Company: IPM AG
Street Address: Schiffgraben 42
Postal Code, City, Country: 30175 Hannover, Deutschland
Company Registration/No.: HRB 214332
Executive Board: Prof. Dr. Johannes Walther, Marc Reitemeier, Daniel Wäldchen
Telefone Number: +49 511 47314790
E-Mail Address: firstname.lastname@example.org
Data Protection Officer:
Name: Björn Schwabe
Street Address: Schiffgraben 42
Postal Code, City, Country: 30175 Hannover
Telefone Number: 051147314790
E-Mail Address: email@example.com
1. Basic Information on Data Processing and Legal Regulations
1.2. We refer to Article 4 of the German Datenschutzgrundverordnung (DSGVO) (Data Protection Regulation) for the definition of terms used in this declaration such as "personal data" or their "processing".
1.3. Personal data processed in the context of the IPM online service is user data (e.g., names and addresses of customers), contract data (e.g., use of service, names of administrators, payment information), use data (e.g., visited websites of our online services, interest in our products) and content data (e.g., entries in the contact form).
1.4. The term "user" covers all type of legal or natural persons/data subjects that are affected by data processing. These include our business partners, customers, interested parties and other visitors to our online services. The term user covers all genders.
1.5. We process personal user data only in compliance with the relevant data protection regulations. This means that user data will only be processed after prior written consent of the user in case data processing is required for the provision of our contractual services (e.g. order processing) and online services, or in case it is required by law or to pursue our legitimate interests in analysis, optimization, business operation and online service safety according to Article 6 Paragraph. 1 of DSGVO, in respect of online audience measurement, profiling for advertising and marketing purposes, access data collection and the use of third-party services.
1.6. Written consent to process personal data is compliant with the rules of Art. 6 para 1 lit. a. and Article 7 DSGVO. It is requried in the course of fulfilling our contractural services and specific means according to Art. 6 para 1 lit. b. DSGVO. Processing personal data in the cause of fulfilling our legal obligations/commitments is based on Art. 6 para 1 lit. c. DSGVO, and to protect our legitimate interests according to Art. 6 para 1 lit. f. DSGVO.
2. Security Measures
2.1. We take state of the art organizational, contractual and technical security measures in order to ensure the compliance with data protection regulations, and thus to protect the processed data against accidental or intentional manipulation, loss, destruction or against unauthorized access.
2.2. Our security measures include, in particular, encrypted data transmission between user browser and IPM servers (128-bit SSL encryption). The user can call up and see the corresponding certificates in the browser.
3. Passing on Data to Third Parties and Third Party Providers
3.1. Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if, for example, this is required for contractual purposes according to Art. 6 para. 1 lit. b) DSGVO or legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO for effective business operation.
3.2. In case we use subcontractors to provide our services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant Data Protection Regulations.
3.3. In case contents, tools or other means from other providers (hereinafter referred to as "third party providers") are used in the context of this data protection declaration and their named registered office is in a third country, it is to be assumed that data is transferred to the countries in which the third party providers have their registered office. Third countries are countries in which the DSGVO German Data Protection Regulation is not directly applicable, i.e. countries outside the EU or the European Economic Area. The data transfer to third countries takes place when either an appropriate level of data protection, or user consent or other legal permission is available.
4. Provisision of Contractual Services
4.1. We process user data (e.g., names and addresses), contract data (e.g., services, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. DSGVO.
4.2. During the registration at our online shop, mandatory user information is inquired from the user, and a user account will be created. User accounts are not public and cannot be indexed by search engines. If users wish to have their user account deleted, their data will be deleted with regard to the user account, subject to its legally required storage for business or tax reasons pursuant to Art. 6 para. 1 lit. c DSGVO. It is up to the user to save their data in case they give notice prior to the contract termination. We are entitled to irretrievably delete all user data stored over the term of the contract.
4.3. When registering, re-registering and using our online services, we store the IP address and the time of the respective user action. The data is stored on the basis of our legitimate interests as well as for the user's protection against misuse and other unauthorized use. This data will not be passed on to third parties, unless it is necessary to pursue our claims, or there is a legal obligation according to Art. 6 para. 1 lit. c DSGVO.
4.4. We process use data (e.g., visited websites of our online offerings, interest in our products) and content data (e.g., entries in the contact form or user profile) in a user profile for advertising purposes in order to show the user e.g. product information based on their previously used services.
5. Making Contact
5.1. When contacting us (via contact form or e-mail), the user's details will be processed for processing the contact request and its handling in accordance with Art. 6 para. 1 letter b) DSGVO.
5.2. User information will be stored in our Customer Relation ship Management System ("CRM System") or in comparable request organization tools.
5.3. We use the CRM system "Hubspot" from the provider HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA) to handle our legitimate interests in efficient and fast processing of user enquiries. For this purpose, we concluded a contract with Hubspot consisting of so-called standard contract clauses in which Hubspot undertakes to process user data only in accordance with our instructions and in compliance with the EU data protection regulation. Hubspot is certified under the Privacy Shield Agreement, and thus guarantees to comply with the European General Data Protection Regulation. (https://www.privacyshield.gov/participant?id=a2zt0000000KzX1AAK&status=Active).
6. Comments and Contricutions
6.1. In case users leave comments or other contributions at their contact inquiry, their IP addresses will be stored for 7 days relating to our legitimate interest pursuant to Art. 6 para. 1 letter f. DSGVO
6.2. This is necessary for safety reasons, in case someone sends illegal comments or contributions (insults, forbidden political propaganda, etc.). In this case, the IPM would be prosecuted for the comment or contribution and is therefore interested in identifying the author.
7. Collection of Access Data and Logfiles
7.1. Because of our legitimate interests pursuant to Art. 6 para. 1 letter f. DSGVO, we store data from each single access to the server which provides the service, on so-called server log files. Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the provider requesting the service.
7.2. Logfile information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and gets then deleted. Data which further storage is necessary for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified
8. Cookies & Audience Measurement
8.1. Cookies are information that is transferred from our web server or third party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information that is stored.
8.2. We use "session cookies" that are only stored for the duration of your current visit (e.g. to enable the storage of your login status or the shopping basket function, and thus the use of our online offering). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and its storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offering and, for example, log out from the site or close your browser.
8.4. In case users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of the IPM online offering.
9. Google Analytics
9.2. Google is certified under the Privacy Shield Agreement, and thereby guarantees to comply with the European Data Protection Regulation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3. Google will use this information on our behalf to evaluate the use of our online offering, to compile reports on the activities within this online offering and to provide us with further services connected with the use of this online offering and the use of the Internet. Pseudonymous user profiles can be created from the processed data.
9.4. We use Google Analytics to display advertisements placed by Google and its partners only to users who have also shown an interest in our online offering, or who have certain characteristics (e.g. interests in certain topics or products that are concluded from the visited web pages). We transmit such data to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences we would also like to ensure that our ads correspond to the potential interest of the users and are not annoying.
9.5. We use Google Analytics only with activated IP anonymization. This means, Google will shorten the IP address of users from Member States of the European Union or other states that the Agreement on the European Economic Area applies to. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and will be shortened there.
9.6. The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie related to the use of the online offering, and prevent Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
9.7. Further information on data use by Google, settings and obt-out options can be found on the Google websites: https://www.google.com/intl/de/policies/privacy/partners („Use of data by Google when using our partners' websites or apps“), http://www.google.com/policies/technologies/ads („Use of data for advertising purposes“), http://www.google.de/settings/ads („Manage data that Google uses to show you advertisements“).
10.1. Based on our legitimate interests (i.e. analysis, optimization and operation of our online offering pursuant to Art. 6 para. 1 lit. f. DSGVO), we use the marketing and re-marketing services ("Google Marketing Services") of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google“).
10.2. Google is certified under the Privacy Shield Agreement, and thereby guarantees to comply with the European Data Protection Regulation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3. The Google Marketing Services allow us to present selected ads on our website in order to show our users only ads that potentially match their interests. When users see, for example, ads for products he or she has been interested in on other websites, this is referred to as "re-marketing". For these purposes, Google directly executes a code to integrate (re)marketing tags (invisible graphics or codes, also known as "web beacons") in our and other websites on which Google Marketing Services are active. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. The web beacons note which websites the user visits, which contents he or she is interested in and which offers he or she has clicked on, also technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offering. The IP address of the user is also recorded, whereby we inform you on behalf of Google Analytics that the IP address is shortened in member states of the European Union, or in other states that signed the European Economic Area Agreement and will only be completely transmitted in exceptional cases to a Google server in the USA and will be shortened there then. The IP address will not be combined with user data of other Google offerings. The above mentioned data may also be linked by Google to data from other sources. If the user then visits other websites, the ads tailored to his or her interests may be displayed.
10.4. User data are processed pseudonymously in wake of the Google Marketing Services. This means that Google does not store and process, for example, the names or e-mail addresses of users, but processes the relevant data cookie related to pseudonymous user profiles. From Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The user data collected by Google Marketing Services is transmitted to Google and stored on Google's servers in the United States.
10.5. We use the online advertising program "Google AdWords" from Google Marketing Services. By using Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be traced through the websites of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and are redirected to a page with a conversion tracking tag. However, customers will not receive any data that personally identifies users.
10.8. We may also use the "Google Optimizer" service. Google Optimizer allows us to track the effects of various changes to a website (e.g. changes to input fields, design, etc.) based on so-called "A/B testing". Cookies are stored on the user's devices for these test purposes. Only pseudonymous user data is processed.
10.9. We may also use „Google Tag Manager“ to integrate and manage Google Analytics and Marketing Services on our website.
10.11. If you wish to obt-out of this interest-based advertising by Google Marketing Services, you can change the setting and choose the opt-out provided by Google: http://www.google.com/ads/preferences.
11. Facebook Social Plugins
11.1. Based on our legitimate interests (i.e. analysis, optimization and operation of our online offering pursuant to Art. 6 para. 1 lit. f. DSGVO), we use Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can display interaction elements or content (e.g. videos, graphics or text) and can be identified by one of the Facebook logos (white "f" on blue tile, the terms "like" or "thumbs up" sign), or are marked with "Facebook Social Plugin". The list and the appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
11.2. Facebook is certified under the Privacy Shield Agreement, and thereby guarantees to comply with the European Data Protection Regulation. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
11.3. In case a user calls up a function of this online offering that contains such a plugin, his or her device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offering. The processed data can be used to create user profiles. We therefore have no influence on the amount of data Facebook collects with the help of this plugin and therefore will inform users according to our level of knowledge.
11.4. By integrating the plugins, Facebook receives information that a user has called up the corresponding page of the online offering. If the user is logged in to Facebook, Facebook can assign the visit to his or her Facebook account. When users interact with the plugins, such as pressing the Like button or posting a comment, the information is sent directly from your device to Facebook and stored there. In case a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.
11.5. The purpose and scope of data collection and further processing and data use by Facebook, as well as the relevant rights and setting options for the protection of the privacy of users, can be found in the Facebook data protection information: https://www.facebook.com/about/privacy/.
11.6. In case the user is a Facebook member and does not want Facebook to collect data about him or her via this online offering and link it to his or her member data stored on Facebook, he or she must log out of Facebook before using our online offering and delete the cookies. The Facebook profile settings allow you to change the settings and opt-out for data use for advertising purposes: https://www.facebook.com/settings?tab=ads or via the US webside http://www.aboutads.info/choices/ or via the EU website http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they apply to all devices, such as desktop computers or mobile devices.
12. Facebook-, Custom Audiences und Facebook-Marketing-Services
12.1. For our legitimate interests in the analysis, optimization and operation of our online offering, we use so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
12.2. Facebook is certified under the Privacy Shield Agreement, thereby providing a guarantee to comply with the European data protection regulation. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
12.3. By applying Facebook pixel, Facebook is able to identify the visitors of our online offering as a target group for advertisements (so-called "Facebook ads"). Accordingly, we use Facebook pixel to post Facebook ads only to Facebook users who have also shown an interest in our online offering, or who have certain features (e.g. interest in certain topics or products that can be inffered from the websites they visited) that we transmit to Facebook (so-called "custom audiences"). We use the Facebook pixel to ensure that our Facebook ads meet the potential user interest and are not a nuisance. The Facebook pixel helps us to understand the effectiveness of Facebook ads for statistical and market research purposes, by showing whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion").
12.4. When you visit our website, Facebook pixel is applied by Facebook and can store a so-called cookie, i.e. a small file, on your device. When you log in to Facebook or visit Facebook already being logged in, your visit to our online offering will be noted in your profile. The collected data about you is anonymous to us, so it does not provide us with any information about the identity of the user. However, Facebook stores and processes the data so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. When we send data to Facebook for matching purposes, it is encrypted locally on the browser and only then send to Facebook via a secure https connection. This is done solely with the purpose of creating a comparison with the data that is equally encrypted by Facebook.
12.5. We use the additional Facebook pixel function "extended matching". This way, data such as telephone numbers, e-mail addresses or Facebook user IDs are transmitted to Facebook (encrypted) to form target groups ("custom audiences" or "look alike audiences"). For further information on "extended matching" see: https://www.facebook.com/business/help/611774685654668).
12.6. Based on our legitimate interests, we use "Custom Audiences from File" process from Facebook, Inc. social network, in which case the email addresses of newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used to determine recipients for our Facebook ads. We want to make sure that the ads are only posted to users who are interested in our information and services.
12.7. Facebook processes the data in accordance with Facebook's Data Policy. Please take a look at usage guidelines on display of Facebook ads in the Facebook's Data Policy: https://www.facebook.com/policy.php. For specific information and details about the Facebook Pixel and how it works, visit the Facebook Help section: https://www.facebook.com/business/help/651294705016616.
12.8. You can object to the collection and use of your data by the Facebook Pixel to display Facebook Ads. To set what types of ads you see within Facebook, you can visit the set up page by Facebook and follow the instructions for use-based advertising settings there: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
12.9. To prevent your data from being collected by Facebook Pixel on our website, please click the following link: Facebook Opt-Out Note: When you click the link, an opt-out cookie is stored on your device. If you delete the cookies in this browser, you must click the link again. The opt-out only applies within the browser you use and only within our web domain on which the link was clicked.
13.1. Herewith, we inform you about the contents of our newsletter as well as the registration, distribution and statistical evaluation procedure and your right of objection. By subscribing to our newsletter, you agree to receive the newsletter and you agree to the described procedure.
13.2. Content of our Newsletters: we send newsletters, e-mails and other electronic notifications containing promotional information ("newsletters") only with the consent of the recipient or a written permission. When the user subscribes to our newsletters, the general contents are specifically described which is decisive for the consent of the users. Our newsletters contain information about our products, offerings, promotions and our company.
13.3. Double opt-in and logging: subscription to our newsletter takes place in a so-called double opt-in procedure. After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody else can log in with another e-mail address. Subscriptions are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of login and confirmation time, as well as the IP address. Changes to your data stored by the service provider are also logged.
13.4. The service provider may use this data in pseudonymous form, i.e. no user assignment, to optimize or improve its services, e.g. for technical optimization of the distribution and presentation, or for statistical purposes in order to determine from which countries the recipients come. The distribution service provider does not use the data of our newsletter recipients to address them themself, or pass them on to third parties. Login data: to subscribe to the newsletter, simply enter your e-mail address. Optionally, we ask you to enter a name in order to address you personally.
13.5. Data collection and analysis for statistical evaluation - newsletters contain a so-called "web-beacon", i.e. a pixel-sized file which is retrieved from the server of the distribution service when the newsletter is opened. When retrieving a newsletter, technical data such as information about your browser and system, as well as your IP address, location and time of retrieval are collected. Based on this technical data services are improved, and target groups and their reading behaviour can more accurately be defined. The statistics also imply whether the newsletter was opened, when it was opened and which links were clicked. This data can technically be assigned to individual newsletter recipients. However, it is not our intention, nor that of the distribution service provider, to observe individual users. The evaluations are used to recognize the reading habits of our users and to adapt our contents, i.e. send different contents according to the interests of our users.
13.6. Employing a distribution service provider, performing statistical evaluations and logging the registration is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. We are interested in employing a user-friendly and secure newsletter system that serves both our business interests and the expectations of users.
13.7. Cancellation/Withdrawal - you can cancel the newsletter at any time, and withdraw your consent. Your consent to their distribution by the service provider and statistical evaluation expire, at the same time. Seperate withdrawal from the distribution of the service provider and from statistical evaluation is not possible. You will find a link to cancel the newsletter at the end of each newsletter. In case users only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted.
14. Services and Contents from Third Parties
14.1. Based on our legitimate interests (i.e. analysis, optimization and operation of our online offering according to Art. 6 para. 1 lit. f. DSGVO), we employ contents and services from third parties such as videos or fonts (hereinafter referred to as "content"). This associates that the third party provider log the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is required to display the contents. We make every effort to send you contents from providers that use the IP address only for content delivery. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to evaluate data such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offering, and may be linked to such information from other sources.
14.2. The following provides an overview of third-party providers and their contents, with links to their data protection declarations, which contain further information on data processing and, already mentioned, possibilities of objection so-called opt-out:
When our customers use the payment services of third parties (e.g. PayPal or direct pay), the terms & conditions and the data protection policy of the third party provider apply, which can be called up on their websites or transaction applications.
External fonts from Google, Inc, https://www.google.com/fonts ("Google Fonts"). The application of Google Fonts takes place via a Google server (usually in the USA). See data protection policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
"Google Maps" service is provided by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. See data protection policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
“You Tube” videos are provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. See data protection policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
Our online services use functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that contains functions of LinkedIn, a connection to LinkedIn's servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the "Recommend button" of LinkedIn and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with your user account. We point out that we as provider of the pages have no knowledge of the content of the transmitted data and their use by LinkedIn. See data protection policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We use social plugins of the social network Pinterest, which is operated by Pinterest Inc. 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest"). When you access a page that contains such a plugin, your browser establishes a direct connection to Pinterest's servers. The plugin transfers protocol data to Pinterest's server in the USA. This log information may include your IP address, the address of the sites you visit, which may also include pinterest features, the type and settings of your browser, the date and time of your request, your use of Pinterest, and cookies. See data protection policy: https://about.pinterest.com/de/privacy-policy.
We use functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Every time, you visit one of our pages that contains functions of Xing, a connection to Xing servers is established. To our knowledge, personal data will not be stored. In particular, no IP addresses are stored or the usage behavior is evaluated. See data protection policy: https://www.xing.com/app/share?op=data_protection.
We use web analysis and optimization with the help of Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. With Hotjar, movements on the websites on which Hotjar is used can be traced (so-called heatmaps). You can see, for example, how far users scroll down and which buttons users click on and how often. Technical data such as selected language, system, screen resolution and browser type are recorded. User profiles may be created, at least temporarily during the visit on our website. Hotjar also makes it possible to get feedback directly from the website users. This provides us with valuable information to make our websites even faster and more customer-friendly. See data protection policy: https://www.hotjar.com/privacy. Opt-Out: https://www.hotjar.com/opt-out.
15. User Rights
15.1. Upon request and free of charge, users have the right to obtain information about the personal data that we have stored about them.
15.2. Users have the right to have inaccurate data corrected, to limit the processing and delete their personal data, if applicable, to assert their rights to data portability and, in the event of the assumption of unlawful data processing, to file a complaint with the competent supervisory authority.
15.3. Users may also revoke their consent, with effect for the future.
16. Deleted Data
16.1. The data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal storage obligations to prevent deletion. If the user's data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.
16.2. In accordance with statutory requirements, the records shall be kept for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).
17. Right of Objection
Users can object to future processing of their personal data in accordance with legal regulations, at any time. The objection can be lodged in particular against processing for direct marketing.
18. Changes to Data Protection Policy
18.1. We reserve the right to change the data protection policy to adapt to changed legal situations or to changes in service and data processing. However, this only applies with regard to the data processing policy. In case user consents are required or the data protection policy contains provisions of the contractual relationship with the users, the changes will only be made with the users' consent.
18.2. Users are asked to regularly check the contents of the data protection policy.