Your contact, who is the data controller as defined in the European General Data Protection Regulation (“EU GDPR”) and in other domestic data privacy legislation of the member states or any other data privacy law related provisions is:

Heinrich & Coll. Gesellschaft für Personalberatung mbH
Bavariaring 38
80336 München

(hereinafter referred to as “we,” “us” or “our”).

The protection of your personal data is important to us. To underscore this importance, we have commissioned a consulting firm specializing in data protection and security to handle these central matters. Our data protection officer is a member of this highly experienced group of experts.

MAGELLAN Compliance GmbH, Raiffeisenallee 9, 82041 Oberhaching / www.magellan-datenschutz.de

If you have any data protection and data security related questions associated with our company, please contact our data protection officer directly. Email: datenschutz_heinrich_coll@magellan-compliance.de / Phone: +49 (0)89 7411808-0

1. Scope
We generally process your personal data only to the extent necessary for the functional provision of our website, our content and our services.

2. Legal basis
If we have obtained your consent to the processing of your personal data, the legal basis for such processing is Art. 6 Sect. 1 S. 1 lit. a) EU GDPR.

If we process your personal data with the aim of meeting contractual mandates or in conjunction with the negotiation of a contractual relationship, the legal basis for the processing of such data is Art. 6 Sect. 1 S. 1 lit. b) EU GDPR.

If the processing of personal data is necessary in order for us to meet any legal obligations, the legal basis for the processing of such data is Art. 6 Sect. 1 S. 1 lit. c) EU GDPR.

If we process your personal data to protect our or any third party’s legitimate interests, provided your interests or fundamental rights and freedoms do not outweigh the preceding interests, the legal basis for the processing of such data is Art. 6 Sect. 1 S. 1 lit. f) EU GDPR.

3. Retention period
Your personal data will be deleted as soon as the purpose for its retention no longer applies or, if you have a right to revoke your consent, with declaration of your revocation. It is possible that your data will be stored longer if this has been defined in the respective European or domestic legislation, in Union-law provisions, acts or any other provisions we are subject to. In these cases, your personal data shall, however, be blocked.

4. External links
If we provide links to external websites, this Privacy Policy shall not apply to the processing of your personal data by the data controller of the linked website. Hence, we recommend that you review the data privacy policies on external websites you visit. If such a linkage should require a legal basis for the resulting processing of your personal data, it shall be your consent pursuant to Art. 6 Sect. 1 S. 1 lit. a) EU GDPR, which you shall grant by clicking on the respective link.

As a rule, the clicking on any such links (hyperlinks) will result in the processing of your following personal data:

• IP address,
• Screen resolution,
• Deployed browser,
• Bandwidth,
• Language settings.

1. Website functions

a. Provision of the website and generation of logfiles

(1) Description and scope
In the context of providing our website, we process your personal data to ensure the error free presentation of our website on your PC or mobile device. Because of that, we have to store some of your personal data for the duration of your session.

Furthermore, we store your personal data temporarily in logfiles, to guarantee that our website will work properly and the operation of our IT systems is secure. Any other processing of your personal data in logfiles will not occur.

The following personal data will be processed for the provision of the website and for the creation of logfiles:

• IP address,
• Access date,
• Access time,
• If applicable, previously visited website,
• Used browser,
• Used operating system.

(2) Legal basis
Legitimate interest, Art. 6 Sect. 1 S. 1 lit. f) EU GDPR.

(3) Purpose
The purpose of this data processing is to provide the website, ensure its functionality and secure the IT systems used for this purpose.

The purpose simultaneously establishes our legitimate interest.

(4) Retention period
Your personal data will be stored in logfiles for the duration of 30 days. Moreover, your personal data will be stored in conjunction with the provision of the website, but only for the duration of the session.

(5) Objection and removal option
The processing and storage of your personal data in logfiles is absolutely mandatory for the provision of the website, to guarantee its functionality and to guarantee the security of the utilized IT systems. Consequently, you do not have an option to object.

 

b. Technically necessary cookies

(1) Description and scope
When it comes to technically necessary cookies, we process your personal data because many functions and services of our website that facilitate or even enable the use of our website, do not function properly without cookies (“technically necessary cookies”).

Through these technically necessary cookies, we partially store your personal data for the operation of these functions and services. Any other processing of your personal data will not occur.

A list of the technically necessary cookies we use, as well as their purpose, retention period and other information is available in our cookie banner.

The following personal data will be processed in conjunction with the use of technically necessary cookies:

• IP address,
• Language settings of your browser,
• The browser you use,
• Shopping cart information.

(2) Legal basis
Legitimate interest, § 25 Sect. 2 TDDDG (German Telecommunications Digital Services Data Protection Act) in combination with Art. 6 Sect. 1 S. 1 lit. f) EU GDPR.

(3) Purpose
The purpose of this data processing is the provision of the website functions and services.

The purpose simultaneously establishes our legitimate interest.

(4) Retention period
Generally, for the duration of the respective session, unless otherwise specified in the list of the technically necessary cookies we use.

(5) Objection and removal option

Technically necessary cookies will be stored on your PC or mobile device and will be sent by the former to our website. Hence, you are in complete control over the use of technically necessary cookies.

You have the option to deactivate or restrict the transmission of cookies by changing your browser settings. Cookies that have already been stored can be deleted by you at any time. This may also be done automatically. If cookies for our website are deactivated, you may no longer be able to fully use the functions of our website.

 

c. Cookies that are not technically necessary
If cookies that are not technically necessary should be used in conjunction with the use of our functions and services on our website, you will find a list of these cookies, their purpose, retention period and other information in our cookie banner.

 

d. Google Maps

(1) Description and Scope
For the display of maps, we have integrated Google Maps into our website. As a result, we are in a position to show content we would like to present for your use in an attractive, uniform and device independent manner on our website Google Maps is service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

In conjunction with the integration of Google Maps, the following personal data will be processed:

• IP address,
• Screen resolution,
• Language settings,
• Location data.

When you use the Google Maps service, additional personal information may be processed. The respective information is available at:

https://policies.google.com/privacy?hl=de#whycollect

(2) Legal basis
Consent, Art. 6 Sect. 1 S. 1 lit. a) EU GDPR.

(3) Purpose
The purpose of processing your data is the display of map content.

(4) Retention period
We will process your personal data only until you complete your visit to our website (expanded data protection mode). We do not have any control over the deletion of your personal data from by Google Maps. More information is available at:

https://policies.google.com/privacy?hl=de&gl=de#inforetaining

(5) Objection and removal option
You have the option to revoke your consent at any time. You can exercise this revocation option in particular by closing the application and/or by reloading the website.

We do not have any control over the deletion of your personal data from Google Maps. For more information please visit:

https://policies.google.com/privacy?hl=de-DE

 

e. Data processing in conjunction with the job application process for internal vacancies

(1) Description and scope
On our website, we offer visitors the option to submit an application for any vacant positions directly on our website. During the application, personal data you provide to us in conjunction with your application will be processed.

The following data is being processed in conjunction with your job application:

• Title;
• First name;
• Last name;
• Your current position;
• Phone number;
• E-Mail Address;
• Job Title of the advertised vacancy;
• Further personal data that you transmit to us in the free text field.

In addition, we process the personal data of your CV, your cover letter and other personal data uploaded by you.

(2) Legal basis
Consent, Art. 6 Sect. 1 S. 1 lit. a) EU GDPR, Art. 88 Sect. 1 EU GDPR in combination with § 26 Sect. 2 German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG).

Establishment of an employment relationship, Art. 6 Sect. 1 S. 1 lit. b) EU GDPR.

When processing special categories of personal data: Consent, Art.  6 Sect. 1 S. 1 lit. a) EU GDPR Art. 9 Sect. 2 lit. a) EU GDPR.

(3) Purpose
Your personal data is processed for the purpose of conducting the application process with the goal to establish an employment relationship, as well as, fulfilling contractual, legal, where applicable collective agreement, and social security obligations.

(4) Retention period
Your personal data will be deleted or blocked as soon as the purpose for the processing of the data no longer applies. Data may be stored beyond this point, if required by European or national legislators in union regulations, laws, or other provisions to which we are subject. Blocking or deletion of data will also occur if a retention period prescribed by these regulations expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract. 

Therefore we store your data for the following periods:

• Application documents/data: will be stored for up to 6 months after the decision not to fill the position with the applicant, for the purpose of providing evidence in cases of discrimination, in accordance with §§ 21 Sec. 5, 22 German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).
• Other application documents: will be stored upon dissolution or termination of the employment relationship.

(5) Objection and removal option
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. In this case we can no longer consider your application. However, the processing of your personal data is mandatory for the establishment of an employment relationship. Hence you cannot object to such processing of your personal data.

 

f. Data processing in conjunction with the job application process for recruitment vacancies

(1) Description and scope
On our website, we offer visitors the option to submit an application for any vacant positions of our clients directly on our website. During the application, personal data you provide to us in conjunction with your application for recruitment vacancies will be processed.

Your personal data will be processed by us as part of a pre-selection process and will afterwards be transmitted to our clients. The further application process takes place at our clients.

The following data is being processed in conjunction with your job application:

• Title;
• First name;
• Last name;
• Your current position;
• Phone number;
• E-Mail Adress;
• Job Title of the advertised vacancy;
• Further personal data that you transmit to us in the free text field.

In addition, we process the personal data of your CV, your cover letter and other personal data uploaded by you.

(2) Legal basis
Consent, Art. 6 Sect. 1 S. 1 lit. a) EU GDPR

When processing special categories of personal data: Consent, Art. 9 Sect. 2 lit. a) EU GDPR.

Establishment of an employment relationship, Art. 6 Sect. 1 S. 1 lit. b) EU GDPR

(3) Purpose
The purpose of data processing is the completion of the application process and the initiation of an employment relationship between you and our clients.

(4) Retention period
Your personal data will be deleted or blocked as soon as the processing purpose no longer exists.

Your personal data may be archived for an extended period of time if this is mandated by European or German legislation, European Union provisions, laws or other mandates we are subject to.

(5) Objection and removal option
While the application process for recruitment is ongoing, you have the option to revoke your consent at any time. In this case, your personal data will be deleted. However, once it has been deleted, we will no longer be able to consider your application.

In addition, you have the option at any time to object to the processing of your personal data in conjunction with recruitment for the future. In this case, however, we will not be able to place you further. All personal data stored in the course of the recruitment process will be deleted in this case.

 

2. Contact us

a. Contact form and email contact

(1) Description and scope
The following personal data will be processed along with the contact form and any interactions via email:

• First name,
• Last name,
• Email address,
• Content of the message.

(2) Legal basis
Legitimate interest, Art. 6 Sect. 1 S. 1 lit. f) EU GDPR.

(3) Purpose
The data processing purpose is the processing of your inquiry.

(4) Retention period
Your personal data will be stored until the respective purpose no longer exists. As a rule, this will happen as soon as your inquiry is processed, unless longer retention periods are in effect.

(5) Objection and removal option
You may object to the processing of your personal data in conjunction with the initiation of contacts at any time, which will affect any future transactions. However, in this case, we will not be able to continue to process your inquiry. All personal data that has been stored over the course of the initiation of contact will be deleted in this instance, unless the statutory retention periods are in conflict with the deletion of your data. In this case, your personal data will be blocked until the statutory retention periods have expired.

 

3. Marketing

a. Web analysis by Matomo (formerly PIWIK)

(1) Description and scope
In conjunction with our web analysis activities, we use the open-source software tool Matomo (previously named PIWIK) to analyze your browsing patterns. If details of our website are accessed, the following data will be archived:

• Two bytes of the IP address of the accessing system,
• The accessed website,
• The website from which you have been redirected to the accessed website (referrer),
• The sub-pages that are accessed from the accessed website,
• The duration of your visit to the website,
• How frequently you access the website.

During these processes, the software runs exclusively on the servers of our website. Any personal user data is only stored there. The data will not be shared with any third parties.

(2) Legal basis
Legitimate interest, Art. 6 Sect. 1 S. 1 lit. f) EU GDPR.

(3) Purpose
The data processing purpose is the analysis of your browsing patterns. The analysis of the generated data allows us to compile information about the use of the individual components of our website. This ensures that our website and its user-friendliness are continually optimized.

(4) Retention period
The data will be deleted as soon as it is no longer needed for our processing purposes. In our case this will happen after 24 months.

(5) Objection and removal option
You have the option to object to the processing of your personal data in conjunction with web analysis activities at any time, which will affect all future transactions.

You may deactivate or restrict the storage of cookies at any time by changing the settings of your Internet browser. Already archived cookies can be deleted at your discretion. This process may also be automated. If cookies for our website are deactivated, you may no longer be able to make full use of all functions of our website.

To review additional information concerning the processing of your personal data by Matomo, please go to:

https://matomo.org/docs/privacy/

 

4. Data protection and the law

a. Exercising of the rights you have as a data subject pursuant to Art. 12 et seq. EU GDPR

(1) Description and scope
In conjunction with the management of the rights of data subjects, we will process your personal data. To that end, we will process any contact information you have shared in this context only to process and respond to your message and to subsequently document that the processing was in compliance with the applicable laws within the scope of our accountability obligations.

The following personal data will be processed in conjunction with the management of data subject rights:

• First name,
• Last name,
• Postal address,
• Email address,
• Phone number.

(2) Legal basis​​​​​​​
Legal obligation, Art. 6 Sect. 1 S. 1 lit. c) in combination with Art. 12 et seq. EU GDPR.

Legitimate interest in the subsequent documentation, Art. 6 Sect. 1 S. 1 lit. f) EU GDPR.

(3) Purpose
Managing your data subject rights in compliance with the law.

(4) Retention period
Data must be archived for 3 years after the processing of the respective transaction has concluded, § 41 BDSG in combination with § 31 Sect. 2 Nr. 1 OWIG.

(5) Objection and removal option
You have the option to object to the processing of your personal data in conjunction with the management of your data subject rights, which will affect all future transactions. However, in this case we will not be able to further manage your data subject rights.

The documentation of the compliant handling of your rights as the data subject is mandatory. Consequently, you do not have the option to object.

 

b. Legal defense and enforcement of the law

(1) Description and scope​
​​​​​​Your personal data will be processed by us if you file legal claims targeting us or if we file claims and enforce rights targeting you.

​​​​​​​(2) Legal basis​​​​​​​
Legitimate interest, Art. 6 Sect. 1 S. 1 lit. f) EU GDPR.

(3) Purpose​​​​​​​
The data processing purpose is to raise a defense against illegitimate claims and the legal enforcement of claims and rights.

This also constitutes our legitimate interest.

(4) Retention period
Your personal data will be stored until the processing purpose no longer exists. As a rule, this will be the case once the respective ruling becomes legally effective.

(5) Objection and removal option​​​​​​​
​​​​​​​The processing of your personal data within the scope of the legal defense and enforcement of the law is mandatory for us to ensure that we raise a legal defense or can enforce the applicable laws. Hence, you do not have any option to object.

1. LinkedIn Page

a. Description and scope
We will process your personal data in conjunction with the operation of our LinkedIn Page to reach out to and interact with users and visitors of the social network “LinkedIn”. We will also publish information about our company on this channel.

In the event that you directly interact with our LinkedIn Page (e.g., by sending us a message) we will process the data you have shared with us only for the recording and the submission of a response to your enquiries.

Moreover, we can generate statistics on LinkedIn Page visits. This information is compiled by LinkedIn (“Page Insights”) and enables us to approach the marketing of our activities more effectively and in a more targeted manner.

For LinkedIn Page Insights data, we and LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, are jointly responsible for the processing of data. For this purpose, we have executed a contract with LinkedIn Ireland Unlimited Company to define which of the two companies will process which obligations pursuant to the EU GDPR.

The most significant content of this contract can be reviewed at:

https://legal.linkedin.com/pages-joint-controller-addendum

Information on the data LinkedIn uses to conduct usage analyses related to our LinkedIn Page and which information LinkedIn provides for the purpose of data processing linked to the Page Insights function is available here:

https://www.linkedin.com/help/linkedin/answer/a547077/linkedin-page-analytics-overview?lang=de

For more information on the processing of your personal data by LinkedIn Ireland Unlimited Company, please visit:

https://de.linkedin.com/legal/privacy-policy

b. Legal basis
Legitimate interest, Art. 6 Sect. 1 S. 1 lit. f) EU GDPR.

c. Purpose
The data processing purpose is the analysis of our achievements with our LinkedIn Page as well as the organization of our LinkedIn Page with the aim of matching your interests and processing inquiries.

d. Retention period
Information about the retention period of your personal data with LinkedIn Ireland Unlimited Company is available at:

https://www.linkedin.com/legal/privacy-policy

e. Objection and removal option

If you do not want your personal data to be collected in conjunction with the operation of our LinkedIn Page, you have the option to object at any time to the processing of your personal data within the scope of the operation of our LinkedIn Page, which will subsequently apply to all future operations. In this case, we will forward your revocation request to LinkedIn Ireland Unlimited.

Information concerning the processing of your personal data by LinkedIn can be reviewed at:

https://de.linkedin.com/legal/privacy-policy

 

2. Sales of services

a. Description and scope

In conjunction with the sale of services, the following personal data will be processed:

• First name,
• Last name,
• Postal address,
• Email address,
• Phone number,
• Payment information.

We will not process your payment information in conjunction with the initiation of contract negotiations.

b. Legal basis
Fulfillment of a contract, Art. 6 Sect. 1 S. 1 lit. b) EU GDPR.

c. Purpose
The data processing purpose is the initiation of contract negotiations and their fulfillment.

d. Retention period
Your personal data will be archived until the purpose of storing it no longer exists. As a rule, this occurs once the contract has been fulfilled and the subsequent 3 years have been completed, unless longer retention periods are mandated by law. For business communications, this period is 6 years and 10 years for invoices.

e. Objection and removal option
The processing of your personal data in conjunction with the sale of goods and services is mandatory for the fulfillment of pertinent contracts. Consequently, you do not have any option to object.

 

3. Execution of business contracts, performance of contracts and servicing of the existing customer base

a. Description and scope

In conjunction with the execution of business contracts, the performance of contracts and the servicing of the existing customer base, we process the following personal data:

• First name,
• Last name,
• Business email address,
• Business phone number.

b. Legal basis
Fulfillment of the contract, Art. 6 Sect. 1 S. 1 lit. b) EU GDPR.

Legitimate interest, Art. 6 Sect. 1 S. 1 lit. f) EU GDPR.

c. Purpose
The data processing purpose is the execution of a contract and its performance as well as any related existing customer base servicing.

d. Retention period
Your personal data will be archived until the purpose for the former no longer exists. As a rule, this will be the case of the contract the order is based upon has been fulfilled, if all related entitlements have been rendered ineffective by the statute of limitations and if statutory retention periods no longer apply.

The processing of the data of the respective contacts will end at the point in time as of which the contact person is no longer available as a liaison.

e. Objection and removal option
The processing of your personal data is mandatory for the performance of the contract. Consequently, you do not have any objection options.

 

4. Data processing in conjunction with the job application processing

a. Description and scope
In conjunction with the job application process, the following personal data will be processed:

• First Name,
• Last Name,
• Gender,
• Place of birth,
• Date of birth,
• Nationality,
• Marital status (voluntary),
• Photo (voluntary),
• Address,
• Email address,
• Phone number,
• Curriculum vitae,
• Professional background,
• Educational background,
• Qualifications,
• Work-related experiences,
• Skills,
• Languages,
• Certificates,
• References,
• Salary expectations,
• Location preferences,
• Job title,
• Religious affiliation (voluntary),
• Information on disabilities (voonultary),
• Possibly information about ethnic or racial origin (if apparent from your voluntarily submitted documents or pictures).

Additionally, we process any other data you have provided in your application.

b. Legal basis

(1) Personal data
Consent, Art. 6 Sect. 1 S. 1 lit. a) EU GDPR, Art. 88 Sect. 1 EU GDPR in combination with § 26 Sect. 2 2 German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG).

Establishment of an employment relationship, Art. 6 Sect. 1 S. 1 lit. b) EU GDPR.

Fulfillment of a legal obligation, Art. 6 Sec. 1 S. 1 lit. c) EU GDPR.

Legitimate interest, Art. 6 Sect. 1 S. 1 lit. f) EU GDPR.

(2) Special categories of personal data
Consent, Art.  6 Sect. 1 S. 1 lit. a) EU GDPR in combination with Art. 9 Sect. 2 lit. a) EU GDPR.

Fulfillment of legal obligations and exercise of rights of the employer or employee regarding labor laws, social security laws and social protection laws, Art. 6 Sec. 1 S. 1 lit. c) EU GDPR, Art. 9 Sect. 2 lit. b) EU GDPR, Art. 88 Sect. 1 EU GDPR in combination with§ 26 Sec. 3 BDSG.

Assertion, exercise or defense of legal claims or other court related proceedings, Art. 6 Sec. 1 S. 1 lit. f) EU GDPR, Art. 9 Sect. 2 lit. f) EU GDPR.

Health Care, Occupational Medicine or the assessment of the working capacity of applicants, Art. 6 Sec. 1 S. 1 lit. c) EU GDPR, Art. 9 Sect. 2 lit. h) EU GDPR.

c. Purpose
Your personal data is processed for the purpose of conducting the application process with the goal to establish an employment relationship, as well as, fulfilling contractual, legal, where applicable collective agreement, and social security obligations.

d. Retention Period
Your personal data will be deleted or blocked as soon as the purpose for the processing of the data no longer applies. Data may be stored beyond this point, if required by European or national legislators in union regulations, laws, or other provisions to which we are subject. Blocking or deletion of data will also occur if a retention period prescribed by these regulations expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract. 

Therefore we store your data for the following periods:

• Application documents/data: will be stored for up to 6 months after the decision not to fill the position with the applicant, for the purpose of providing evidence in cases of discrimination, in accordance with §§ 21 Sec. 5, 22 German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).
• Other application documents: will be stored upon dissolution or termination of the employment relationship.

e. Objection and removal option
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. In this case we can no longer consider your application. However, the processing of your personal data is mandatory for the establishment of an employment relationship. Hence you cannot object to such processing of your personal data.

Within our company, we will share your personal data with those positions and departments that need them for all the above-mentioned purposes. Additionally, we utilize the services of different providers and therefore transfer your personal data to these trustworthy recipients. These may, for instance, include the following:

• Works council,
• Data protection officer,
• Representative for severely disabled wmployees,
• Equal opportunities officer,
• Employment agency,
• Integration office in the case of a severe disability,
• Printing companies,
• Lettershops,
• Scanning services,
• Banking institutions,
• IT service providers,
• Cooperation partners,
• Lawyers, tax advisors, and courts.

In conjunction with the processing of your personal data, it is possible that we share your personal data with trustworthy service providers in non-EU and non-EEA countries. These countries are nations that are not within the European Union (EU) or the European Economic Area (EEA).

In this context, we only work with such service providers who provide us with appropriate guarantees for the protection of your personal data and can assure that your personal data will be processed in accordance with the strict European Data Protection Standards. A copy of these appropriate guarantees may be reviewed at our business premises.

If we share any personal data with recipients in non-EU and non-EEA countries, this is done on the basis of a so-called adequacy decision of the European Commission, or, if such a decision is not available, on the basis of so-called standard contractual clauses, also issued by the European Commission.

You are entitled to the following rights you may exercise in your relationship with us:

1. Right of access
You have the right to receive information as to whether and which personal data of yours we process. In this case, we will provide additional information on:

1. The processing purpose,
2. The categories of data,
3. The recipients of your personal data,
4. The envisaged retention period or the criteria to determine the envisaged retention period,
5. Your additional rights,
6. In the event that you have not shared your personal data with us: All available information as to its origins,
7. If available: The existence of any automated decision making as well as information on the logic used, the expanse and the desired effects of the processing.

2. Right to rectification
You are entitled to have your data corrected and/or completed if the personal data processed by us is incorrect or incomplete.

3. Right to restriction of processing
You are entitled to the restriction of the processing of your data if:

1. We are reviewing the correctness of your personal data processed by us,
2. The processing of your personal data is illegal,
3. You need the personal data processed by us to pursue your rights after the purpose of processing the data has ended,
4. You have filed an objection against the processing of your personal data and we are in the process of reviewing your objection.

4. Right to erasure
You are entitled to having your data deleted if:

1. We no longer need your personal data for the original purpose,
2. You revoke your consent and if there is no further legal basis for the processing of your personal data,
3. You have objected to the processing of your personal data and – if the matter in question is not direct marketing – there are no priority grounds for continued processing of the data,
4. The processing of your personal data is illegal,
5. The deletion of your personal data is mandated by law,
6. Your personal data refers to minors for information society purposes.

5. Right to notify
If you have exercised your right to have data corrected, deleted or restricted in terms of processing, we will notify all recipients of your personal data, to correct, delete or restrict the processing of such data.

6. Right to data portability
You have the right to receive any personal data you have provided to us based on consent or to perform a contract in a structured, commonly used and machine-readable format and to have same transferred to another data controller. If this is technically feasible, you have the right to instruct us to send this data directly to another data controller.

7. Right to object
In the event that special grounds apply, you have the right to object to the processing of your personal data. In this case, we will no longer process your personal data, unless we are in a position to raise mandatory protection worthy grounds for continued processing.

If your personal data is being processed for the purpose of direct marketing you do, at any time, have the option to object.

8. Right to revoke consent
You have the right to revoke any consent you have given us at any time. The revocation of consent does not affect the legitimacy of any prior processing on the basis of consent.

9. Right to file a complaint with a supervisory authority
Any other administrative or court enforced legal remedies notwithstanding, you shall have the right to file a complaint with the competent supervisory authority, if you are of the opinion that the processing of your personal data by us is in violation of the EU GDPR.

The competent supervisory authority for our company is:

Bayrisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach