Privacy Policy
As of May 2020
Table of contents
1. Identity and the contact details of the data controller
2. Contact details of the data protection officer
III. Data processing in the ArkOne app
1. Cookies
2. Hosting
3. Microsoft OneDrive of Microsoft Office 365
VII. Payment
VIII. Use of plugins
1. Rights of the data subject
1. Identity and the contact details of the data controller
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other provisions of data protection law is:
Noah Mobility GmbH
Hildegardstr. 8
80539 Munich
Germany
+49 89 2000 7952 0
hello@noah-mobility.de
www.noah-mobility.de
1. Contact details of the data protection officer
The contact details of the data controllers designated data protection officer is:
DataCo GmbH
Dachauer Str. 65
80335 Munich
Germany
+49 89 7400 45840
www.dataguard.de
III. Data processing in the ArkOne app
On this page, we will inform you about the privacy policy of the ArkOne App for Android and iOS ("App"). The app is offered by Noah Mobility GmbH, Hildegardstr. 8, 80539 Munich, Germany ("Noah Mobility", "we" or "us").
1. Scope of the processing of personal data
The ArkOne app is the service hub for the relocation services provided by Noah Mobility. Clients can choose from a wide variety of relocation and relocation related services. Those services include amongst others the relocation process itself, provision of preparational information, mediating real estate negotiations and taking care of administrative processes with public authorities.
For the purpose of being able to provide such services to the client, based upon the selection of services the following data regarding the persons concerned must be provided either via the app or by filling out forms provided by us:
Additionally we process the following special categories of personal data pursuant Art. 9 para. 1 GDPR:
Companies can provide clients with a company code for the Ark One App. During the registration process, the client can use this code to link their account to the company’s account. Companies can also be commissioned by the client to provide us with the personal data in order to create a user account for the user. This results in the company being able to view the client’s selection of services and the current status of the relocation process.
The processed personal data originate from the following sources:
The recipients of the data are:
For the processing of the selected relocation services we use freelancing service providers (“consultants”). The consultants receive requests from our clients in the app and can either accept or refuse them. If they chose to accept the request the data needed to fulfill the specific service is provided by us to the consultant either via Email or by granting temporary permission to access the client’s data via Google Drive of the Google G Suite.
The consultants have signed data processing agreements (DPA) in writing or in electronic form as sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject. Since our consultants are based all around the world in those countries that the clients have booked their services for, by providing the consultant with the data it will be transferred to other countries including third countries pursuant to Art. 44 GDPR. If a consultant is based in a third country pursuant to Art. 44 GDPR, they have provided sufficient guarantees pursuant to Art. 46. para. 1 lit c GDPR by signing a standard contractual clause for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council.
2. The purpose of the processing of personal data
The purpose of the processing of personal data is to provide tailor made relocation services for our clients. Depending on the selected services, the data is used by the consultant to complete the tasks necessary for performing the selected service. Before, during and after the relocation process, we provide our clients services related to the following topics:
3. The legal basis of the processing of personal data
Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures. Regarding the processing of special categories of personal data pursuant to Art. 9 para. 1 GDPR the legal basis is given explicit consent in accordance to Art. 6 para. 1 sentence 1 lit. a GDPR in combination with Art. 9 para. 2 lit. a GDPR.
4. The duration of storage
Personal information will be retained for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.
5. The possibility of objection and removal
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out based on the consent up until the revocation.
Users have to possibility of an objection and request removal of their personal data via Email. For this, please send an Email to: hello@noah-mobility.de
1. Cookies
2. Description and scope of data processing
Our app uses cookies. Cookies are text files that are stored one the user’s device. If a user opens our app, cookies are stored on the user’s operation system. These cookies contain a string of characters that allows the browser to be uniquely identified when the app is reopened.
We store the following cookies on your device:
The following data is stored and transmitted in the cookies:
The user data collected in this manner is pseudonymised by technical measures. It is therefore not possible to assign the data to the user accessing the app. The data is not stored together with other personal data of the users.
2. Purpose of data processing
We use cookies to make our app more user-friendly. Some elements of our app require the user to be identified even after a page reload. The purpose of using technical cookies is to simplify the use of the app for users. Some functions of our app cannot be offered without the use of cookies. These require that the user is recognised even after a page change.
We need cookies for keeping the user logged in to the app.
The user data collected by technical cookies are not used to create user profiles.
3. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 s. 1 lit. f GDPR.
In this case, our legitimate interests lie in the processing of personal data in accordance with Art. 6 para. 1 s. 1 lit. f GDPR.
4. Duration of storage and possibility of objection and removal
The allotted lifespan of the cookies is one day. If a user logs out of the system, all cookies are deleted.
1. Hosting
The app is hosted on the servers of a service provider commissioned by us.
Our service provider is:
Amazon Web Services, Inc.
410 Terry Avenue North
Seattle WA 98109
United States
The servers automatically collect and store information in so-called server log files, which are automatically transmitted using the app. The stored information is:
The servers are geographically located in Frankfurt, Germany
This data will not be merged with other data sources. This data is collected based on Art. 6 para. 1 sentence 1 lit. f GDPR. We have a justified interest in the technically error-free presentation and optimisation of the app - for this purpose, the server log files must be recorded.
We have concluded a data processing agreement with the relevant data processor by obliging the relevant service provider to protect user data and not to pass it on to third parties. You can find further information on the data protection guidelines of our provider here:
https://aws.amazon.com/de/privacy/?nc1=f_pr
Amazon has also signed and certified a privacy shield agreement between the European Union and the United States. This means that Amazon is committed to complying with the standards and regulations of the GDPR. More information can be found in the following link:
https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
1. Microsoft OneDrive of Microsoft Office 365
2. Scope of processing of personal data
We use the file sharing service OneDrive of Microsoft Corporation LLC, 1600 One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as Microsoft). Microsoft OneDrive is a file hosting service that allows us to store documents in the cloud, share files and edit documents together. We use Microsoft OneDrive to process client’s data and to share clients data with consultants so that they can complete selected services for the clients.
We have concluded a data processing agreement with the relevant data processor by obliging the relevant service provider to protect user data and not to pass it on to third parties.
Microsoft has also signed is certified under the privacy shield agreement between the European Union and the United States. By doing so, Microsoft is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active
Further information on the collection and storage of data by Microsoft can be found here: https://privacy.microsoft.com/de-de/privacystatement
2. Purpose of the data processing
The use of Microsoft OneDrive serves to enable improve the efficiency of our services. Consultants require access to the data of clients to complete the tasks necessary for performing the selected service.
3. Legal basis for the processing of personal data
Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures. Regarding the processing of special categories of personal data pursuant to Art. 9 para. 1 GDPR the legal basis is given explicit consent in accordance to Art. 6 para. 1 sentence 1 lit. a GDPR in combination with Art. 9 para. 2 lit. a GDPR.
4. Duration of storage
Your personal information will be retained for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.
5. Possibility of opposition and removal
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out based on the consent up until the revocation. Users have to possibility of an objection and request removal of their personal data via email. For this, please send an Email to: hello@noah-mobility.de
You can find further information on opposition and removal options in regard to Microsoft at:
https://privacy.microsoft.com/de-de/privacystatement
VII. Payment options
1. Description and scope of data processing
We offer our clients various payment options for processing their orders. Depending on the payment option, we transfer clients to the platform of the payment service provider in question. After completion of the payment process, we receive the client's payment data from the payment service providers or our house bank and process these in our systems for billing and accounting purposes.
Payment by credit card
It is possible to complete the payment process by credit card. If you have chosen to pay by credit card, payment details will be passed on to payment service providers for payment processing. All payment service providers comply with the requirements of the "Payment Card Industry (PCI) Data Security Standards" and have been certified by an independent PCI Qualified Security Assessor.
The following data will be transmitted regularly as part of payment by credit card:
Payment data is passed on to the following payment service providers:
Stripe Inc., 510 Townsend Street San Francisco, CA 94103, USA
Further information on the data protection guidelines as well as revocation and disposal options for payment service providers can be found here:
https://stripe.com/de/privacy#translation
2. Purpose of the data processing
The transmission of payment data to payment service providers serves to process payments, e.g. if you purchase a product and/or use a service.
3. Legal basis for data processing
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b GDPR, since the processing of the data is necessary for the execution of the concluded sales contract.
4. Duration of storage
All payment data as well as data on possible chargebacks are only stored as long as they are required for payment processing and a possible processing of chargebacks and debt collection as well as for combating misuse.
Furthermore, payment data may be stored beyond this if and as long as this is necessary to comply with statutory retention periods or to prosecute a specific case of misuse. Your personal data will be deleted at the end of the statutory retention period, i.e. after 10 years at the latest.
5. Possibility of objection and removal
You can revoke your consent to the processing of your payment data at any time by notifying the data controller or the payment service provider used. However, the payment service provider used may still be entitled to process your payment data if and as long as this is necessary for the contractual payment processing.
Payment via PayPal
It is possible to process payment transactions with the payment service provider PayPal. PayPal offers a direct payment method as well as purchase on invoice, direct debit, credit card and installment payment.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.
If you choose PayPal as your payment method, your data required for the payment process is automatically transmitted to PayPal.
Following data is processed:
The data transmitted to PayPal may be transmitted by PayPal to credit agencies. The purpose of this transmission is a check of identity and credit score.
PayPal may also share your information with third parties to the extent necessary to fulfill your contractual obligations or to process the information on behalf of PayPal. When transferring your personal information within companies affiliated with PayPal, the Binding Corporate Rules, approved by the relevant regulatory authorities, apply. You can find them here: https://www.paypal.com/de/webapps/mpp/ua/bcr Other data transfers may be based on contractual safeguards. For further information please contact PayPal.
All PayPal transactions are subject to PayPal's privacy policy. You can find them at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
2. Purpose of data processing
The transmission of payment data to payment service providers serves to process payments, e.g. if you purchase a product and/or use a service.
3. Legal basis for data processing
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b GDPR, since the processing of the data is necessary for the execution of the concluded sales contract.
4. Duration of storage
All payment data as well as data on possible chargebacks are only stored as long as they are required for payment processing and a possible processing of chargebacks and debt collection as well as for combating misuse.
Furthermore, payment data may be stored beyond this if and as long as this is necessary to comply with statutory retention periods or to prosecute a specific case of misuse.
Your personal data will be deleted at the end of the statutory retention period, i.e. after 10 years at the latest.
5. Objection and removal
You can revoke your consent to the processing of your payment data at any time by notifying the data controller or the payment service provider used. However, the payment service provider used may still be entitled to process your payment data if and as long as this is necessary for the contractual payment processing.
VIII. Use of plugins
We use plugins for various purposes. The plugins used are listed below:
Use of Google Places Autocomplete
1. Scope of processing of personal data
We use the autocomplete service Places of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). The Place Autocomplete service is a web service that returns place predictions in response to filled in text by the user. The service can be used to provide autocomplete functionality for text-based geographic searches, by returning places such as businesses, addresses and points of interest.
Through the use of Google Places Autocomplete in our app, information about the use of our app, your IP address and addresses entered are transmitted to a Google server in the USA and stored there. Further information on the collection and storage of data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of the data processing
The use of the Google Places Autocomplete serves to improve user friendliness and an appealing presentation of our app.
3. Legal basis for the processing of personal data
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
4. Duration of storage
Your personal information will be retained for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.
5. Possibility of opposition and removal
With the following link you can deactivate the use of your personal data by Google: https://adssettings.google.de
You can find further information on opposition and removal options in regard to Google at:
https://policies.google.com/privacy?gl=DE&hl=de?gl=DE&hl=de
Google has also signed is certified under the privacy shield agreement between the European Union and the United States. By doing so, Google is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Use of Google Analytics
1. Scope of processing of personal data
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). Google Analytics analyses, among other things, the origin of visitors, their length of stay on individual pages and the use of search engines, thus allowing better monitoring of the success of advertising campaigns. Google places a cookie on your computer. This allows personal data to be stored and evaluated, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data on the advertisements displayed (in particular which advertisements have been displayed and whether the user has clicked on them) and also data on advertising partners (in particular pseudonymised user IDs). The information generated by the cookie about your use of this app will be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is enabled on this app, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. IP anonymization is active on this app. On behalf of the operator of this app, Google will use this information for the purpose of evaluating your use of the app, compiling reports on app activity and providing other services to app operators in connection with app activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of our app. Further information on the collection and storage of data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=de?gl
2. Purpose of the data processing
The purpose of processing personal data is to specifically address a target group that has already expressed an initial interest by visiting the site.
3. Legal basis for the processing of personal data
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a GDPR.
4. Duration of storage
Your personal information will be retained for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law. Advertising data in server logs is anonymized by Google's own statements to delete parts of the IP address and cookie information after 9 and 18 months respectively.
5. Possibility of objection and removal
With the following link you can deactivate the use of your personal data by Google:
https://adssettings.google.de
You can find further information on objection and removal options regarding Google at: https://policies.google.com/privacy?gl=DE&hl=de?gl
Google has also signed and certified a privacy shield agreement between the European Union and the United States. By doing so, Google is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Use of Google Web Fonts
1. Scope of processing of personal data
We use Google Webfonts of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). The web fonts are transferred to the browser's cache when the page is called up in order to be able to use them for the visually improved display of various information. If the browser does not support Google Web Fonts or does not allow access, the text will be displayed in a default font. No cookies are stored when the app visitor accesses the page. Data transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. This allows personal data to be stored and evaluated, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on) and device and browser information (in particular the IP address and the operating system). It will not be associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.
Further information on the collection and storage of data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of the data processing
The use of Google Webfonts serves an appealing representation of our texts. If your browser does not support this feature, a standard font will be used by your computer to display it.
3. Legal basis for the processing of personal data
The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR.
4. Duration of storage
Your personal information will be retained for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.
5. Possibility of objection and removal
With the following link you can deactivate the use of your personal data by Google:
https://adssettings.google.de
You can find further information on objection and removal options in regard to Google at:
https://policies.google.com/privacy?gl=DE&hl=de
Google has also signed and certified a privacy shield agreement between the European Union and the United States. By doing so, Google is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Use of tawk
1. the scope of processing of personal data
We use functionalities of the live chat plugin tawk.to from tawk.to inc., 187 East Warm Springs Road, SB119, Las Vegas, Nevada, USA (hereinafter referred to as tawk). The plugin is used to communicate with website visitors via a chat interface. It can also be used to analyze website visits. Cookies from tawk.to will be saved on your mobile device. The following personal data are processed by tawk:
Data is transmitted and processed on servers of tawk.to in the USA. tawk.to has the EU-US Privacy Shield Agreement subjected and certified. Thereby tawk.to commits itself to the standards and regulations of European data protection law. Further information can be obtained from the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt00000008SblAAE&status=Active \n\n
Other recipients of the data are:
Further information on the processing of data by tawk.to can be found here:
https://www.tawk.to/privacy-policy/
2. purpose of the data processing
The use of tawk enables us to offer interested parties and customers a direct communication channel with our employees.
3. legal basis for the processing of personal data
The legal basis for the processing of personal data of users is in principle consent of the user according to Art. 6 para. 1 sentence 1 lit. a GDPR. When processing the special categories of personal data pursuant to Art. 9 para. 1 GDPR, the legal basis is the express consent under Art. 6 para. 1 sentence 1 lit. a GDPR in link with Art. 9 para. 2 lit. a GDPR.
4. duration of storage
Your personal information will be stored for as long as necessary in order to the purposes described in this privacy policy or as required by law is prescribed, e.g. for tax and accounting purposes.
5. possibility of revocation and removal
You have the right to revoke your data protection declaration of consent at any time. By revoking your consent, the legality, which is based on the consent until the right of withdrawal shall not be affected. You may refuse the collection and processing of your personal data by tawk by preventing third-party cookies from being stored on your computer, and by preventing use the "Do Not Track" function of a supporting browser, stop the execution of script code in your browser or disable a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
For further information on how to appeal and remedy tawk, please see under:
https://www.tawk.to/privacy-policy/
Use of SalesViewer
1. scope of the processing of personal data
We use functionalities of the marketing plugin SalesViewer of SalesViewer® GmbH, Huestraße 30, 44787 Bochum (hereinafter: SalesViewer).
On our website, the SalesViewer® technology is used to collect and store data for marketing, market research and optimization purposes based on our legitimate interest (Art. 6 (1) (f) GDPR).
The following personal data is thereby processed by Salesviewer:
• Name, origin and industry of the user
• Source/referrer of the user
• keyword
• Visitor behaviour (e.g. (sub)pages visited, time of visit, duration of visit)
For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and not used to identify the visitor of this website personally.
For further information on the processing of data by SalesViewer, please click here:
https://www.salesviewer.com/de/datenschutz
2.
purpose of the data processing
We use SalesViewer for web analysis. With the help of SalesViewer, we can record which companies visit our website. Data from end consumers who visit our website within a private context is not collected.
3. legal basis for the processing of personal data
The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest here lies in the purposes of data processing mentioned under section 2.
4. duration of the storage
Your personal information will be retained for as long as is necessary to fulfil the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes.
5. possibility of objection and removal
You have the right to object to the processing of your personal data at any time. To do so, you can use the following link from SalesViewer: https://www.salesviewer.com/de/opt-out
You can find more information on objection and removal options vis-à-vis SalesViewer at:
https://www.salesviewer.com/de/datenschutz
Integration of plugins via external service providers
1. Description and scope of data processing
We integrate certain plugins on our app via external service providers in the form of content delivery networks. When you access our app, a connection is established to the servers of the providers used by us to retrieve content and store it in the cache of the user's browser. This allows personal data to be stored and evaluated in server log files, device and browser information (e.g. IP address and operating system). We use the following services:
BootstrapCDN of the supplier MaxCDN DBA StackPath, 2021 McKinney Ave., Suite 1100, Dallas, TX 75201, USA
2. Purpose of the data processing
The use of the functions of these services serves the delivery and acceleration of online applications and content.
3. Legal basis for data processing
These data are collected on the basis of Art. 6 para. 1 lit. f GDPR. The app operator has a justified interest in the technically correct presentation and optimization of his app.
4. Duration of storage
Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.
5. Possibility of objection and removal
You can find further information on objection and elimination options against StackPath at: https://www.bootstrapcdn.com/privacy-policy/
StackPath has also signed and is certified under the privacy shield agreement between the European Union and the United States. This commits StackPath to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000CbahAAC&status=Active
1. Rights of the data subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you are entitled to the following rights in regard to the data controller:
1. The right to information
You can request confirmation from the data controller as to whether personal data relating to you will be processed by us. In the event of such processing, you may request the following information from the data controller:
The existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and at least in these cases meaningful information on the logic involved, and the scope and intended effects of such processing on the data subject.
You have the right to request for information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed on the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
2. The right to rectification
You have the right to have your personal data corrected and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller must carry out the rectification immediately.
3. The right to limit the data processing
Under the following conditions, you may request that the processing of your personal data be restricted:
4. The right to erasure
5. a) Duty to delete
You may request the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:
The personal data relating to you is no longer necessary for the purposes for which they were collected or otherwise processed. You revoke your consent on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR was based and there is no other legal basis for the processing. You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
The personal data concerning you have been processed unlawfully. The deletion of your personal data is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the data controller is subject.
The personal data relating to you have been collected in relation to information society services offered pursuant to Article 8 para. 1 GDPR.
1. b) Information to third parties
If the data controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 para. 1 GDPR, they shall take the appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the data processors who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.
1. c) Exceptions
The right to deletion does not exist if the processing is necessary for the exercise of freedom of expression and information; to fulfil a legal obligation which processing is subject to under the law of the EU or of the Member States to which the data controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller; for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and lit. i as well as Art. 9 para. 3 GDPR; for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to in Section a) presumably makes the attainment of the objectives of such processing impossible or seriously impairs them, or to assert, exercise or defend legal claims.
5. The right to data portability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to communicate the data to another data controller without being hindered by the data controller to whom the personal data was provided, provided that processing was based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or is based on a contract pursuant to Art. 6 para. 1 S.1 lit. b GDPR and the processing is carried out by automated means.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
6. The right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 Para. 1 S.1 lit. e or f GDPR; this also applies to profiling based on these provisions. The data controller will no longer process the personal data relating to you unless they can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. You have the possibility to exercise your right of objection through automated procedures using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.
7. The right to revoke consent under data protection law
You have the right to revoke your consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out based on your consent until you revoke it.
8. Automated decision making, including profiling
(1) You have the right not to be subject to any decision based solely on automated processing, including profiling that has any legal effect on you or similarly significantly affects you. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the data controller,
(2) is authorised by legislation of the EU or of the Member States to which the data controller is subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
(3) is made with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the data controller shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including, at least, the right to obtain the intervention of a person on the part of the data controller, to state his own position and to challenge the decision.
9. Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the GDPR. The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
This privacy policy has been created with the assistance of DataGuard.
These cookies may be set through our website by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant ads on other websites. These cookies are also used to analyze our users' visit to the website (e.g. which links were clicked, which subpages were visited). We use this information to tailor advertising on the website more closely to the interests of our users.
