Data Protection Policy
Data Controller within the meaning of data protection legislation
Data Protection Officer
General information about data processing
Automatic data processing when accessing the website www.mds-partner.com
Use of cookies
Processing of personal data via the contact form
Processing personal data acquired by contacting customers/suppliers and by handing over business cards
Processing of personal data via email
Processing of personal data over the telephone
Processing of personal data via fax
Newsletter MailChimp
Processing of personal data in the context of the application process
Rights of data subjects
Data processing by us
When using the website www.mds-partner.com and its functions, making contact with us and submitting a query, you transfer your personal data to us, which we use to process your queries. This data is used by us strictly for this purpose only, within the framework of data protection legislation.
The Data Controller within the meaning of data protection legislation is:
mds - music distribution services GmbH
Carl-Zeiss-Str. 1
55129 Mainz
Deutschland
Phone: +49 6131 505-100
Email: info@mds-partner.com
Represented by: Andrea Neumer, Managing Director
Data Protection Officer:
Legally stipulated Data Protection Officer:
We have appointed a Data Protection Officer for our company.
RDP Röhl Dehm & Partner Rechtsanwälte mbB
Moritzplatz 6
86150 Augsburg
datenschutz@rdp-law.de
General information about data processing
Extent of processing of personal data in general
As a matter of principle, we only process personal data to the extent required in order to provide a properly functioning website and to deliver our content and services.
Legal basis for processing of personal data:
The legal basis for processing personal data is Article 6 (1) a) – f) of the General Data Protection Regulation (GDPR).
If the data subject gives consent, Art. 6 (1) a) GDPR is the legal basis.
Art. 6 (1) b) GDPR is the legal basis for the processing of personal data for the fulfilment of a contract in which the data subject is a contracting party or for the processing procedures for pre-contractual measures.
If processing is required to meet a legal obligation of the data controller, Art. 6 (1) c) GDPR is the legal basis.
If essential interests of the data subject or another natural person make processing necessary, Art. 6 (1) d) GDPR is the legal basis.
If processing is required to carry out a task that is in the public interest or to exercise public authority that has been transferred to the data controller, the legal basis is Art. 6 (1) e) GDPR.
If processing is required to protect a legitimate interest of our company and if the interests, basic freedoms and basic rights of the data subject do not outweigh this, the legal basis is Art. 6 (1) f) GDPR.
Provision of personal data for conclusion of a contract or on the basis of statutory retention obligations
Whenever you make contact with us, we collect personal data. This data is saved by us, partly in accordance with statutory regulations, partly because it is required to conclude a contract. If you wish to conclude a contract with us, you must provide us with your data so that we can deliver/render our services to/for you. We are also under legal retention obligations in respect of tax and commercial law that we must meet. Otherwise we may be unable to provide you with our services.
Before providing your personal data, you are welcome to get in touch with your contact in our company to find out if we require your data to conclude a contract and/or to meet our statutory retention obligations and what the consequences will be if you do not provide us with this data
Data erasure and storage period
We store your personal data as long as is necessary to fulfil the particular purpose or as is prescribed by legal regulations, Art. 6 (1) c) GDPR.
If the purpose of storage of personal data no longer exists, the data shall be erased after 6 months or its processing shall be restricted, unless there is still a need for further storage of the data to conclude or fulfil a contract. Storage beyond this shall take place only if European or national legislation dictates.
SSL and TLS encryption
For security purposes and to protect your confidential data, we use SSL and TLS encryption throughout our website. As a result of this encryption, confidential data that you send to us, such as queries or orders, cannot be seen by third parties. You can recognise an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and a green padlock symbol appears on the address bar.
Automatic data processing when accessing the website www.mds-partner.com
IP address
1. Description and extent of data processing
When this site is accessed, requests are sent to the server that must receive a response. Your IP address must be collected and processed so that the corresponding server requests can be answered.
2. Legal basis for data processing
The legal basis for the processing of this data is Art. 6 (1) f) GDPR.
3. Purpose of data processing
The purpose of processing your IP address is to ensure functioning of the website and provide technical access to it.
4. Legitimate interest
The legitimate interest in the temporary storage of your IP address lies in the fact that the functioning of and provision of technical access to the website is not possible without it.
5. Storage period
The data will be deleted as soon as further storage is no longer required to achieve the particular purpose. When recording data to make the website accessible, this is the case when the retrieval process is complete.
6. Recipients of personal data
The IP address is processed by the following hosting provider on the basis of an order data processing agreement in accordance with Art. 28 (2) and (4) GDPR:
juni.com GmbH
Niddastraße 74
60329 Frankfurt, Germany
Hosting
1. Description and extent of data processing
We use the services of our hosting service provider for the technical implementation of the website, to make it accessible, and to carry out technical maintenance.
This comprises the provision of storage and database services and the maintenance and servicing of these.
2. Legal basis for data processing
The legal basis for the processing of this data is Art. 6 (1) f) GDPR.
3. Purpose of data processing
The purpose of processing is the implementation of the online service and the detection of malfunctions or any attempted unauthorized access.
4. Legitimate interest
The legitimate interest in commissioning the hosting service provider is to have external technical competence and the provision of a functioning and uncompromised technical website environment.
5. Recipients of personal data and data categories:
The following hosting provider is commissioned to work on our behalf on the basis of an order data processing agreement in accordance with Art. 28 (2) and (4) GDPR:
juni.com GmbH
Niddastraße 74
60329 Frankfurt, Germany
The data categories concerned are:
- User data
- Communication data
- Contact details
- Contract data
Server-Log-Files
1. Description and extent of data processing
The IP addresses recorded when accessing this site are also stored in so-called server log files to identify and allow rectification of technical faults, attempted manipulation, and/or unauthorised access to the server structure.
The hosting provider for this website also automatically collects, stores and processes information in so-called server log files, which is transferred automatically by your browser.
This information is:
- Browsertyp und Browserversion
- used operating system
- IP
- Date
- Time
- Pages accessed
- Logs
- Status code
- Referrer
- User agent
- Referrer URL
However, this information is not combined with any other data sources.
2. Legal basis for data processing
The legal basis for the processing of this data is Art. 6 (1) f) GDPR.
3. Purpose of data processing
The purpose of processing your IP address and the above information is detecting malfunctions and any attempts at unauthorised access.
4. Legitimate interest
The legitimate interest in processing the IP address and the aforementioned information is the provision of a functioning and uncompromised technical website environment.
5. Storage period
The data is erased within 7 days.
6. Recipients of personal data
The IP address and the information specified above is processed by the following hosting provider on the basis of an order data processing agreement in accordance with Art. 28 (2) and (4) GDPR:
juni.com GmbH
Niddastraße 74
60329 Frankfurt, Germany
Use of cookies
1. Description and extent of data processing
The site www.mds-partner.com uses so-called “cookies”. Cookies are text files that are stored in the memory and/or on a data storage carrier of the device you use to visit the site and are processed by your web browser in accordance with its settings. We use a cookie when you log in to your customer account to determine whether you have registered. We also use a shopping basket cookie to identify and process the products that you have placed in your shopping basket in the context of the ordering process.
Following Cookies are used for the control of templates und shop language:
- active_store
- frontend
- frontend_cid
2. Legal basis for data processing
The legal basis for such processing is Art. 6 (1) b) and Art. 6 (1) f) GDPR.
3. Purpose of data processing
These cookies contain technical information for the provision of website functions concerning ordering procedures and customer accounts processes. This facilitates technical implementation of the purchasing and customer account processes.
4. Legitimate interest pursuant to Art. 6 (1) f) GDPR
Our legitimate interest lies in the provision of a technical environment which presents an online purchasing process for our customers and users. The cookies used only contain technical data and product information, which provide a technical representation of the completion of an online purchase by our customers at the initiative of our customers.
5. Storage period and rejection and removal options
The cookies used on the site are so-called “session cookies”.They are automatically deleted from the browser cache/memory of your computer at the end of your visit to our website and/or when you close your browser, provided that you have activated this function in your browser.
Please check the settings of your internet browser (e.g. Firefox, Internet Explorer, Edge, Chrome, Opera, Safari) in regards to this. You internet browser also gives you the option to control how you handle cookies or to deactivate them completely.
Cookies that have already been saved can be deleted at any time. This can also take place automatically. If cookies are deactivated for our website, it may be the case that it is not possible to use all of the functions of the website to the fullest extent possible.
Processing of personal data via the contact form
1. Description and extent of data processing
A contact form is provided on our website which is used only for electronic contact. We process your personal data only to the extent that you communicate it to us when you make contact.
When queries are submitted via the contact form, the following data is processed:
- Name*
- Email address*
- Telephone
- Comment*
The fields marked with an asterisks “*” symbol are obligatory and queries cannot be sent to us using this form unless they are completed.
Please enter your telephone number only if you want us to contact you by telephone.
Providing your name allows us to address you in person when we process your query.
Simply entering the data on the form does not communicate any data to us, as this happens only when you press the blue “Submit” button.
When the message is submitted, the following data is also processed:
- Date and time of the query
2. Legal basis for data processing
The legal basis for the processing of personal data for handling and responding to your queries is Art. 6 (1) f) GDPR.
The legal basis for the processing of personal data for the preparation and/or implementation a contractual relationship is Art. 6 (1) b) GDPR.
3. Purpose of data processing
Processing of personal data via the contact form is used solely for the purpose of making contact and allows the customer to request information from the company at the initiative of the customer. Depending on the intention and content of your query, the purpose may also be the initiation and/or execution of a contractual relationship.
4. Legitimate interest
The legitimate interest in data processing lies in the option to process your query and respond to your query appropriately. The data collected is processed on the basis of a query from you. This processing is also in your interest, so that we can respond to your query in accordance with your expectations.
5. Storage period
The data is erased within 6 months of the point at which it is no longer required to achieve the purpose for which it was collected, provided that it is not subject to further statutory retention obligations (e.g. 10 years under the German Tax Code, 6 years under the Commercial Code). This is the case for the data that you enter in the contact form if the conversation with the user has ended.
The conversation is ended when circumstances indicate that the issue in question has been resolved definitively.
Processing personal data acquired by contacting customers and suppliers and by handing over business cards
1. Description and extent of data processing
We process data that we receive from relevant contact persons and employees during our initial business contact, when handing over business cards and during our business relationship.
Mostly it is personal data of the in-house point of contact provided by our customers.
We process the personal data given on the business card with a view to possibly making subsequent contact, or to potentially update the data in our Outlook address book and our CRM tool in order to keep an overview of customer service, to improve our services and to maintain contractual relationship.
This personal data could be:
- First and last name
- Company name
- Company address
- Email address
- Telephone number, fax number, mobil number
- Position
2. Legal basis for and legitimate interest in data processing
If the establishment of contact is based on pre-contractual measures or aims at the conclusion of a contract, Article 6 (1) (b) GDPR is the additional legal basis for the processing.
The legal basis for the processing of data provided in the context of the collection and storage of data of employees as business contacts is Article 6 (1) (f) GDPR.
This legitimate interest arises from the fact that the personal data was handed over to us for maintaining contacts and for making future contact. Moreover, the processing of a contact person’s data is necessary to maintain a business relationship.
3. Purpose of data processing
The personal data will only be processed for the purpose the data was transferred to us (by handing over a business card or naming the relevant contact person etc.)
The processing of business contact data may be used for one or more of the following purposes:
- Handing over a business card to set the stage for future contact opportunities to discuss common business interests.
- Following up on a potential prospect or contact
- Initiating and realising business relationships with prospective customers and suppliers.
- A person named as point of contact for the implementation of contractual activities.
- Sending information about our services, business updates and invitations to events.
The necessary legitimate interest in the processing of the data is related to the aforementioned purposes.
4. Storage period
The data is erased within 6 months of the point at which it is no longer required to achieve the purpose for which it was collected, provided that it is not subject to further statutory retention obligations (e.g. 10 years under the German Tax Code, 6 years under the Commercial Code).
5. Categories of recipients of personal data
We use the following service providers for hosting our IT infrastructure, troubleshooting, and support services, and which may consequently also have access to your personal data.
IT service provider:
vertical GmbH
Otto-Volger-Straße 3 – 5 a/b
65843 Sulzbach Ts.
CRM support service providers:
GEDYS IntraWare GmbH
Brückenmühle 93
36100 Petersberg
Bechtle AG
Bechtle Platz 1
74172 Neckarsulm
The Information specified above is processed by the aforementioned providers on the basis of an order data processing agreement in accordance with Art. 28 (2) and (4) GDPR.
6. Transfer of personal data to third countries
The transfer of personal data to countries outside the EU or EEA (third countries) or to an international organisation is not planned.
Processing of personal data via email
1. Description and extent of data processing
Personal data is processed for queries submitted by email in accordance with the content of the email:
In all cases, this includes your email address, the date and time and the content of the message. Depending on the content of your email, the following personal data may also be processed, for example:
- First name, surname
- Telephone number
The data is used exclusively to process the conversation and/or to implement and/or initiate a contrac-tual relationship.
2. Legal basis for data processing
Due to the explicit query coming from the user by email, the legal basis for the processing of this data is Art. 6 (1) f) GDPR. If the aim of the email contact is also to conclude and/or execute a contract, the additional legal basis for processing is Art. 6 (1) b) GDPR.
3. Purpose of data processing
Processing of personal data via email query is used solely for the purpose of making contact and allows the customer to request information from the company at the initiative of the customer.
Depending on the intention and content of your query, the purpose may also be the initiation and/or execution of a contractual relationship.
4. Legitimate interest
The legitimate interest in data processing lies in the option to process your query and respond to your query appropriately. The data collected is processed on the basis of a query from you. This processing is also in your interest, so that we can respond to your query in accordance with your expectations.
5. Storage period
The data is erased within 6 months of the point at which it is no longer required to achieve the purpose for which it was collected, provided that it is not subject to further statutory retention obligations (e.g. 10 years under the German Tax Code, 6 years under the Commercial Code). This is the case for your email when the conversation with the user has ended. The conversation is ended when circumstances indicate that the issue in question has been resolved definitively.
Processing of personal data over the telephone
1. Description and extent of data processing
Personal data is processed for telephone queries in accordance with the content of the conversation. Depending on the information you provide in the course of the phone call, this may include:
- First name, surname
- Telephone number
- Customer number
- Payment data
- Contract data
The data is used exclusively to process the conversation and/or to implement and/or initiate a contractual relationship.
2. Legal basis for data processing
Due to the explicit query coming from the user via telephone, the legal basis for processing of this data is Art. 6 (1) f) GDPR. If the aim of the telephone contact is also to conclude and/or execute a contract, the additional legal basis for processing is Art. 6 (1) b) GDPR.
3. Purpose of data processing
The processing of personal data through the telephone call is solely done for the purpose of making contact and allows the customer to request information from the company at the initiative of the customer.
Depending on the intention and content of your query, the purpose may also be to initiate and/or execute a contractual relationship and to maintain and support the customer relationship.
4. Legitimate interest
The legitimate interest in data processing lies in the option to process your query and respond to your query appropriately. The data collected is processed on the basis of a query that comes from you. This processing is also in your interest, so that we can respond to your query in accordance with your expectations.
5. Storage period
The data is erased within 6 months of the point at which it is no longer required to achieve the purpose for which it was collected, provided that it is not subject to further statutory retention obligations (e.g. 10 years under the German Tax Code, 6 years under the Commercial Code). This is the case for your email when the conversation with the user has ended. The conversation is ended when circumstances indicate that the issue in question has been resolved definitively.
Processing of personal data via Fax
1. Description and extent of data processing
Personal data is processed for queries submitted by email in accordance with the content of the email:
In all cases, this includes your email address, the date and time and the content of the message. Depending on the content of your email, the following personal data may also be processed, for example:
- First name, surname
- Telephone number
- Customer number
- Payment data
- Contract data
The data is used exclusively to process the conversation and/or to implement and/or initiate a contrac-tual relationship.
2. Legal basis for data processing
Due to the explicit query coming from the user by fax, the legal basis for the processing of this data is Art. 6 (1) f) GDPR.
If the aim of the email contact is also to conclude and/or execute a contract, the additional legal basis for processing is Art. 6 (1) b) GDPR.
3. Purpose of data processing
Processing of personal data via fax query is used solely for the purpose of making contact and allows the customer to request information from the company at the initiative of the customer. Depending on the intention and content of your query, the purpose may also be the initiation and/or execution of a contractual relationship.
4. Legitimate interest
The legitimate interest in data processing lies in the option to process your query and respond to your query appropriately. The data collected is processed on the basis of a query that comes from you. This processing is also in your interest, so that we can respond to your query in accordance with your expectations.
5. Storage period
The data is erased within 6 months of the point at which it is no longer required to achieve the purpose for which it was collected, provided that it is not subject to further statutory retention obligations (e.g. 10 years under the German Tax Code, 6 years under the Commercial Code). This is the case for your fax when the conversation with the user has ended.
The conversation is ended when circumstances indicate that the issue in question has been resolved definitively.
Newsletter MailChimp
1. Description and extent of data processing
We offer a newsletter containing advertising information for our customers and potential customers. Subscription to our newsletter service uses the double opt-in procedure to verify your registration.
You register using the newsletter form and, once you have pressed the Register button, you are sent a link via email which you can click in order to confirm and conclude the newsletter subscription process.
Once you have clicked on this activation link, you will receive regular mailshots with the content described in detail when you subscribe to the newsletter. This subscription process is also the process for obtaining your consent to receive the newsletter under competition law within the meaning of the German Unfair Competition Act.
You can revoke this consent under competition law at any time with effect from that point forward by clicking on the cancellation link included in every newsletter.
Our newsletter provides information about our offers, services and us.
We log/record your subscription to our newsletter so that we can provide evidence of the subscription in accordance with applicable statutory provisions. In this process, the registration and confirmation times and your IP address are saved.
At the same time, your data is also logged and saved by our delivery service provider.
It is sufficient to provide your email address on the registration form to subscribe to our newsletter. However, we request that you provide your name as an option so that we can address you personally in the newsletter.
The data you provide when subscribing is processed in our CRM system for legally compliant manage-ment of your consent.
2. Legal basis for data processing
Legal basis for the processing of this personal data for the sending of the newsletter is Art. 6 (1) f) GDPR.
The legal basis for the processing and logging/recording of the subscription process is Art. 6 (1) f) GDPR.
3. Purpose of data processing
Data processing is solely done for the purpose of sending out our newsletter and your legally compliant subscription to it.
4. Legitimate interest
Our legitimate interest lies in contacting you in a customer-friendly and user-friendly way for the purposes of direct advertising (Recital 47 to the GDPR) as well as for logging/recording the subscription process in a legally compliant manner.
5. Storage period
The data you provide when subscribing to the newsletter is erased by us at the latest 6 months from your cancellation of the newsletter.
6. Recipients of personal data
Our newsletter is created using MailChimp from the delivery service provider The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 3030.
Our delivery service provider will not use your data to write to you directly. Our delivery service provider is commissioned to work on our behalf based on a data processing agreement.
Processing of personal data in the context of the application process
1. Description and extent of data processing
We provide regular information about job vacancies in job advertisements and on our website. You have the opportunity to apply for such vacancies. You can send your application data to us by post or by email.
Data that you send to us as part of the application process may include:
- Name, address and contact details
- Curriculum vitae including further details
- Personal letter
- Qualifications
- Interests
If you send your data to us by email, we will also process your email address, the date and time and the content of the message. Depending on the content of your email, the following personal data may also be processed, for example:
- First name, surname
- Telephone number
The data is used exclusively in the context of the application process to take a decision about filling the post.
2. Legal basis for data processing
The legal basis for processing data in the context of the application process is Art. 6 (1) b) GDPR and Section 26 (1) of the German Federal Data Protection Act (BDSG).
If, in the course of the application process, you provide us with special categories of personal data, such as information about an existing serious disability or about your health, which is required to assess your suitability for a specific job, processing of the data communicated to us at your initiative is done in accordance with Art. 9 (2) b), h) GDPR, Section 26 (3) BDSG.
3. Purpose of data processing
The processing or personal data in the course of the application process is solely done for the purpose of personnel planning and establishing employment relationships.
4. Legitimate interest
The legitimate interest in processing the data lies in the need to fill vacancies with qualified applicants as part of sustainable personnel planning and company management.
5. Dauer der Speicherung
Die Daten bei Ablehnung einer Bewerbung werden innerhalb von 6 Monaten nach Absage gelöscht. Daten erfolgreicher Bewerbungen unterliegen den Aufbewahrungspflichten, die sich aus den arbeits-rechtlichen und sozialrechtlichen Vorschriften, der AO und dem HGB ergeben.
Rights of data subjects
If your personal data is processed, you are the data subject within the meaning of the General Data Protection Regulation. You therefore have the following rights in respect of the data controller.
In order to exercise your rights as the data subject in respect of us as the data controller, please contact us at the following email address: datenschutz@rdp-law.de
1. Right to information - Art. 15 GDPR
You have the right to request confirmation from the data controller as to whether your personal data is being processed or not.
If such processing is being carried out, you have the right to information about this personal data and about the following:
- the purposes for which the personal data is being processed;
- the categories of personal data that are being processed;
- the recipients or the categories of recipients to whom the personal data has been disclosed or is still being disclosed;
- if possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for establishing the period of storage;
- the existence of a right to correction or erasure of the personal data relating to you, a right to restriction of the processing by the data controller or a right to object to such processing;
- the existence of a right of complaint to a supervisory authority;
- all available information about the origin of the data if the personal data was not collected from the data subject;
- the existence of an automated decision-making process including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, the scope and the intended effects of processing of this sort for the data subject.
You also have the right to demand information about whether the personal data about you is being transferred to a third country or an international organisation. Here, you can also demand information about the appropriate guarantees pursuant to Art. 46 GDPR in connection with such transfer.
2. Right to correction – Art. 16 GDPR
You have the right, vis-a-vis the data controller, to immediate correction and/or completion of the data about you, insofar as the personal data is incorrect or incomplete.
3. Right to erasure – Art. 17 GDPR
Erasure obligation:
You have the right to demand immediate erasure of your personal data, provided that one of the follow-ing grounds applies:
- the personal data about you is no longer required for the purposes for which it was collected or processed in another way;
- you have withdrawn your consent on which processing was based pursuant to Art. 6 1 a) or Art. 9 (2) a) GDPR and there is no other legal basis for processing;
- you have objected to processing pursuant to Art. 21 (1) and there are no legitimate, precedent reasons for processing, or you have objected to processing pursuant to Art. 21 (2) GDPR;
- the personal data about you has been processed illegally;
- erasure of the personal data about you is required to fulfil a legal obligation under EU law or the law of the Member States to which the data controller is subject;
- the personal data about you has been collected in relation to the information society services offered pursuant to Art. 8 (1) GDPR.
Exceptions:
A right to erasure does not exist if processing is required:
- to exercise the right to free speech and freedom of information;
- to fulfil a legal obligation that requires processing under EU law or the law of the Member States to which the data controller is subject or to carry out a task that is in the public interest or to exercise public authority that has been transferred to the data controller;
- for reasons of public interest in the area of public health pursuant to Art.9 (2) let. 5 h/ i and Art.9 (3);
- for archiving purposes, historical research purposes or statistical purposes that are in the pubic interest pursuant to Art. 89 (1) GDPR,
- insofar as the right specified in section a) is likely to make achievement of the objectives of this processing impossible or will seriously hinder it, or
- to assert, exercise or defend against legal claims
4. Right to restrict processing – Art. 18 GDPR
You have the right to demand that the processing of the personal data about you be restricted in accor-dance with the following conditions
- if you have contested the accuracy of the personal data about you for a period that allows the data controller to verify the accuracy of the personal data;
- if processing is illegal and you decline to have your personal data erased and instead demand restriction of the use of the personal data;
- if the data controller no longer requires the personal data for purposes of processing but still requires it to assert, exercise or defend against legal claims, or
- if you have objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.
If processing of the personal data about you has been restricted, with the exception of storage, this data may be processed only with your consent or to assert, exercise or defend against legal claims or to protect the rights of another natural or legal person or for reasons of significant public interest in the EU or a Member State.
If processing has been restricted on the basis of the conditions described, you shall be notified by the data controller before the restriction is lifted.
5. Right to notification – Art. 19 GDPR
If you have exercised one of your rights to correction, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data about you has been disclosed of the correction or erasure of the data or restriction of processing, unless this proves to be impossible or is associated with a disproportionate amount of work. You also have the right to be informed of those recipients.
6. Right to data transferability – Art. 20 GDPR
You have the right to receive the personal data about you that you provided to the data controller in a structured and standard format that can be read by a computer. You also have the right to communicate this data to another data controller without hindrance by the data controller to whom the personal data was provided, if
- processing is based on consent pursuant to Art. 6 (1) a) GDPR or Art. 9 (2) a) GDPR or is based on a contract pursuant to Art. 6 (1) b) GDPR and
- processing is carried out with the aid of an automated process.
In exercising this right to data transferability, you also have the right to have your personal data trans-ferred directly from one data controller to another data controller, insofar as this is technically feasible.
7. Right to object - Art. 21 GDPR
You have the right for reasons resulting from your specific situation to object, at any time, to the processing of personal data about you that is/was carried out on the basis of Art. 6 (1) e) or f) GDPR; this also applies to profiling based on these provisions.
The data controller shall stop processing the personal data about you unless the data controller can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise of defend against legal claims.
If personal data is processed for the purposes of direct advertising, you have the right to object to the processing of personal data about you for the purposes of such advertising at any time; this also applies to profiling, insofar as it is connected with such direct advertising.
If you object to processing for purposes of direct advertising, the personal data about you shall no longer be processed for those purposes.
Notwithstanding Directive 2002/58/EC, you have the option, in connection with the use of services of the information company, to exercise your right to object by means of automated processes in which technical specifications are used.
8. Right to withdraw a declaration of consent under data protection legislation
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing that was already carried out on the basis of your consent up to the point at which you withdraw it.
9. Right to complain to a supervisory authority – Art. 77 GDPR
Irrespective of any other legal remedies under administrative law or in court, you have the right to complain to a supervisory authority, in particular in the Member State of your normal place of residence, your place of work or the location of the alleged breach, if you believe that the processing of the personal data about you breaches the General Data Protection Regulation.
The supervisory authority to whom you submit your complaint shall notify you, as the complainant, of the status and outcome of the complaint, including the option to seek legal remedy in court pursuant to Art. 78 GDPR.
This data protection policy will be updated at regular intervals.
August 2020