Privacy Notice

Privacy Policy

Welcome to our website’s privacy policy. As the operator of the www.benediktiner-weissbräu.de website and the online store connected to it, and as the data controller, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection provisions, your selection in the cookie banner, and this privacy policy.

 

Name and Address of the Controller

The controller under the terms of the General Data Protection Regulation, other national data protection legislation of the member states, and other provisions of data protection legislation is:

Bitburger Braugruppe GmbH

- Benediktiner Weissbräu GmbH -

Römermauer 3

54634 Bitburg

Tel. +49-6561-140

Email: info@bitburger-braugruppe.de

For inquiries on the subject of data protection, you are welcome to contact our external data protection officer at Prico GmbH, stating the keyword “website data protection.” Direct your inquiry to Sebastian Feldmann, s.feldmann@prico.de or datenschutz@bitburger-braugruppe.de 

 

General Information on Data Processing

Extent of Personal Data Processing

As a matter of principle, we process our users’ personal data only to the extent necessary for providing a functional website and to the extent necessary for providing content and services. Personal data is, as a rule, only processed based on the consent of the user. Exceptions to this apply in cases in which obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by statutory regulations.

Legal Basis for Personal Data Processing

Insofar as we obtain a declaration of consent of the data subject regarding the processing of personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

GDPR Art. 6(1)(b) serves as the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is a party. This also applies to processing that is necessary for taking steps prior to entering into a contract.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, GDPR Art. 6(1)(c) serves as the legal basis.

If the vital interests of the data subject or another natural person necessitate the processing of personal data, GDPR Art. 6(1)(d) serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, GDPR Art. 6 (1)(f) serves as the legal basis for the processing.

Erasure of Data and Duration of Storage

Your personal data is erased or blocked as soon as the purpose of its storage no longer applies and there is no statutory retention period or other requirement opposing such erasure or blockage.

 

Provision of the Website and Creation of Log Files

Description and Extent of Data Processing

Each time our website is accessed, data and information is automatically collected from the accessing computer’s system. The following data is collected as part of this:

  • Information about the browser type and the version used

  • The user’s operating system

  • The user’s internet service provider

  • The user’s IP address

  • The date and time the website was accessed

  • Websites from which the user’s system accessed our website

  • Websites which are accessed by the user’s system via our website

  • HTTP status code

The data is also stored in our system’s log files. It is not stored together with the user’s other personal data.

Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is GDPR Art. 6(1)(f).

Purpose of Data Processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this, the user’s IP address must be stored for the duration of the session.

This information is stored in log files to ensure the website’s functionality. In addition, we use the data to optimize our website and to ensure the security of our information technology systems. No evaluation of the data is made for marketing purposes in this context.

These purposes also represent our legitimate interest in data processing in accordance with GDPR Art. 6(1)(f).

Duration of Storage

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. Where data is collected for the provision of the website, this is the case once the respective session has ended.

If data is stored in log files, this is done after a maximum of seven days. Storage beyond this time is possible. In this case, the IP addresses of users are deleted or modified in such a way that it becomes impossible to link it to the client who made the request.

Possibility to Object and Erase

It is absolutely necessary for the provision of the website that data is collected and, for the operation of the website, that data is stored in log files. Consequently, there is no possibility for the user to object to this.

 

Contact Form and Email Contact

Description and Extent of Data Processing 

On our website, there is a contact form which can be used to contact us electronically. If a user takes up this option, the data entered in the input screen will be transferred to us and stored. This data includes:

  • The user’s first name and surname

  • Your email address

  • Your address

  • Your telephone number

  • Additional personal information shared by you as part of your message

  • The following data is also stored at the time of sending the message:

  • IP address of the user

  • Date and time of registration

The legal basis for the processing of your personal data is your consent given as part of the message sending operation, in accordance with GDPR Art. 6(1)(a) (i.e., the checkbox containing a link to this privacy policy). If you contact us for the purpose of entering into a contract, GDPR Art. 6(1)(b) and (f) are additionally relevant legal bases. 

Legal Basis for Data Processing 

If the user has given their consent, the legal basis for processing the data is GDPR Art. 6(1)(a).

The legal basis for the processing of data transmitted in the course of sending an email is GDPR Art. 6(1)(f). If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is GDPR Art. 6(1)(b).

Purpose of Data Processing 

The processing of personal data from the input screen serves the sole purpose of us processing your contact request. If the user makes contact by email, there is also a necessary legitimate interest in data processing.

The other personal data processed as part of the message sending process serves to prevent misuse of the contact form and to ensure the security of our information systems.

Duration of Storage 

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and the data sent by email, this is the case when the conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The personal data additionally collected in the course of the message sending process will be erased after a period of no longer than seven days.

Possibility to Object and Erase 

The user has the opportunity to revoke their consent to the processing of their personal data at any time. If the user contacts us via email, they may object at any time to the storage of their personal data. In this case, the conversation cannot be continued.

The user can object to the processing of their data by emailing or mailing an objection. In this case, all personal data that was stored in the course of establishing contact will be erased.

 

Forwarding of Data to Third Countries

Tools, including ones from companies based in third countries (i.e., countries outside the European Union [EU] and European Economic Area [EEA]), may be integrated into our website. When these tools are active, your personal data may be forwarded to the servers of the respective companies. We do not have any influence over this data processing.

Where we process data in a third country or the processing occurs as part of the utilization of third-party services or disclosure or transmission of data to other persons, entities, or businesses, this is only done in accordance with the following statutory specifications pursuant to GDPR Arts. 44ff.

  • Based on an adequacy decision

  • Internal data protection regulations

  • Approved code of conduct

  • Standard data protection clauses 

  • Approved certification mechanism in accordance with GDPR Art. 46(2)(a) to (f)

 

Use of Cookies

Description and Extent of Data Processing 

Our website uses cookies. Cookies are text files which are stored in your internet browser or on your computer system by the internet browser. If a user accesses a website, a cookie may be stored on the user’s operating system. These cookies contain a unique string of characters that uniquely identifies the user’s browser when the user returns to the website.

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to also be identifiable after changing pages.

Our website also uses cookies that enable analysis of the user’s surfing patterns. The user data collected in this manner is made pseudonymous using technical precautions. Consequently, it ceases to be possible to link the data to the visiting user. The data is not stored together with other personal data of the users.

Legal Basis for Data Processing 

The legal basis for processing personal data with the usage of technically necessary cookies is GDPR Art. 6(1)(f).

Where cookies are set for the analysis of user behavior, this is based on consent pursuant to GDPR Art. 6(1)(a).

Purpose of Data Processing 

The purpose of using technically necessary cookies is to simplify use of the website for users. Some functions of our website cannot be offered without the use of cookies. To this end, the browser must be recognizable even after changing pages. As the website operator, we have a legitimate interest in storing cookies for the technologically flawless and optimized provision of our services.

The user data collected by technically necessary cookies is not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies allow us to find out how the website is used and therefore allow us to continuously optimize our offering.

Duration of Storage and Possibility to Object and Erase 

Cookies are stored on the user’s device and are transferred by it to us. You as a user therefore have full control over the use of cookies, too. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. You can delete cookies that have already been stored at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all of the website’s functions in full.

 

Cookie Consent 

OneTrust

Description and Purpose

We use the service of OneTrust for our cookie consent management on our website. Through it, we can integrate a cookie banner into our website, and you can use this banner to consent to the usage of various cookies. Cookies are blocked for as long as consent has not been provided for the relevant cookies. By using this tool, your IP address and individual consent settings will be processed. 

Legal Basis

The legal basis for the processing of your personal data is GDPR Art. 6(1)(a).

Recipient

The recipient of your personal data is OneTrust Technology Limited, 82 St John St., Farringdon, London, United Kingdom.

Transfer to Third Countries

Personal data is transferred to the United Kingdom. An adequacy decision in accordance with GDPR Art. 45(1) exists for this country, attesting to a comparable and therefore adequate level of protection. Furthermore, we take further measures to safeguard the protection of personal data as quickly as possible if the legal situation changes.

Duration of Data Storage

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. Moreover, the data is erased if you claim your right to erasure within the meaning of GDPR Art. 17(1). 

Contractual or Statutory Obligation

There exists a statutory obligation to provide your personal data. This obligation emerges from GDPR Art. 5(2).

Further Information about Data Protection

You can find further information about the processing of your personal data here: https://www.onetrust.de/datenschutzerklaerung/     

 

Cookies, Services, and Other Website Functions in Use

Facebook Fan Page

According to European Court of Justice case law, we, together with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook), are jointly responsible for the processing of personal data collected when visiting our Facebook page for the purposes of data protection law.

When you visit our profile page, Facebook collects personal data from you, the page visitor, automatically and without us being able to exercise any influence on this. You can find further information about data collection by Facebook in the Facebook privacy policy https://www.facebook.com/privacy/explanation.

Facebook uses cookies to collect and store data and process it further. If you, as a user, possess a Facebook profile and are signed into it, the data is stored and analyzed across different devices. You can receive further information about the use of cookies by Facebook in the Facebook cookie policy https://www.facebook.com/policies/cookies/.

You can object to the use of cookies by Facebook on the following websites:

Facebook provides us with a variety of anonymized statistics about the visitors to our profile page as part of its page insights. We do not have any influence over the compilation of this information, and we in particular cannot deactivate the collection and processing by Facebook. The following anonymized data pertaining to our profile page is provided to us by Facebook for a definable time period and for each of the categories of fans, subscribers, persons reached, and persons interacting:

total number of page views, “likes,” page activities, post interactions, reach, video views, post reach, comments, content shared, replies, share of men and women, origin by country and city, language, store views and clicks, clicks in journey planner, and clicks on telephone numbers. You can receive further information about page insights on the relevant Facebook website at: https://www.facebook.com/business/a/page/page-insights.

We use this information to make our profile page and the content on it more attractive for the visitors to our profile page. This also represents a legitimate interest within the meaning of our legal basis for this processing pursuant to GDPR Art. 6(1)(f).

 

The mutual obligations in relation to the joint responsibility are set out in the Page Controller Addendum https://www.facebook.com/legal/terms/page_controller_addendum. In it, Facebook takes the primary responsibility for the processing of insight data for the purposes of the GDPR and declares to have met all obligations arising from the GDPR in connection with the processing of insight data (including GDPR Arts. 12 and 13, GDPR Arts. 15 to 22, and GDPR Arts. 32 to 34). Solely Facebook can make and implement decisions regarding the processing of insight data. Because Facebook in its sole discretion decides how it meets its obligations under this agreement, we do not have any influence on the fulfillment of the legal data protection obligations by Facebook. If we receive inquiries in connection with insight data, we are required to forward all relevant information to Facebook.

 

Instagram Fan Page

According to European Court of Justice case law, we, together with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook), are jointly responsible for the processing of personal data collected by Facebook when visiting our Instagram fan page for the purposes of data protection law.

When you visit our Instagram fan page, Facebook collects personal data from you, the visitor of the respective fan page, automatically and without us being able to exercise any influence on this. You can find further information about data collection by Facebook in the Instagram privacy policy.

Facebook uses cookies to collect and store data and process it further. If the user possesses an Instagram and/or Facebook profile and is signed into it, the data is stored and analyzed across different devices. You can receive further information about the use of cookies by Facebook in the Facebook cookie policy.

You can object to the use of cookies by Facebook on the following websites:

Facebook provides us with a variety of anonymized statistics about the visitors to our Instagram fan pages as part of its page insights. We do not have any influence over the compilation of this information, and we in particular cannot deactivate the collection and processing by Facebook. The following information is provided to us by Facebook in the form of anonymized data in relation to the respective fan page for a definable time period:

  • Activity: This section provides insights into our profiles, including interactions (such as profile visits and website clicks), and on the subject of exploration (how many people viewed our content and where they found it).

  • Content: Here we receive insights into posts, stories, and promotions.

  • Audience: Here we learn more about our subscribers and audience.

You can find more information at https://help.instagram.com/788388387972460?helpref=faq_content.

We use this information to make our fan pages and the content on the fan pages more attractive for the visitors to our fan pages. This also represents a legitimate interest within the meaning of our legal basis for this processing pursuant to GDPR Art. 6(1)(f).

We are taking efforts to conclude an agreement with Facebook on joint responsibility in connection with the Instagram service, too. Facebook has as yet not provided a statement with regard to the Instagram service. However, it remains the fact that solely Facebook can make and implement decisions regarding the processing of insight data. We do not have any influence over this. If we receive inquiries in connection with insight data, we will forward them to Facebook immediately.

 

 

Online Store Orders

You can purchase merchandise from our online store via our website. Personal data is also collected as part of this order process. Accordingly, the conclusion of the contract requires you to provide personal data that is necessary for fulfilling the order and without which a purchase in the online store is not possible. This also represents the purpose of the processing. The personal data for this consists of the following data:

  • Title

  • First name and surname

  • Address/delivery address

  • Email address

In addition, we record the payment method chosen by you during the order and, if applicable, payment data such as the credit card number. In this respect, there exists a possibility that the data is forwarded to the service provider’s website for the payment process. The respective provider’s data protection provisions will apply to that.

You can choose to create a customer account where we save your data for future purchases. You can object to this data storage in your customer account at any time. Access to it is protected using a password to be set by you.

With the data disclosed by you, we identify you as a customer, process the order, and send you an invoice. However, we also reserve the right to use the stored data to enforce any claims we may have against you.

The legal basis for this processing is GDPR Art. 6(1)(b). Due to specifications of commerce and tax laws, we are required to store your address, payment, and order data for a period of up to ten years.

Forwarding to third parties only occurs when this is required for fulfilling the contract. The forwarding of your personal data to third parties is limited to the minimum extent necessary for this. Such forwarding includes, for example, the forwarding of payment data to payment service providers or financial institutions to carry out a payment. For this to be done, it may be necessary for us to forward personal data collected during the payment process to the payment service provider. However, the payment service providers usually collect this data themselves. The forwarded data may only be utilized by the third parties for the purposes indicated. As part of the fulfillment of the contract in accordance with GDPR Art. 6(1)(b), we make use of the payment service providers listed below for the processing of payments.

The personal data transferred to the provider is transferred by the provider to credit bureaus depending on the chosen method of payment, e.g., invoice or direct debit. This transfer is for checking identity and creditworthiness in relation to the order you are making. Refer to the relevant provider’s privacy policy to see which credit bureaus these are and what data is generally collected, processed, stored, and disclosed by the relevant provider:

  1. PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

 

Data Protection for Job Applicants

If you apply for a job with us electronically, i.e., by email or using our online form, we collect and process your personal data for the purpose of carrying out the application procedure and taking steps prior to entering into a contract. 

By sending an application, you express your interest in taking up employment with us. In this context, you transmit to us personal data that we use and store exclusively for the purpose of your job search/application. The following data in particular is collected: first name, surname, email address, telephone number, and LinkedIn profile, if any.

You also have the possibility of uploading or sending documents such as a cover letter, your résumé, reference letters, and credentials. Further personal data such as your date of birth, address, etc. may possibly be contained in these documents.

The legal basis for the processing of your applicant data is GDPR Art. 6(1)(b) and GDPR Art. 9(2)(b). Insofar as special categories of personal data within the meaning of GDPR Art. 9(1) are voluntarily disclosed during the application process, their processing is also carried out in accordance with GDPR Art. 9(2)(b) (e.g., health data such as disability status).

The only persons with access to your data are authorized human resources employees and ones involved in the application procedure.

Personal data is stored solely for the purpose of making an appointment to the vacant position for which you have applied.

Your data will be stored for a period of six months past the conclusion of the application procedure. This is usually done for the fulfillment of legal obligations and for defense against any claims arising from statutory provisions. After that time, we are required to erase or anonymize your data. In this case, the data is only available to us as metadata for statistical analysis, with no direct personal links.

 

Integration of Additional Services and Third-Party Content

As part of this online offering, third-party content such as videos, fonts, or graphics may come from other websites and be integrated into this website. For this content to be displayed, the respective providers of this content (hereinafter “third-party providers”) are required to record the IP address of users. It would not be possible to transmit the content to the user’s browser without the IP address as it is required for the presentation of the content. We take efforts to integrate such content only when the provider uses the IP address solely to provide the content. Nonetheless, we do not have any influence over this when the third-party providers store the IP address for purposes such as statistics. If we become aware of this, we inform the users accordingly. Through this integration, we seek to provide and optimize our online offering.

The legal basis for the integration of other services and content of third parties is GDPR Art. 6(1)(f). Our overriding legitimate interest is the best presentation possible of our online presence and the provision of our services in a user-friendly and cost-effective way. Please review the relevant data protection provisions before you transmit personal data to these websites.

 

Further Data Recipients

If the statutory specifications are met (e.g., you have given your consent), we may potentially share your personal data with other recipients that provide services for us. Taking into account the principle of data minimization, we limit the disclosure of your personal data to the degree that is necessary. The service providers that are engaged receive your personal data as contracted processors (on a processing agreement pursuant to GDPR Art. 28) or as independent data processors. The following categories of service providers/data recipients may receive your data:

  • Server operators and hosting providers

  • Marketing and website agencies

  • External legal counsel and tax advisers

  • Newsletter providers

  • Recruitment service providers

  • Mailing and shipping service providers

  • Other services and tools

Access to your data only occurs when strict conditions are met (confidentiality requirements).

 

Data Security

Unfortunately, online information transmission is not completely secure, which is why we cannot guarantee the security of the data transmitted to and through our website over the internet. However, we secure our website and other systems as much as possible using technical and organizational measures against loss, destruction, access, modification, or dissemination of your data by unauthorized individuals.

We take precautions to ensure the security of your personal data. Your data is protected diligently against loss, destruction, falsification, manipulation, and unauthorized access or disclosure.

 

Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following data subject rights to exercise against the controller:

Right of Access Pursuant to GDPR Art. 15

You may request confirmation from the controller as to whether or not personal data concerning you is being processed by us. In the event of such processing, you may request the following information from the controller:

  1. the purposes for which the personal data is being processed;

  2. the categories of personal data being processed;

  3. the recipients or categories of recipient to whom the personal data concerning you have been or will be disclosed;

  4. the envisaged period for which the personal data concerning you will be stored, or, if it is not possible to provide concrete information in this regard, the criteria used to determine that period;

  5. the existence of the right to request from the controller rectification or erasure of personal data concerning you, or the right to request the restriction of processing by the controller or to object to such processing;

  6. the existence of a right to lodge a complaint with a supervisory authority;

  7. all available information on the source of the data where the personal data is not collected from the data subject;

You have the right to be informed of whether the personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to GDPR Art. 46 in connection with the transfer.

 

Right to Rectification Pursuant to GDPR Art. 16

You have the right to obtain from the controller rectification and/or completion if the processed personal data concerning you is inaccurate or incomplete. The controller must make the rectification without delay.

 

Right to Restriction of Processing Pursuant to GDPR Art. 18

Under the following conditions, you can obtain a restriction of processing of the personal data concerning you:

  1. where you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;

  2. the processing is unlawful and you object to the erasure of the personal data and instead request that the use of the personal data be restricted;

  3. the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise, or defense of legal claims; or

  4. if you have objected to processing pursuant to GDPR Art. 21(1) and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.

Where processing of personal data concerning you has been restricted, such personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural person or legal entity or for reasons of important public interest of the Union or of a member state.

Where a restriction of processing has been obtained under the conditions named above, you will be informed by the controller before the restriction is lifted.

 

Right to Erasure Pursuant to GDPR Art. 17

  1. Obligation to Erase Data 

You can obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

  2. You revoke your consent on which the processing was based in accordance with GDPR Art. 6(1)(a) or Art. 9(2)(a), and there is no other legal basis for the processing.

  3. You object to the processing pursuant to GDPR Art. 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to GDPR Art. 21(2).

  4. The personal data concerning you has been unlawfully processed.

  5. The erasure of the personal data concerning you is necessary to comply with a legal obligation under Union or member state law to which the controller is subject.

  6. The personal data concerning you was collected in relation to information society services offered pursuant to GDPR Art. 8(1).

  1. Information Disclosed to Third Parties 

Where we have made the personal data concerning you public and are obliged pursuant to GDPR Art. 17(1) to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

  1. Exceptions 

The right to erasure does not exist insofar as processing is required

  1. to exercise the right to freedom of expression and information;

  2. to comply with a legal obligation requiring processing under Union or member state law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

  3. for reasons of public interest in the area of public health in accordance with GDPR Art. 9(2)(h) and (i) as well as Art. 9(3);

  4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to GDPR Art. 89(1), insofar as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or

  5. for the establishment, exercise, or defense of legal claims.

 

Right to Information Pursuant to GDPR Art. 19

Where you have exercised the right to rectification, erasure, or restriction of processing, we are obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about those recipients.

 

Right to Data Portability Pursuant to GDPR Art. 20

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that:

  1. the processing is based on consent pursuant to GDPR Art. 6(1)(a) or GDPR Art. 9(2)(a), or on a contract pursuant to GDPR Art. 6(1)(b), and

  2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others may not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to Objection Pursuant to GDPR Art. 21

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on GDPR Art. 6(1)(e) or (f).

We will no longer process the personal data concerning you unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

 

Right to Withdraw Consent Under Data Protection Law Pursuant to GDPR Art. 7(3)

You have the right to withdraw your consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal. A simple email message to us is sufficient for withdrawing consent or making an objection.

 

Right to Lodge a Complaint with a Supervisory Authority Pursuant to GDPR Art. 77

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to GDPR Art. 78.

 

Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal consequences for you or significantly affects you in a similar manner. This does not apply if the decision:

  1. is necessary for entering into, or performance of, a contract between you and the controller;

  2. is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or

  3. is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in GDPR Art. 9(1), unless point (a) or (g) of Art. 9(2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

 

Amendments of Data Protection Provisions

We reserve the right at any time to amend this privacy policy with effect for the future so that it always corresponds to the latest legal requirements or to reflect changes of our services within the privacy policy, e.g., when new services are introduced.