Privacy Statement

Note: We have changed everything in our group of companies to red and renamed antwerpes healthy media to DocCheck planning. You will therefore find us and the media services you are familiar with on this website with immediate effect under the company name stated in the imprint.

doccheck planning gmbh, Vogelsanger Str. 66, 50823 Cologne, Germany, (hereinafter referred to as “we”) takes the protection of your personal data (hereinafter also referred to as “data”) very seriously. With the following data protection information, we would therefore like to inform you about the manner and scope of data processing (collection, processing and use) on our website with the domain

and when using our services offered there (hereinafter collectively referred to as “our services”).

Name and address of the data controller

The data controller in the context of the General Data Protection Regulation (GDPR) and other data protection laws and regulations is:

doccheck planning gmbh

Vogelsanger Str. 66
50823 Cologne
Germany
Tel.: 0221-92053-300
E-Mail: planning@doccheck.com

The legal representatives of DocCheck planning gmbh are the managing directors:
Thilo Kölzer
Christiane Schrix

Name and address of the data protection officer

The data protection officer of DocCheck planning  gmbh is:

Tim Halver

Vogelsanger Str. 66
50823 Cologne
Germany
Tel.: 0221-92053-300
E-Mail: datenschutz@doccheck.com

If you have any questions regarding data protection, you can contact our data protection officer directly.

1. What are personal data?

The subject of data protection is personal data. Personal data means all information relating to an identified or identifiable natural person (“data subject”) (Article 4 (1) GDPR). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In addition, special personal data are included in the scope of data protection. These concern data on racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data uniquely identifying a natural person, health data or data concerning a natural person's sex life or sexual orientation (Article 9 (1) GDPR).

Health data are in turn personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about their health status (Article 4 (15) GDPR).

2. How are these data collected and processed?

The collection, processing and storage of data when using our services may take place in various ways. It can take place directly on our systems, by a company commissioned by us and bound by instructions or also by third parties (see Section 3 ff.). Techniques such as cookies or HTML5 web storage are an important tool for data processing in the online environment, which can cache or retrieve information on your end device. We would therefore like to explain these techniques to you:

2.1. Cookies and HTML5 web storage

Cookies and HTML5 web storage techniques are small text files that are stored on your end device. Cookies and HTML5 web storage are used to store various pieces of information beyond the current session, i.e. independently of closing the window or leaving the website. When you return to the website, your browser can access the information stored on your device and forward it to the website server. The information can be read by the operator of the website at a later date.

There are different application areas for cookies and HTML5 web storage techniques:

2.1.1. Session cookies and session storage

On the one hand, cookies and web storage are used to temporarily store information that contains, for example, login information or settings for a user as well as any entries that have already been made or identifiers (hereinafter referred to as “session objects”).

Such session objects therefore contain data such as a unique identification number (“session ID” as a pseudonym), with which various requests from your browser can be assigned to the common session and your end device can be recognised on various sub-pages of the website. This assignment can also be made if you return to the website during an ongoing Internet session, e.g. after accessing another website in the meantime.

Setting session objects is necessary, on the one hand, in order to not lose entries that you have already made in the related input screens and to enable restoration of your entries in the event of a malfunction (e.g. brief disconnection from the website while calling up a subsequent input screen), as well as the correction of the entries already made even when using the “Back” button in your browser. On the other hand, session objects may also be required to provide various other functions, such as a login function in the context of a user system. In this respect, their use complies with the recognised technical and organisational measures for preventing unintentional access to your data by third parties.

Due to the possibility of assigning different requests from your browser to a common session, session objects can in principle also be used to record your usage behaviour on a website or to deliver advertising to you in accordance with the intended purpose and to ensure that you do not, for example, click on advertising banners with fraudulent intent multiple times.

2.1.2. Preference cookies and local storage

Cookies and web storage techniques are also used to store your preferred settings on a website and to help you find the information you want about the services offered (hereinafter referred to as “preference objects”). Without the use of such preference objects, some functionalities could not be offered at all or only with significant restrictions.

Unlike session objects, preference objects of this type do not make it possible to assign different browser requests to a common session. In particular, if you return to the website at a later date, they cannot identify you again as they only contain setting parameters.

2.2. Use of session and preference objects when using our services

Session and preference objects can therefore serve a wide range of purposes. We explain why we use which types of technique under the individual processing purposes in Section 3. There we inform you if session or preference objects are used for the respective processing purpose.

2.3. Disabling and deleting cookies and web storage objects

In most Internet browsers, you will find information under the “Help” menu item on how to prevent cookies and web storage objects from being permitted by technical means and which setting in your browser informs you about the placement of a new cookie or web storage object. Please note that some functions of our website may no longer be available if cookies and web storage objects are disabled.

3. What data do we collect, for what purpose do we collect these data and what happens to your data?

3.1. Hosting

This website is hosted on servers operated by DocCheck AG, Vogelsanger Straße 66, 50823 Cologne, Germany.

The hosting services we use are for the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this website.

In doing so, our hosting provider processes inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this website based on our legitimate interests in an efficient and secure provision of this website pursuant to Article 6 (1)(f) GDPR. We have concluded a data processing contract with DocCheck AG in accordance with Article 28 GDPR.

3.2. Data that we process when you visit our website

When you visit our website, the following data are always collected and processed, even if you simply visit our website without logging in or using our individual services, without drawing any conclusions about your person:

Directly by us:

  • The website you previously visited (known as the referrer URL)
  • The individual pages of our website that you visit
  • The date and time of your visit to our website
  • The internet protocol address (IP address) of the accessing device
  • The type of device that you use to access our website (e.g. computer, mobile phone, etc.)
  • The browser and operating system from which you access our website, including the respective version number and the language set there.

Data that we receive from our provider, CANCOM Pironet AG & Co. KG, Obenhauptstraße 12, 22335 Hamburg, Germany:

  • Other similar data and information that serves to avert danger in the event of attacks on our information technology systems.

This information is required to:

  • Correctly deliver the contents of our website
  • Optimise the contents of our website and its advertising, e.g. adapting content for viewing on a mobile device
  • Ensure the long-term functionality of our information technology systems and the technology of our website
  • Provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

After ending the respective Internet session, the data collected are anonymised by us and then evaluated statistically and furthermore with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process. In this regard, the processing of your data is carried out in our legitimate interest and is based on Article 6 (1)(1)(f) GDPR.

3.3. Integration of services and third-party content

We use content or service offerings from third-party providers within our website due to our legitimate interest (i.e. the interest in the analysis, optimisation and economical operation of our website in the context of Article 6 (1)(1)(f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content.

An overview of third-party providers and their content is provided below, along with links to their privacy statements, which contain further information on the processing of data and, in part already mentioned here, options for objection (opt-out):

3.3.1. Google Hosted Libraries

To reduce loading times, various Open Source JavaScript libraries are integrated via Google Hosted Libraries. Google Hosted Libraries is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only referred to as “Google”.

The appropriate libraries are made available by Google and loaded onto our website by a corresponding command so that our website can use the library. Google loads the library via a Content Delivery Network (CDN), i.e. via a network of data centres that distributes the content.

In particular, we use the following libraries provided by Google:

  • jQuery

The libraries are integrated via an interface (“API”) to the Google services. Through the integration of libraries, Google may collect and process information (including personal data). The transmission of information by Google to a server in a third country therefore cannot be excluded.

In some cases, user data are processed on Google servers in the USA. Data transmission to the USA is based on the standard contractual clauses of the EU Commission and we have also concluded a data processing contract with Google.  

In particular, the following personal data are processed by Google Hosted Libraries:

  • Protocol data (in particular the IP address)
  • Location information
  • Unique application numbers
  • Cookies and similar technologies

Data processing, in particular the placement of cookies, takes place based on the consent you have provided in accordance with Article 6 (1)(1)(a) GDPR.

You will find more detailed information on the terms of use of Google Hosted Libraries here as well as some technical information here.

You can also find more detailed information on the collection and usage of data by Google in Google’s Privacy Policy.

3.3.2. Google Fonts

On our website we use “Google Web Fonts”, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only referred to as “Google”.

Google Web Fonts enables us to use external font types, known as Google Fonts. For this purpose, the required Google Font is loaded into the browser cache by your web browser when you access our website. This is required for the browser to display a visually improved presentation of our texts. If your browser does not support this function, a standard font from your computer is used for the display. The integration of these web fonts takes place via a server request, usually a Google server in the USA. In doing so, information about which of our web pages you have visited is transmitted to the server. The IP address of the browser on your end device is also stored by Google.

In some cases, user data are processed on Google servers in the USA. Data transmission to the USA is based on the standard contractual clauses of the EU Commission and we have also concluded a data processing contract with Google.  

We use Google Web Fonts for optimisation purposes, in particular to improve your experience when using our website and to make its design more user-friendly. This also constitutes our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Article 6 (1)(1)(f) GDPR.

You can find more detailed information on the collection and usage of data by Google in Google’s Privacy Policy.

You can find more information on Google Web Fonts here and here.

3.3.3. Google Maps

On our website we use the function for embedding Google Maps from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only referred to as “Google”.

This function enables the visual display of geographical information and interactive maps. In doing so, Google also collects, processes and uses data from website visitors when they access the pages in which Google Maps are integrated.

In some cases, user data are processed on Google servers in the USA. Data transmission to the USA is based on the standard contractual clauses of the EU Commission and we have also concluded a data processing contract with Google.  

Data processing by Google services includes the following data:

  • IP address
  • Device, operating system/browser

Data processing, in particular the placement of cookies, takes place based on the consent you have provided in accordance with Article 6 (1)(1)(a) GDPR.

You can find more detailed information on the collection and usage of data by Google in Google’s Privacy Policy. There you also have the option to change your settings in the privacy centre so that you can manage and protect your data processed by Google.

3.3.4. YouTube

We use YouTube on our website. This is a video portal provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only referred to as “YouTube”.

Data processing by Google services includes the following data:

  • IP address
  • Device, operating system/browser

In some cases, user data are processed on Google servers in the USA. Data transmission to the USA is based on the standard contractual clauses of the EU Commission and we have also concluded a data processing contract with Google.

We use YouTube in connection with the “Privacy-enhanced mode” function to show you videos. The legal basis is Article 6 (1)(f) GDPR. Our legitimate interest is in improving the quality of our website. According to YouTube, the “Privacy-enhanced mode” function only transfers data to the YouTube server when you actually start a video.

Without this “Privacy-enhanced mode”, a connection to the YouTube server in the USA is established as soon as you access one of our web pages on which a YouTube video is embedded.

This connection is necessary to be able to display the respective video on our website via your Internet browser. In doing so, YouTube will record and process at the least your IP address, the date and time and the web page you visited. In addition, a connection to Google's “DoubleClick” advertising network is established.

If you are logged into YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For the purpose of functionality and to analyse user behaviour, YouTube permanently stores cookies on your end device via your Internet browser. If you do not agree to this processing, you have the option to prevent the storage of cookies by setting your Internet browser accordingly.

Further information on the collection and usage of data as well as your rights and protection options in this regard can be found in Google's Privacy Policy.

3.3.5. Cloudflare

We use the Content Delivery Network (CDN) of Cloudflare Inc. (101 Townsend St., San Francisco, CA 94107, USA), hereinafter referred to as “Cloudflare”.

Cloudflare provides a globally distributed Content Delivery Network with DNS. This means that the information transfer between your browser and our website is technically routed via Cloudflare's network. This enables Cloudflare to analyse the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious data traffic from the Internet.

In doing so, Cloudflare may also use necessary cookies or other technologies to identify Internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in the most secure and error-free provision of our website possible as per Article 6 (1)(1)(f) GDPR.

In some cases, user data are processed on Cloudflare servers in the USA. Data transmission to the USA is based on the standard contractual clauses of the EU Commission and we have also concluded a data processing contract with Cloudflare, which ensures that the processing of personal data is subject to a level of security which corresponds to that of the GDPR.

You can find more information on security and data protection at Cloudflare here.

3.3.6. Hubspot

On this website, we use the HubSpot service for various purposes. The provider is HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, hereinafter only referred to as “HubSpot”.

HubSpot is an integrated software solution with which we cover various aspects of our online marketing. These include:

Email marketing, contact management (e.g. user segmentation & CRM) and contact forms.

Our sign-up service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company's services are of interest to you. We use all the information collected exclusively to optimise our marketing measures.

Among other things, HubSpot CRM enables us to manage existing and potential customers as well as customer contacts. With the help of HubSpot CRM, we are able to record, sort and analyse customer interactions via email, social media or phone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With HubSpot CRM, we are also able to record and analyse the user behaviour of our contacts on our website.

The use of HubSpot is based on Article 6 (1)(f) GDPR. We have a legitimate interest in managing and communicating with customers as efficiently as possible. Provided that appropriate consent has been requested, the processing is carried out exclusively based on Article 6 (1)(a) GDPR; consent can be withdrawn at any time.

In the context of processing via HubSpot, data can be transmitted to the USA. Data transmission to the USA is based on the standard contractual clauses of the EU Commission and we have also concluded a data processing contract with HubSpot.

More information on data protection and cookies at HubSpot can be found in HubSpot’s Privacy Policy.

3.3.7. CookieFirst

On our website, we use the CookieFirst Consent Management Tool provided by Digital Data Solutions B.V. (Plantage Middenlaan 42a, 1018 DH, Amsterdam, the Netherlands); hereinafter only referred to as “CookieFirst”.

The tool allows you to give your consent to data processing via the website, in particular the setting of cookies, and to exercise your right to withdraw consent already given. The purpose of data processing is to obtain and document the necessary consent for data processing and thus to comply with legal obligations.

Cookies may be used for this purpose. The following information, among others, may be collected and transmitted to CookieFirst:

  • Uniquely assignable ID
  • Date and time of the consent
  • Opt-in data
  • Opt-out data.

These data will not be passed on to other third parties.

Data processing is carried out for the fulfilment of a legal obligation based on Article 6 (1)(1)(c) GDPR.

You can find more information in CookieFirst’s Privacy Policy.

3.4. Analysis tools

Of course, we aim to design our services to meet your needs and offer you the best possible user experience. For this reason, we continuously check the functionality of our services and correct functions that are identified as faulty or not user-friendly. Another of our aims is knowing whether or to what extent our offerings reach the target group we are addressing. For these purposes, it is necessary to understand where, how and to what extent you use our services.

To obtain this information, we use the reach measurement and usage analysis tools mentioned in this Section (3.4). The legal basis for data processing constitutes a legitimate interest in processing pursuant to Article 6 (1)(f) GDPR. This lies in the needs-based design and ongoing optimisation of our website, as well as in maintaining the functionality of the application and in the reach measurement necessary for media companies to exercise freedom of the press, Article 5 (1) Basic Law for the Federal Republic of Germany (GG).

Details on the specific data processing procedures can be found in the information below.

3.4.1. Google Analytics

For the purpose of needs-based design and ongoing optimisation of our sites, we use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter only referred to as “Google”. In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as

  • Browser type/version
  • Operating system used
  • Referrer URL (the site previously visited)
  • Host name of the accessing computer (IP address)
  • Time of the server request

is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the Internet for the purposes of market research and the design of these web pages in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process these data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an allocation is not possible (IP masking).

In some cases, user data are processed on Google servers in the USA. Data transmission to the USA is based on the standard contractual clauses of the EU Commission and we have also concluded a data processing contract with Google.

You can prevent the installation of cookies by making the appropriate settings in your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of these data by Google by clicking on this link to download and install a browser add-on.

As an alternative to the browser add-on, particularly for browsers on mobile devices, you can prevent collection by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in your browser and only for our website and is stored on your device. If you delete the cookies in your browser, you must set the opt-out cookie again.

The use of Google Analytics and the related data processing, including the use of cookies, is based on your consent and thus on Article 6 (1)(1)(a) GDPR.

For further information on data protection in connection with Google Analytics, please refer to Google Analytics Help or click here.

3.5. Data that we process when you contact us

If you contact us via the contact options offered on the website, in particular the contact form or the email addresses and fax numbers provided, we process, in addition to the date and time of your enquiry, the data that you provide to us voluntarily. This includes your title, your (academic) title, your name, your (mobile) phone number, your email address and other information that you provide voluntarily. We use these data to process your contact request. In this regard, the processing of your data takes place at your request and is based on Article 6 (1)(1)(b) GDPR. With regard to the additional information you have voluntarily provided, data processing is based on your consent and is therefore based on Article 6 (1)(1)(a) GDPR.

When using our contact form, your internet protocol address (IP address) is also stored. This is stored to ensure the provision of our services and to prevent their misuse. If necessary, this makes it possible to clarify criminal offences committed and to enforce the private rights of third parties. In this regard, the storage of your IP address is necessary for our security. As a matter of principle, these data are not passed on to third parties, unless there is a corresponding legal obligation to pass them on or if the passing on of these data serves the purpose of criminal prosecution. The legal basis for the processing of these data is Article 6 (1)(1)(f) GDPR.

If the enquiry is made in connection with the use of our services or within the framework of our contractual relationship, including the initiation thereof, the data transmitted or collected during the enquiry will be stored for the duration of our contractual relationship. Otherwise, the data will only be stored for as long as is necessary to answer your enquiry. However, storage beyond this is possible in the cases mentioned in Section 5.

4. How do we handle your data?

When processing data, it is our aim to always achieve the highest possible level of security within the scope of the respective purpose of use. Although absolute protection cannot be guaranteed, we have taken security precautions to protect your data.

This includes, for example, only ever transmitting your data in encrypted form. For this purpose, we use the SSL (Secure Socket Layer) coding system, which is designed to prevent data streams from being intercepted by third parties and your data from being viewed in plain text. You can identify the use of the SSL coding system by the “https://” in the address bar of your browser and, in common browsers, by the fact that a corresponding lock symbol appears next to the address bar. In this way, you can be sure that your data are transmitted to us securely.

5. For how long do we store your data?

We process and store personal data for the period of time required to achieve the stated purpose (see Section 3).

After the purpose for which the personal data was transmitted to us has been fulfilled or if you wish for your personal data to be deleted, we will delete these data unless we are legally entitled to retain them (e.g. for evidence purposes in the context of the processing of our contractual relationship) or are obliged to do so (e.g. for tax reasons). This storage period may be longer than was necessary for the original purpose (regular storage period). For the storage of billing documents, for example, we are obliged to store these data for a period of 10 years (Section 147 (3) of the German Fiscal Code).

If the original purpose has been fulfilled or has ceased to apply, we will not use the personal data for further processing. We then permanently delete the data when the authorisation no longer applies or the legal retention obligations expire.

6. Do we pass your data on to third parties?

We may arrange for data to be passed on to one or more persons or companies who process the data on our behalf as the data controller for the purposes described above (data processors).

We have currently commissioned the following persons or companies to perform data processing (data processing pursuant to Article 28 GDPR):

  • CANCOM Pironet AG & Co. KG
  • Google Ltd.
  • CloudFlare, Inc
  • DocCheck AG (parent company and hoster)

These data processors process your data with due care. They are subject to our control and are bound by our instructions. This ensures that data processing is always carried out in compliance with your rights, in particular those in accordance with Section 7 below.

Your data will not be passed on for any other purpose.

7. What are your rights?

You have the following rights in relation to the use of your data. You may assert these rights against us as the data controller. You are welcome to contact our data protection officer directly for this purpose.

7.1. Right of access

You have the right to receive information from us free of charge at any time about the personal data stored about you and a copy of this information. You also have the right of access to the following information:

  • The purposes of the processing
  • The categories of personal data processed
  • The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • The right to lodge a complaint with a supervisory authority
  • Where the personal data are not collected from the data subject, any available information as to their source
  • The existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

You also have the right to know whether personal data have been transferred to a third country or to an international organisation. If this is the case, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.

If you would like to make use of this right of access, you can contact our data protection officer or another member of our staff at any time.

Your right of access is based mainly on Article 15 GDPR.

7.2. Right to rectification of incorrect data and completion of incomplete data 

You have the right to request that inaccurate personal data concerning you be corrected without delay. Furthermore, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the processing.

If you wish to exercise your right to rectification, you can contact our data protection officer or another member of our staff at any time.

Your right to rectification of incorrect data and completion of incomplete data is based on Article 16 GDPR.

7.3. Right to erasure (right to be forgotten)

You have the right to request that we delete personal data concerning you without delay, provided that one of the following reasons applies and provided that the processing is not necessary:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing is based according to point (a) of Article 6 (1) GDPR, or point (a) of Article 9 (2) GDPR, and where there is no other legal ground for the processing.
  • You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.
  • The personal data have been unlawfully processed.
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

If one of the above reasons applies and you would like to arrange the deletion of personal data stored by us, you can contact our data protection officer or another member of our staff at any time. Our data protection officer or our staff will arrange for the request for deletion to be complied with without delay.

Your right to data deletion is based on Article 17 GDPR.

7.4. Right to restriction of processing

You have the right to request us to restrict processing if one of the following conditions is met:

  • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
  • The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead.
  • We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
  • You have objected to processing pursuant to Article 21 (1) GDPR pending the verification as to whether the legitimate grounds of our company override your rights.

If one of the above conditions is met and you would like to request the restriction of personal data stored by us, you can contact our data protection officer or another member of our staff at any time. Our data protection officer or another member of staff will arrange for the restriction of processing.

Your right to restriction of processing is based on Article 18 GDPR.

7.5. Right to data portability

You have the right to receive the personal data concerning you, which have been provided to us by you, in a structured, common and machine-readable format. This includes the right to transfer these data to another controller without hindrance from us, provided that (i) the processing is based on consent pursuant to Article 6 (1)(a) GDPR or Article 9 (2)(a) GDPR or on a contract pursuant to Article 6 (1)(b) GDPR and (ii), the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability, you have the right to have the personal data transferred directly from one controller to another controller, insofar as this is technically feasible and provided this does not adversely affect the rights and freedoms of other persons (Article 20 (1) GDPR).

Your right in this regard to data portability is based on Article 20 GDPR.

7.6. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6 (1) GDPR. This includes profiling based on these provisions.

We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing. This includes any profiling of data that is related to direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, you, on grounds relating to your particular situation, have the right to object to processing of your personal data unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, you can contact our data protection officer or another member of our staff directly. You are also free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures in which technical specifications are used.

Your right to object is based on Article 21 GDPR.

7.7. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for the conclusion or performance of a contract between you and us, or is authorised by Union or Member State law to which we are subject, and that law contains adequate measures to safeguard your rights and freedoms as well as legitimate interests, or is based on your explicit consent.

If the decision is necessary for the conclusion or performance of a contract between you and us, or if it is made with your express consent, we will take reasonable steps to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain intervention from a person on behalf of our company, to express your point of view and to contest the decision.

If you wish to exercise your rights with regard to automated decision-making, you can contact our data protection officer or another member of our staff at any time.

These rights are based on Article 22 GDPR.

7.8. Right to withdraw consent under data protection law

You have the right to withdraw consent to the processing of personal data in whole or in part at any time.

The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until withdrawal.

If you wish to exercise your right to withdraw consent, you can contact our data protection officer or another member of our staff at any time. The contact details can be found above this Privacy Statement, just before the summary.

Your right to withdraw consent under data protection law is based on Article 7 (3) GDPR.

7.9. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the supervisory authority. This right is based on Article 56 (2) GDPR.


8. Changes to this Privacy Statement

The use of data collected is always subject to the Privacy Statement that is current at the time the data are collected.

We reserve the right to change the Privacy Statement in order to adapt it to an altered factual and legal situation. In this case, we will publish the new and then current version of this Privacy Statement on our website. We will draw attention to any changes to this Privacy Statement in an appropriate location when the occasion arises. This applies in particular if we intend to use data that have already been collected for purposes other than those for which they were originally collected.

If the use of your personal data is based on your consent, we will only use your data to the extent to which you have consented, irrespective of any changes to this Privacy Statement in the meantime. If necessary, we will ask you for renewed consent in this case in accordance with an intended change in the use of the data.