BookingBooking
Booking

Privacy policy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible body

The data controller for this website is:

Adara | Boutique Hotel | Restaurant
Old school square 1
D-88131 Lindau/Lake Constance

Phone: +49 8382 94350-0
Fax: +49 8382 94350-50
E-mail: info@adara-lindau.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Name and address of the data protection officer

The data protection officer of the data controller is:

Nicole Christiane Grohmann
Datenschutz & privacy
Beethovenstr. 23
D-87435 Kempten

Phone: +49 831 5209 8680
Fax: +49 831 5124 7031
E-mail: info@datenschutzprivacy.de

General notes

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.
Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected in order to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for this purpose and for further questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. You also have the right to request the restriction of the processing of your personal data under certain circumstances. For details, please refer to the data protection declaration under “Right to restriction of processing”.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) S. lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which we are subject, Article 6 (1) sentence 1 lit. c) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 lit. f) GDPR serves as the legal basis for the processing.

Definitions

The data protection declaration is based on the terms used by the European legislator when adopting the EU General Data Protection Regulation (hereinafter: “GDPR”). The data protection declaration is intended to be easy to read and understand. To ensure this, the most important terms are explained below:

    1. Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    2. Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
    3. Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    4. Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
    5. Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
    6. The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
    7. Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
    8. A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
    9. Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
    10. Consent shall mean any freely given specific and informed indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)

If the data processing is based on Art. 6 (1) e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) of the GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 (2) GDPR).

Right of appeal to the competent supervisory authority

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, blocking, deletion and correction

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of this data. For this purpose as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

Right to restrict processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Objection to advertising e-mails

The use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Data collection on our website

Use of cookies

This website does not use cookies. Cookies are small text files that are sent by a web server to your browser as soon as you visit a website and are stored locally on your end device (PC, notebook, tablet, smartphone, etc.) and are stored on your computer and provide the user (i.e. us) with certain information. Cookies are used to make the website more customer-friendly and secure, and in particular to collect usage-related information, such as frequency of use and number of users of the pages, as well as behavioural patterns of page use. Cookies do not cause any damage to the computer and do not contain viruses. This cookie contains a characteristic character string (so-called cookie ID), which enables the browser to be uniquely identified when the website is called up again.

Cookies remain stored even if the browser session is terminated and can be accessed again when you visit the site again. However, cookies are stored on your computer and transmitted from it to our site. Therefore, you also have full control over the use of cookies. If you do not wish data to be collected via cookies, you can set your browser via the menu under “Settings” so that you are informed about the setting of cookies or generally exclude the setting of cookies or can also delete cookies individually. However, please note that the functionality of this website may be limited if cookies are deactivated. As far as session cookies are concerned, these will be automatically deleted after leaving the website anyway.

Provision of the website and creation of log files

In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we automatically collect the following data and information from the computer system of the calling computer each time the website is called up:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of the log files is Art. 6 para. 1 p. lit. f) GDPR.

The temporary storage of the IP address by the system is necessary in order to

  1. to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
  2. to optimise the content of our website and the advertising for it
  3. Ensure the functionality of our information technology systems and the technology of our website
  4. Provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) sentence 1 lit. f) GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected – in this case at the end of the usage process.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses are deleted or made anonymous so that it is no longer possible to assign the calling client.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website, which is why there is no possibility to object.

E-commerce

If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. The data is entered in an input mask and transmitted to us and stored. The following data is collected within the framework of the webshop:

  • Salutation
  • Company, if applicable
  • Name
  • E-mail
  • Phone
  • Address incl. country
  • Note if applicable
  • IP address
  • Date and time of the order

Data will only be passed on to third parties if this is necessary for the purpose of processing the contract or for billing purposes or for collecting the fee, or if you have expressly consented to this. In this respect, we only pass on the data required in each case. The data recipients are

  • The respective delivery/shipping company (disclosure of name and address)
  • Collection companies, insofar as payment must be collected (disclosure of name, address, order details)
  • Credit agencies to check creditworthiness (disclosure of name, address, date of birth, etc.). In this case, the information is only passed on if we make advance payments for orders (e.g. purchase on account).
  • The bank to collect the payment, insofar as the payment is made via direct debit

The legal basis is Art. 6 para. 1 p. 1 lit. b) GDPR. With regard to voluntary data, the legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. a) GDPR.

The compulsory data collected is required for the fulfilment of the contract with the user (for the purpose of sending the goods and confirming the content of the contract). We therefore use the data to answer your enquiries, to process your order, if necessary to check creditworthiness or to recover a debt and for the purpose of technical administration of the websites. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offences. We may also process the data you provide to inform you about other interesting products from our portfolio or to send you e-mails with technical information.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after the execution of the contract. However, we restrict processing after two years, i.e. your data is only used to comply with legal obligations. If a continuing obligation exists between us and the user, we store the data for the entire duration of the contract and for ten years thereafter (see above). With regard to data provided voluntarily, we will delete the data upon expiry of two years after the execution of the contract, provided that no further contract is concluded with the user during this period; in this case, the data will be deleted upon expiry of two years after the execution of the last contract.

Data protection declaration for the online booking tool DIRS21 of TourOnline AG

Use of the online booking tool DIRS21 of TourOnline AG
Our online presence uses the online booking tool DIRS21 (hereinafter “OBT”) of the company TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany (www.dirs21.de, hereinafter “TOAG”) to enable online bookings of accommodation services and other travel services, as well as to process enquiries. Within the framework of the OBT, TOAG processes the data as the responsible party. The notes and provisions on data protection can be found in TOAG’s data protection declaration for the OBT, which you can call up at any time from the OBT or view at www.dirs21.de/datenschutz.

Contact form and e-mail contact

Our website contains a contact form that can be used to contact us electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored. These data are:

  • Name
  • Phone
  • E-mail
  • Communication

The following data is also stored at the time the message is sent:

  • IP address of the user
  • Date and time of registration

For the processing of the data, your consent is obtained during the submission process and reference is made to this data protection declaration. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data transmitted with the e-mail will be stored. Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to answer your request. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

The legal basis for the processing of data is Art. 6 para. 1 p. lit. a) GDPR if the user has given his or her consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 p. 1 lit. f) GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1S. 1 lit. b) GDPR.

The processing of the personal data from the input mask serves us solely to process the contact. We will of course use the data from your e-mail enquiries exclusively for the purpose for which you provided them when contacting us. In the case of contacting us by e-mail, we also have the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted at the latest when the purpose ceases to apply.

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in effectively processing the enquiries addressed to us.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Processing data (customer and contract data)

We collect, process and use personal data only insofar as they are necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our internet pages (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Newsletter

If you purchase goods or services from us and provide us with your e-mail address, we may subsequently use it to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. The legal basis for sending the newsletter is Article 7 (3) UWG.

The collection of the user’s email address serves to deliver the newsletter. The collection of other personal data in the context of the confirmation process pursuant to para. 2 serves to prevent misuse of the services or the e-mail address used.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user’s email address will be stored as long as you do not revoke receipt of the newsletter.

You can unsubscribe from receiving our emails at any time by clicking on the “Unsubscribe” box in our newsletter unsubscriber or by sending us a text message (email, letter or fax) to the contact details provided in the imprint, indicating that you no longer wish to receive our promotional emails.

Data transmission upon conclusion of a contract for services and digital content

We only transmit personal data to third parties if this is necessary for the processing of the contract, for example to the credit institution commissioned with the processing of payments.

No further transmission of data will take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Links to external websites

This website contains links to external sites. We are responsible for our own content. We have no influence on the contents of external links and are therefore not responsible for them, in particular we do not adopt their contents as our own. If you are directed to an external site, the data protection declaration provided there applies. If you notice any illegal activities or content on this site, you are welcome to point this out to us. In this case we will check the content and react accordingly (notice and take down procedure).

Own services

Applications

We offer you the opportunity to apply to us (e.g. by e-mail, post or via the online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.

Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG-neu and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

Retention period of the data

If we are unable to make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained (retention period) for a maximum of 6 months after completion of the application process in order to be able to trace the details of the application process in the event of discrepancies (Art. 6 (1) lit. f GDPR).

You can object to this storage if there are legitimate interests on your part that outweigh our interests.

After the retention period has expired, the data will be deleted unless there is a legal obligation to retain the data or another legal reason for further storage. If it is evident that it will be necessary to retain your data after the retention period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted once it has become irrelevant. Other statutory retention obligations remain unaffected.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

  • Right to information,
  • Right of rectification
  • Right to restriction of processing,
  • Right to erasure
  • Right to information
  • Right to data portability.
  • Right to object to processing
  • Right to revoke consent under data protection law
  • Right not to apply an automated decision
  • Right to complain to a supervisory authority

Right to information

You may request confirmation from the controller as to whether personal data concerning you are being processed by us. If such processing is taking place, you can request information from the controller at any time and free of charge about the personal data stored about you and about the following information:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data which are processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage duration;
  5. the existence of a right to rectify or erase personal data concerning you, a right to have processing restricted by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. any available information on the origin of the data if the personal data are not collected from the data subject;
  8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.

Right of rectification

You have the right to obtain from the controller the rectification and/or completion without undue delay of any personal data processed concerning you which is inaccurate or incomplete.

Right to restrict processing

Under the following conditions, you may request the controller to immediately restrict the processing of personal data concerning you:

  1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you refuse to erase the personal data and instead request the restriction of the use of the personal data;
  3. the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defence of legal claims, or
  4. if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.

Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to erasure

You may request the controller to delete the personal data concerning you without delay if one of the following reasons applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a GDPR and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  4. The personal data concerning you has been processed unlawfully.
  5. The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  6. The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.

The right to erasure does not exist insofar as the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, where the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  5. for the assertion, exercise or defence of legal claims.

Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification/erasure/restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

  1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
  2. the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In order to assert the right to data portability, the data subject may at any time contact the controller.

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

To exercise the right to object, the data subject may directly contact the controller.

Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can contact the responsible person for this purpose.

Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and the responsible person,
  2. is authorised by legislation of the Union or the Member States to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. is done with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms of, and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise rights concerning automated decisions, he or she may, at any time, contact the controller.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Changes to the privacy policy

We reserve the right to change our privacy practices and this policy to comply with changes in relevant laws or regulations or to better meet your needs. Possible changes to our privacy practices will be posted here accordingly. Please note the current version date of the privacy policy.

STATUS: 02-2023

Home