Data Privacy Statement

(according to the EU General Data Protection Regulation)

HYPE Privacy Policy

HYPE is pleased that you have chosen to visit our website and about your interest in our company. At this point, we would like to inform you about the handling of your personal data. In particular, we would like to inform you whether and which of your personal data we collect in relation to your visit to our website and for what purposes it is processed.

 

I. Name and address of the responsible party


The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States as well as other data protection regulations is:

HYPE Softwaretechnik GmbH
Trierer Strasse 70-72
53115 Bonn
Germany
Phone: +49 228 2276 0
Email: info@hype.de
Website: https://www.hypeinnovation.com


II. Name and address of the Data Protection Officer
The responsible party's Data Protection Officer is:


IITR GmbH as external data protection officer
Marienplatz 2
80331 Munich
Germany
Phone: +49 228 2276 119
Email: dataprotection@hype.de



III. General information on data processing


1. 1. Scope of personal data processing

We collect and utilize our users' personal data only insofar as this is necessary for the provision of an operational site and of our content and services. Collection and utilization of our users' personal data is only undertaken periodically with the user's consent. An exception applies in those cases where prior consent cannot be obtained for legal or factual reasons and the processing of the data is permitted by law.



2. Performance of contractual services

We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with the terms of the contract. Art. 6 Para. 1 lit. b, GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract.

When using our online services, we store the IP address and the time of the respective user action. The data is stored on the basis of our legitimate interests as well as the user's protection against misuse and other unauthorized use. Passing on of this data to third parties does not take place in principle unless it is necessary for the pursuit of our claims or there is a legal obligation in accordance with. Art. 6 Para. 1 lit. c, GDPR.

We process usage data (e.g. the visited websites of our online offer, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile in order, for example, to show the user product information based on the services previously used by them.

The data will be deleted after the expiry of statutory warranty and comparable obligations; the necessity of storing the data will be reviewed every three years; in the case of statutory archiving obligations, the data will be deleted after its expiry. Information remains in the hypothetical customer account up to its deletion.

Administration, financial accounting, office organisation, contact management

We process data within the framework of administrative tasks as well as the organization of our company, financial accounting and in compliance with legal obligations, e.g. archiving. In this regard, we process the same data that we process as part of the performance of our contractual services. The bases of processing are art. 6 para. 1 lit. c. GDPR, art. 6 para. 1 lit. f GDPR. Customers, prospects, business partners and website visitors are affected by the processing. The purpose of and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, namely, tasks which serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.

We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.

Furthermore, we store information regarding suppliers, event organizers, and other business partners on the basis of our business interests, e.g. for the purpose of making contact at a later date. We store this data, which is mainly company-related, permanently.



3. Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 Para. 1 (a) EU General Data Protection Regulation (GDPR) serves as legal basis.

In processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 Para. 1 lit. b GDPR applies as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR applies as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. 1 (f) GDPR applies as the legal basis for processing.



4. Data deletion and storage duration

The data subject's personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. Blocking or erasure of data will be carried out even if a storage deadline prescribed by the above-mentioned standards expires unless data storage is a necessity for concluding or performing a contract.



5. Technical and Organisational Measures for Protection

We take appropriate technical and organizational security measures to protect your stored data against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological advances. Insofar as the transfer of data to external service providers is concerned, through technical and organizational measures we have ensured that all data protection provisions are adhered to.



6. Transmission to Third Countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfillment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or store the data in a third country only if the special conditions of Art. 44 ff. DSGVO. (so-called "standard contractual clauses"). This means that the processing is carried out, for example, on the basis of special guarantees and/or in compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").



IV. Provision of the website and creation of log files


1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

Information regarding the used browser type and version
The user’s operating system
The user's Internet service provider
The user's IP address
Date and time of access
Websites from which the user's system accesses our website
Websites accessed by the user's system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.



2. Legal basis for data processing

The legal basis for temporary storage of data and log files is Art. 6 para. 1 (f) of the GDPR.



3. Purpose of the data processing

Temporary storage of IP address by the system is necessary to enable delivery of the website to the user's computer. To this end, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the website's functionality. The data is also used to optimize the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.

These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f GDPR.



4. Duration of retention

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collection for the provision of the website, this will be undertaken once the respective session has ended.

Any data is to be stored in log files will be stored within seven days at the latest. Further storage is possible. In this case, the user's IP addresses will be deleted or distorted, so that assignment of the accessing client is no longer possible.



5. Objection and removal option

Collection of data for provision of the website and storage of data in log files is absolutely necessary for operating the website. Consequently, there is no option to object on the part of the user.



V. Use of cookies 

 

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after changing pages.


2. Legal basis for the data processing

The legal basis for processing personal data using technically necessary cookies is Art. 6 Para. 1 lit f. GDPR.

When accessing our website, the user is informed regarding the use of cookies for analytical purposes and his or her consent to the processing of personal data used in this context is obtained. Reference is also made to this data protection declaration in this context. The legal basis for processing personal data by using cookies for analytical purposes, if the user's consent to this has been obtained, is Art. 6 Para. 1 lit. a GDPR.



3. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website are not offered without the use of cookies. In this case, it is necessary that the browser is recognized even after changing the page.

The analysis cookies are used to improve the quality of our website and its content. Using analysis cookies, we learn how the site is used and can constantly optimize our service.

For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Art. 6 Para. 1 lit f. GDPR.



VI. Overview of cookies used

Necessary Cookies

These cookies are required for the basic functions of the website. They are installed by our hosting vendors.

Hubspot Inc.

__hs_cookie_cat_pref
hs_ab_test

Hubspot Inc. CDN (CloudFlare)

__cfruid
__cf_bm

Analytics Cookies

These cookies enable us to analyze website usage so that we can measure and improve its perfomance. They are installed by our  analytics vendors.

By Hubspot Inc.

__hstc
__hssc
__hssrc
hubspotutk

By Google LLC

_ga
_dc_gtm_UA-2305507-2
_gat_UA-2305507-2
_gid

Functional Cookies

These cookies allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.
hypelang

Advertisement Cookies

These cookies are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. These cookies are installed by our advertisement vendors.

By Linkedin

li_gc
lidc
AnalyticsSyncHistory
UserMatchHistory
bcookie
lang

By Google LLC

IDE
_gcl_au
_ga_KRKZHXGS6Z

By Facebook Inc.

_fbp
5. Duration of storage, objection and removal option

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website's features in full.



VII. Registration for events or meetings


1. Description and scope of data processing

If you would like to participate in a HYPE event (e.g., the Innovate Forum in Bonn), the data from the input mask will be transmitted to us when you register. In addition, the following data is collected at registration:

  • IP address of the calling computer
  • Date and time of the registration

Your data will not be passed on to third parties. The data will only be used for the processing of your participation in the event.

The user's consent to the processing of this data is obtained within the framework of the request process.

 
2. Legal basis for data processing

If you enter your email address when registering, we will use it to send you a registration confirmation and information about the event.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if consent is given.

 
3. Purpose of the data processing

The collection of the user's e-mail address serves to deliver the requested information. The collection of other personal data as part of the registration process is necessary for event management and also serves to prevent misuse of our services or the e-mail address used.

Should we come to the conclusion that other events may be of interest to you, we reserve the right to contact you by e-mail. The legal basis is Art. 6 para. 1 lit. f GDPR.

 
4. Duration of the storage

The data are deleted as soon as they are no longer required for the purpose of their collection. This is the case at the latest when cooperation can be excluded. We exclude cooperation if you are not already a customer of HYPE and have neither opened an e-mail from us nor visited our website for more than two years.

 
5. Possibility of objection and deletion

You can request the deletion of your data at any time. To do so, please reply to the e-mail sent or inform us informally at dataprotection@hype.de.



VIII. Register for blogs, webinars or download documents

 

1. Description and scope of data processing

If you are interested in our products, you can register for a blog (e.g. INNOVATION BLOG) or webinars and download documents (e.g. case studies) on our website. The data from the input screen is sent to us when you subscribe to the newsletter. The following data will also be collected upon subscription:

  • IP address of the accessing computer
  • Date and time of subscription

When operating our blog with comment function, the personal data entered in the input mask is stored and published under the respective blog entry. Comments can also be subscribed to.

Your data will not be passed on to third parties, except for the publication of comments. The data will be used exclusively for the provision of these offers.

The user's consent to processing this data is obtained during the registration process.



2. Legal basis for data processing

If your company uses our services and you provide us with your email address in this context, we may subsequently use it to send you a newsletter. In such a case, only direct marketing of our own similar products or services will be sent via the newsletter. The legal basis for the provision of the services is Art. 7 para. 3 UWG (Law against unfair competition).

Otherwise, your consent will be obtained for the processing of the data and reference will be made to this data protection declaration. The legal basis for processing the data, if the user's consent to this has been obtained, is Art. 6 Para. 1 lit. a GDPR.



3. Purpose of the data processing

The collection of the user's email address serves to deliver the requested information. Collection of other personal data as part of the subscription process is for preventing the misuse of the services or of the email address used.

Should we also come to the conclusion on the basis of the data entered that a cooperation could be beneficial for both parties, we reserve the right to contact you in this regard.



4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case, at the latest, when cooperation can be ruled out.



5. Objection and removal option

The services can be terminated by the user concerned at any time. For this purpose, there is a corresponding link in every message transmitted. You can also send the cancellation form free to dataprotection@hype.de.



IX. Registration for demonstrations and contacting HYPE


1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data in order to book a demonstration of our software products or to contact us. The data is entered into a contact form, transmitted to us, and stored. In addition to the data submitted in the form, the following data is also stored during registration:

  • The user's IP address
  • Date and time of subscription
  • The user's consent to processing this data is obtained during the registration process.

Hype may share your personal information with other Hype Holding GmbH companies in order to assist you regarding your requests or requirements. If this is the case, these other companies will use your data as required by the applicable specific privacy statements and applicable data protection law. Alternatively, you can contact us via the email address provided. In this case, the user's personal data that is transmitted along with the email will be stored.

The data will not be disclosed to third parties during the course of this. The data is used exclusively for the processing of the conversation.



2. Legal basis for data processing

The legal basis for processing the data, if the user's consent to this has been obtained, is Art. 6 para. 1 lit. a of the GDPR.

If registration is for fulfillment of a contract to which the user is a party or for implementation of pre-contractual measures, an additional legal basis for the data processing is Art. 6, Para. 1 b GDPR.



3. Purpose of the data processing

Establishing contact with the user.



4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case, at the latest, when cooperation can be ruled out. The data collected during the registration process will be deleted immediately if the registration is canceled.



5. Objection and removal option

As a user, you have the option of canceling the registration at any time. You can change the data stored about you at any time. Please contact us for free at dataprotection@hype.de. If the data is required for the fulfillment of a contract or the implementation of pre-contractual measures, early erasure of data is only possible insofar as contractual or legal obligations do not preclude erasure.



X. Hosting


The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.

Hereby we or our hosting provider process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, potential customers and visitors to this online offering on the basis of our legitimate interests in an efficient and secure provision of this online offering according to Art. 6 Para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contract).



XI. Use of Hubspot


We use Hubspot for our online marketing activities. This is an integrated software solution with which we cover various aspects of our online marketing.

These include:

  • Content Management (website and blog)
  • Email marketing (newsletters, as well as automated mailings, e.g. for the provision of downloads)
  • Social Media Publishing & Reporting
    Reporting (e.g. traffic sources, accesses, etc....)
  • Contact management (e.g. user segmentation & CRM)
  • Landing Pages and Contact Forms


Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information.


This information and the contents of our website are stored on servers of our software partner HubSpot. They can be used by us to contact visitors to our website and to determine which services of our company are of interest to them. All information we collect is subject to this privacy policy. We use all collected information exclusively to optimize our marketing.

HubSpot is a software company based in the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, phone: +353 1 5187500. HubSpot is certified under the conditions of the "EU - U.S. Privacy Shield Framework" and is subject to the TRUSTe 's Privacy Seal and the "U.S. - Swiss Safe Harbor" Framework.



XII. Use of the Mobile Applications


This Privacy Policy also applies to the use of Mobile Applications.

You have the option to use the Mobile Applications as a Web App or as a Native App. The mobile applications use the stored data, as soon as you use your camera, microphone or media galleries, as part of the application. Mobile applications also capture data such as the manufacturer, model, and operating system of your mobile device. The app does not access the location data of your mobile device.

When using the HYPE Native App, personal data such as the name of the creator of a comment or an idea is sent via push-messages through Google Firebase. Google Firebase stores and processes the data within the framework of the GDPR. In this respect, the data protection agreements of Google Firebase (https://firebase.google.com/support/privacy/) apply.



XIII. Web analysis by Google Analytics and Microsoft Clarity


1. Scope of personal data processing

Our website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA., hereinafter referred to as "Google". Google also uses cookies (see Cookies for details). If individual pages of our website are accessed, the following data is stored:

  • Two bytes of the IP address of the user's requesting system
  • The web page requested
  • The website from which the user has accessed the website (referrer)
  • The sub-pages that are called up from the called up web page
  • The time spent on the website
  • The frequency with which the website is accessed
    This data is transmitted to Google.


Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties as required by law or if said third parties process this data on behalf of Google.

For further information on data usage by Google, setting and objection options, please see the Google website: https://policies.google.com/technologies/partner-sites?hl=en ("How Google uses information from sites or apps that use our services“), https://adssettings.google.com/authenticated ("Use of data for promotional purposes"), ("Manage information Google uses to show you advertising").



2. Legal basis for processing personal data

The legal basis for processing the personal data of users is Art. 6 para. 1 lit a. GDPR.



3. Purpose of the data processing

The processing of users' personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Art. 6 para. 1 lit a. GDPR. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.



4. Duration of storage

The data will be deleted as soon as it is no longer needed for our recording purposes. Automatic deletion takes place after 14 months at the latest.


5. Objection and removal option

You can prevent the installation of Google Analytics cookies by setting your browser software accordingly; however, we point out that in this case, you may not be able to fully use all functions of our website.

Google also offers a deactivation add-on for the most popular browsers, giving you more control over what information Google collects about the websites you visit. The add-on informs Google Analytics' JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics. However, the deactivation add-on for browsers from Google Analytics does not prevent information from being transmitted to us or to other web analytics services that we may use. For more information on installing the browser add-on, see Link.

6. Google Analytics

When using our website, the operator has the option of using Google Analytics. As a result, the information generated by the cookie about the use of the website by the user is transferred to a Google server in the USA and stored there. The personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission's adequacy decision.

The operator can use a browser plug-in at http://tools.google.com/dlpage/gaoptout?hl=de to decide for himself whether he wants to use tracking and withdraw his consent at any time with effect for the future. The user is given the option of IP anonymization. In the event of activation of IP anonymization on the Website, its IP address will be previously shortened by Google within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. We would like to point out that on this website Google Analytics has been extended to include IP anonymization in order to guarantee anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. On behalf of the operator of the website, Google will use the information obtained to evaluate the use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. This enables the operator to assign data, sessions and interactions across several devices to a pseudonymous user ID and thus to analyze the activities of a user across all devices.

 
7. Microsoft Clarity

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

 

XIV. Rights of the data subject


If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights


1. Right to information

You may request confirmation from us as to whether personal information concerning you is processed by us.

If such processing is taking place, you can request to be informed by the data controller regarding the following information:

  • the purposes for processing the personal data;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  • the planned storage duration of your personal data or, if specific information in that regard is not possible, criteria for determining the storage period;
  • the existence of a right of rectification or deletion of your personal data or of a restriction on processing by the data controller or of a right to oppose such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information on the origin of the data if the personal data has not been collected from the person concerned;
  • the existence of automated decision-making, including profiling, in accordance with Article 22 Para. 1 and 4, GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the person concerned.


You have the right to request information regarding whether your personal information will be transmitted to a third-party country or an international organization. In this respect, you can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.



2. The right of rectification

You have a right of rectification and/or completion with respect to the responsible party if the personal data processed concerning you is incorrect or incomplete. The controller shall make the correction immediately.



3. The right to limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted if:

  • you contest the accuracy of your personal data for a period that enables the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  • the controller no longer needs the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defense of legal claims or
  • you have objected to processing pursuant to Art. 21 Para. 1 GDPR pending the verification whether the legitimate grounds of the controller override your reasons.


Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, we will inform you before the restriction has been lifted.



4. Right to deletion

a) Deletion obligation

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • You withdraw your consent on which the processing is based according to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 (a) GDPR, and where there is no other legal ground for the processing.
  • You object pursuant to Art. 21 Para. 1 GDPR, you object to the processing and there are no overriding justifiable reasons for the processing or Art. 21 Para. 2 GDPR to the processing;
  • The personal data has been unlawfully processed.
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data concerning you has been collected in relation to services offered by information society services according to Art. 8 Para. 1, GDPR.


b) Passing information to third parties

If we have passed on the personal data concerning you to third parties and we are obliged to erasure pursuant to Art. 17, Para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the erasure of all links to this personal data or of copies or replications of this personal data.


c) Exceptions

The right to deletion does not exist insofar as the processing is necessary:

  • To exercise the right of freedom of expression and information;
  • To fulfill a legal obligation required for processing under the law of the Union or of the Member States to which we are subject;
  • To assert, exercise or defend legal claims.


5. Right to information

If you have exercised your right to have the responsible party correct, delete or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

It is your right to be informed regarding such recipients.



6. Right to data portability

You have the right to obtain your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, insofar as:

  • The processing is based on consent pursuant to Art. 6 Para. 1 lit. a, GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 (b) GDPR and
    the processing is carried out using automated methods.
  • In exercising this right, you also have the right to request that the personal data concerning you be transferred directly by us to another person responsible, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.


The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the responsible party.



7. Right to object

You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time, which is carried out in accordance with Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions;


In this case, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.



8. The right to revoke the data protection declaration of consent

You have the right at any time to revoke your data protection declaration of consent. The withdrawal of consent shall not affect the lawfulness of processing taking place on the basis of this consent before its revocation.



9. The right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected if you believe that the processing of personal data that concerns you is in contravention of GDPR.

The supervisory authority with which the appeal has been lodged shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Helga Block, P.O. Box 20 04 44, 40102 Düsseldorf or Kavalleriestrasse 2-4, 40213 Düsseldorf, Phone: +49 (0)211/384 24-0, Fax: +49(0)211/384 24-10, Email: poststelle@ldi.nrw.de Homepage: https://www.ldi.nrw.de.

 

Privacy Settings