data processing takes place within the European Union (Romania). ShortPixel may also process data on servers in the USA.
15. WPML TRANSLATION PLUGIN
15.1 Description of processing
Our website uses the “WPML” (WordPress Multilingual Plugin) plugin, a service provided by OnTheGoSystems Limited, 29 Throgmorton Street, London, EC2N 2AT, United Kingdom (hereinafter referred to as “WPML”). WPML enables us to offer our website in multiple languages and to manage these languages. The plugin stores your language settings in a cookie on your device so that your preferred language version of the website is automatically displayed on future visits. This stores your selected language, but not your IP address or other personal data in connection with WPML. The cookie only contains a language code (e.g., “de” for German or “en” for English). WPML processes data locally on our server; no data is transferred to external servers belonging to OnTheGoSystems Limited. The only exception to this is when optional WPML services such as automatic translation are activated. In this case, content may be transferred to external translation services for translation. We do not currently use these optional services.
15.2 Purpose
Processing is carried out in order to offer you our website in different languages and to save your language preference for future visits so that you do not have to select your preferred language again each time you visit.
15.3 Legal basis
The processing is necessary in view of the technically required cookie for storing the language setting in order to safeguard the overriding legitimate interests of the controller (Art. 6 (1) lit. f GDPR in conjunction with § 25 (2) TDDDG). Our legitimate interest lies in offering you a user-friendly multilingual website and taking your language preference into account.
15.4 Storage period
The WPML cookie for storing your language setting is stored on your device for the duration of your browser session or for a longer period (usually up to one year). Since the cookie is stored on your device, you as the user have full control over its use. You can deactivate or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been stored can be erased at any time. This can also be done automatically. If you erase or block the WPML cookie, you will have to select your preferred language again each time you visit our website.
15.5 Recipients
WPML processes data locally on our server. No personal data is transferred to OnTheGoSystems Limited or third parties, as we do not use any optional cloud-based translation services from WPML.
V. Security measures
16. Security measures
To protect your personal data from unauthorized access, we have equipped our website with an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the user’s device. You can recognize active SSL or TLS encryption at by a small lock logo displayed on the far left of the browser’s address bar.
VI. Your rights
17. Rights of the data subject
With regard to the data processing described above by our company, you have the following rights as a data subject:
17.1 Right of access by the data subject (Art. 15 GDPR)
You have the right to obtain confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have the right to obtain information about this personal data and the information specified in Art. 15 GDPR under the conditions set out in Art. 15 GDPR.
17.2 Right to rectification (Art. 16 GDPR)
You have the right to obtain that we immediately correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data.
17.3 Right to erasure (Art. 17 GDPR)
You have the right to obtain that we erase personal data concerning you without undue delay if one of the reasons specified in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes we pursue.
17.4 Right to restriction of processing (Art. 18 GDPR)
You have the right to obtain that we restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g., if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
17.5 Right to data portability (Art. 20 GDPR)
You have the right, under the conditions listed in Art. 20 GDPR, to request the release of data concerning you in a structured, commonly used, and machine-readable format.
17.6 Withdrawal of consent (Art. 7 (3) GDPR)
You have the right to withdraw your consent at any time in the case of processing based on consent. The withdrawal is effective from the time it is asserted. In other words, it takes effect for the future. Withdrawal of consent does not make the processing retroactively unlawful.
17.7 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can exercise this right with a supervisory authority in the EU member state of your residence, your place of work, or the place of the alleged violation.
17.8 Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions that have legal consequences for you or significantly affect you may not be based solely on automated processing of personal data, including profiling. We would like to inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
17.9 Right to object (Art. 21 GDPR)
If we process your personal data on the basis of Art. 6 (1) lit. f GDPR (to safeguard overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 GDPR. However, this only applies if there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. We also do not have to stop processing if it serves to assert, exercise, or defend legal claims ( ). In any case—even independently of a particular situation—you have the right to object at any time to the processing of your personal data for direct marketing purposes.
As of October 2025