Thank you for visiting our website, and thank you for your interest in our company and our products.
Here at INTILION Aktiengesellschaft (hereinafter referred to as “INTILION”), we take the protection of your personal data and your privacy very seriously and comply stringently with the rules under data protection law.
The following privacy notice lets you know how INTILION handles information that is collected during, after, or in addition to your visit to our website.
Tel: +49 (0) 5251 69 32 0
Fax: +49 (0)5251 693 229 9
The term “personal data” is defined in Article 4 (1) of the European General Data Protection Regulation (GDPR). Accordingly, it refers to any information relating to an identified or identifiable natural person, including your name, address, telephone number, or date of birth.
Unless stated otherwise in the following sections, no personal data will be collected, processed, or used when you use our website.
Article 6 (1) (a) GDPR acts as the legal basis for any processing of personal data for which we obtain your consent.
Article 6 (1) (b) GDPR acts as the legal basis for any processing of your personal data for the performance of a contract between you and INTILION, including any processing in order to take steps prior to entering into a contract.
Article 6 (1) (c) GDPR acts as the legal basis for any processing of your personal data that is necessary for compliance with a legal obligation.
Article 6 (1) (d) GDPR acts as the legal basis for any processing that is necessary in order to protect the vital interests of the data subject or of another natural person.
Article 6 (1) (f) GDPR acts as the legal basis for any processing that is necessary for the purposes of the legitimate interests pursued by INTILION or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Your personal data will be erased or made unavailable as soon as the purpose of storage ceases to apply. Further storage may be permissible if authorized by European or national legislators under European Union directives, laws, or other regulations to which the controller is subject. The data will also be erased or made unavailable upon expiry of any storage period prescribed in the aforementioned standards, unless the continued storage of the data is necessary to enter into a contract or for the performance of a contract.
When you visit our website, our web servers will ordinarily temporarily store the connection data of the computer sending the request, including:
- Type and version of browser
- Operating system being used
- Referrer URL (the previously visited page)
- Host name of the computer requesting access (IP address shortened by the last three digits)
- Time of server query
- IP address
INTILION is not able to identify individual persons on the basis of this data. We use such technical access information solely for the purpose of statistical evaluation with the aim of improving the attractiveness and operability of our web pages and identifying any technical problems on our website at an early stage.
Such data is recorded on the basis of Article 6 (1) (f) GDPR. The operator of the website has a legitimate interest in the technically correct presentation and optimization of its website, for which the recording of server log files is necessary.
You have the option to contact us by using our e-mail address, our hotline, or the contact form. We will naturally use the personal data transferred to us in this manner solely for the purpose for which you make it available to us upon our first contact. Any and all input solicited by us through our contact form that is not urgently required for our initial contact has been marked as optional. This information allows us to gain more specific insights into your query and improve the handling of your request. The sharing of such information is explicitly voluntary and requires your consent. Should this information pertain to channels of communication, such as e-mail addresses or telephone numbers, you consent to allowing us to use said channel of communication to contact you in order to respond to your query (if applicable).
You may naturally revoke this consent with future effect at any time. To do so, please contact us by mail at the aforementioned address or by e-mail at email@example.com.
We inform you below about the content of our newsletter and the registration, distribution, and statistical analysis process, as well as your rights to object. By subscribing to our newsletter, you consent to its receipt and to the process described herein.
Content of the newsletter: We send newsletters, e-mails, and other electronic notifications with advertising-related information (hereinafter “Newsletter(s)”) solely with the consent of the recipient or legal permission. If applicable, the content of the Newsletter as specified during registration is relevant for the user’s consent. In all other cases, our Newsletter contains information on our services and on us.
Double-opt-in and logging: The registration for our Newsletter involves a double-opt-in procedure. Upon registration, you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary to prevent people from being able to register with e-mail addresses that are not theirs. Attempts to register for the Newsletter will be logged in order to prove that the registration process complies with the statutory requirements. Said logging involves storing the time of registration and confirmation, as well as the IP address. Changes in your data as stored with the distribution provider will also be logged.
Registration data: To register for the Newsletter, it is sufficient for you to provide your e-mail address. Optionally, you may provide us with your name to allow us to personalize the way we address you in the Newsletter.
The distribution of the Newsletter and the associated performance measurement take place on the basis of consent provided by the recipient pursuant to Article 6 (1) (a) GDPR and Article 7 GDPR in conjunction with Section 7 (2) No. 3 of the German Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, UWG) and/or on the basis of the statutory permission pursuant to Section 7 (3) UWG.
The registration process will be logged on the basis of our legitimate interest pursuant to Article 6 (1) (f) GDPR. Our interest relates to the use of a user-friendly and secure newsletter system that serves our business interests, meets the expectations of users, and permits us to demonstrate that we have obtained consent.
Cancellation: You may cancel your subscription to our Newsletter at any time by revoking your consent. You can find a link to cancel the Newsletter at the end of each issue. Based on our legitimate interest, we are permitted to store the e-mail addresses of former recipients for up to three years before we erase in order to demonstrate having obtained prior consent. The processing of this data is restricted to the purpose of potentially defending ourselves from claims. Individual requests for erasure may be submitted at any time upon confirmation of prior consent.
Newsletter — distribution provider
You can apply online for jobs at INTILION by using our applicant portal (LINK). Your online application will be forwarded directly to the human resources department through an encrypted connection and handled with confidentiality. We will use your information solely to process your application and to make a decision on establishing an employment relationship. We will not share your information with any third parties.
Please note that unencrypted e-mails will not be protected from unauthorized access. We therefore ask that you use our online applicant portal to submit your application.
We will process the following data of yours if you register or attend one of our online seminars:
- First and last name
- E-mail address
- Browser and system data
- IP address
- Language and time zone
- Chat data
- Other data entered by you (such as your name, telephone number, customer number, support queries, or chat messages)
- User data from online seminars (such as access statistics, application processes, registration and attendance records relating to an online seminar, or attempts to access certain pages)
Such data will be used solely for the purpose of processing your registration, preparing your seminar attendance, and billing. Once you have successfully registered, you will receive an e-mail confirming your registration. Any and all data solicited by us through our registration form that is not urgently required to register you for the seminar has been marked as optional. This data helps us prepare better for the seminar. The sharing of such data is explicitly voluntary and requires your consent. You may naturally revoke this consent with future effect at any time. To do so, please contact us by mail at the aforementioned address or by e-mail at firstname.lastname@example.org. You also have the option to activate our Newsletter.
To process the data, we use the tool GoToWebinar from GoTo Technologies Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573 Ireland (hereinafter referred to as “GoTo”), as the processor (see Article 28 GDPR).
Google is certified under the Privacy Shield Framework, thereby providing a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyze the use of our website by the user, to compile reports about activities within this website, and to provide further services to us in connection with the use of this website and the use of the Internet. The processed data may be employed to create use profiles that employ pseudonyms for the users.
We use Google Analytics to ensure that the advertisements placed through Google’s advertising services and its partners are shown only to those users who have shown an interest in our website or who exhibit certain characteristics (such as interests in certain topics or products that are determined on the basis of the websites visited), which we share with Google (known as “remarketing” or “Google Analytics audiences”). By using remarketing audiences, our aim is to ensure that our advertisements match the potential interests of the user and do not bother them.
We use Google Analytics only with activated IP anonymization. As a result, Google truncates the IP addresses of users within the member states of the European Union or in other states that are party to the European Economic Area (EEA) Agreement. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States of America and truncated there.
The data transmitted by us and linked to cookies, user identification characteristics (such as user IDs), or advertising IDs will be automatically erased after 14 months. Data that no longer needs to be stored following the expiry of the respective storage periods will be deleted automatically once a month.
The IP address transmitted by the user’s browser will not be linked or combined with any other Google data. The user may prevent the storage of cookies by selecting the appropriate browser settings. The user may also prevent Google from recording the data generated by the use of the cookie and related to their use of the website, as well as the processing of said data by Google, by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=de.
Google (re-)marketing services
On the basis of our legitimate interest (i.e., interest in the analysis, optimization, and efficient operation of our website within the meaning of Article 6 (1) (f) GDPR), we use the marketing and remarketing services (or “Google Marketing services,” for short) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google is certified under the Privacy Shield Framework, thereby providing a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The Google Marketing services allow us to show more targeted advertisements for and on our website in order to present to users only those advertisements that may potentially match their interests. The practice of showing users advertisements for products in which they have shown an interest on other websites is referred to as “remarketing.” For this purpose, Google will directly execute a code from Google upon accessing our website and other websites on which Google Marketing services are active. Furthermore, (re-)marketing tags (invisible graphic elements or codes otherwise known as “web beacons”), which will be used to store an individual cookie (i.e., a small file) on the user’s device, will be incorporated into the website. Comparable technologies may also be used in place of cookies. The cookies may be stored by various different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file contains information on the websites visited by the user, the content in which the user has expressed an interest, and the links on which the user has clicked, as well as technical information pertaining to the browser and operating system, referring websites, and other information on the use of the website. The IP address of the user will also be recorded. Within the scope of Google Analytics, the IP address will be truncated within the member states of the European Union or in other states that are party to the European Economic Area (EEA) Agreement. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States of America and truncated there. The IP address will not be linked or combined with any other user data within the scope of other Google services. Google may also link the aforementioned information with such information from other sources. The user may then see advertisements tailored to their interests if they subsequently visit other websites.
The user data will be pseudonymized within the scope of Google Marketing services prior to processing. As a result, Google will neither store nor process information such as the name or e-mail address of the user. Instead, it will process the relevant data on a cookie-related basis within the scope of pseudonymized user profiles. From Google’s perspective, the advertisements will therefore not be managed and displayed for a specifically identified person, but rather for the party in possession of the cookie, regardless of who said party is. The above will not apply if a user has expressly permitted Google to process the data without said pseudonymization. The information collected by Google Marketing services about the user will be transmitted to Google and stored on Google’s servers in the United States of America.
The Google Marketing services we use include the online advertising program Google AdWords. When using Google AdWords, each AdWords customer receives a different conversion cookie. As a result, it is not possible to track cookies through the websites of AdWords customers. The information obtained with the aid of cookies is used to generate conversion statistics for AdWords customers that have decided to use conversion tracking. The AdWords customers gain insights into the total number of users who have clicked on their advertisement and have been forwarded to a page featuring a conversion tracking tag. However, they do not receive any information that could be used to identify users personally.
Furthermore, we may use the Google Tag Manager to incorporate Google analysis and marketing services into our website and manage them.
If you would like to object to interest-related advertising by Google Marketing services, you can make use of the settings and opt-out options provided by Google at https://www.google.com/ads/preferences.
Facebook Pixel, Custom Audiences, and conversion
Facebook Pixel, provided by the social network Facebook (“Facebook”) — which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, for persons based in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland — is used within the scope of our website on account of our legitimate interest in the analysis, optimization, and efficient operation of our website, and for the purposes thereof.
Facebook is certified under the Privacy Shield Framework, thereby providing a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Activee).
The use of Facebook Pixel enables Facebook to identify the users of our website as a target audience for the display of advertising (“Facebook Ads”). Accordingly, we use Facebook Pixel to ensure that the Facebook Ads placed by us are shown only to those Facebook users who have shown an interest in our website or who exhibit certain characteristics (such as interests in certain topics or products that are determined on the basis of the websites visited), which we share with Facebook (known as “Custom Audiences”). By using Facebook Pixel, our aim is to ensure that our Facebook Ads match the potential interests of the user and do not bother them. Facebook Pixel also enables us to analyze the effectiveness of the Facebook Ads for statistical and marketing purposes by allowing us to see whether users have been forwarded to our website after clicking on a Facebook Ad (known as “conversion”).
You may object to the recording of your data by Facebook Pixel and the use of your data to show Facebook Ads. To set the types of advertisements shown to you on Facebook, access the page provided by Facebook and follow the instructions for changing your settings on use-based advertising at https://www.facebook.com/settings?tab=ads. The settings will apply for all devices you use, including desktop computers and mobile devices.
Such cookies are stored by the website that the user visits. Only this particular website is able to read information from the cookies.
Cookies from third parties are stored by organizations that are not the operator of the website visited by the user. Such cookies are used by marketing companies, for example.
Session cookies are temporary cookies that are stored in the user’s internet browser until the browser window is closed, thereby erasing the session cookies.
Persistent cookies are used for repeat visits and are stored in the user’s browsers for a defined period of time (usually 1 year or longer). Such cookies are not erased when the browser is closed. Cookies of this nature are used to ensure access to a user’s preference once they return to the page.
Consent through Borlabs Cookie
Our website uses the consent technology from Borlabs Cookie to obtain your consent for storing certain cookies in your browser, or for using certain technologies, and to document said consent in a manner complying with data protection law. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as “Borlabs”).
When you first visit our website, a Borlabs Cookie will be stored in your browser by storing the consent provided by you or your revocation of this consent. The data will not be forwarded to the provider of the Borlabs Cookie.
Except in the case of statutory retention periods, the recorded data will be stored until you ask us to erase it, until you erase the Borlabs Cookie yourself, or until the purpose of the data storage ceases to apply. Details on the processing of data by Borlabs Cookie is available at https://borlabs.io/kb/what-information-does-borlabs-cookie-store/.
Meta Platforms Ireland Limited, 1601 S. California Ave, Palo Alto, CA 94304, USA: https://www.facebook.com/privacy/policy
XING SE, Dammtorstraße 30, 20354 Hamburg, Germany: https://privacy.xing.com/en/privacy-policy
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland: https://www.linkedin.com/legal/privacy-policy
Twitter International Company, Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland: https://twitter.com/de/privacy
Based on our legitimate interest (i.e., interest in the analysis, optimization, and efficient operation of our website within the meaning of Article 6 (1) (f) GDPR), we use content or service offerings from third-party providers on our website in order to embed their content and services, such as videos or fonts (hereinafter jointly referred to as “content”).
Under all circumstances, the third-party providers of this content must be able to see the IP address of the users in order to send the content to their browsers. The IP address is therefore necessary to display said content. We make every effort to restrict ourselves to content offered by providers that use the IP address solely to deliver the content. Third-party providers may also use pixel tags (invisible graphic elements also known as “web beacons”) for statistical or marketing purposes. Pixel tags make it possible to analyze information such as the number of people who have visited a particular page of this website. In addition, the pseudonymized information may be stored in cookies on the device and may contain technical information on the browser and operating system, referring websites, time spent on the page or websites, and other data on the use of our website, among other things. It may also be linked to such information from other sources.
Our website uses YouTube plug-ins to embed and show video content. The video portal is provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. A connection to YouTube’s services will be established upon accessing a page with an integrated YouTube plug-in, letting YouTube know which of our pages you have accessed.
If you are logged into your YouTube account, YouTube will be able to link your surfing behavior directly to your personal profile. You can prevent YouTube from doing so by logging out of your profile before accessing the page in question.
Adobe Typekit web fonts
To ensure the uniform presentation of certain fonts, our website uses Adobe Typekit web fonts, which are provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA, 95110-2704, USA (“Adobe”).
Upon accessing our pages, your browser downloads the necessary fonts directly from Adobe in order to display them correctly on your end device. To do so, your browser establishes a connection with Adobe’s servers in the United States of America, letting Adobe know that you have accessed our website from your IP address. According to Adobe, no cookies are stored when providing the fonts.
Adobe has obtained EU-U.S. Privacy Shield certification. Privacy Shield is an agreement between the United States of America and the European Union that is intended to ensure compliance with European data protection standards. More information is available at https://www.adobe.com/privacy/eudatatransfers.html.
The use of Adobe Typekit web fonts is necessary in order to ensure a uniform font appearance on our website and represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
More information about Adobe Typekit web fonts is available at https://www.adobe.com/de/privacy/policies/typekit.html.
Use of ajax.googleapis.com and jQuery
Google AdWords and conversion tracking
We run Google AdWords advertisements to draw attention to our services. As part of this approach, we use Google conversion tracking for the purpose of personalized, interest-based, and localized online advertising. To anonymize IP addresses, Google Tag Manager provides an internal setting that is not visible in the source of this page. This internal setting is designed to ensure compliance with the IP address anonymization guidelines under the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG)
This technology lets Google and us, the client, know that a user was forwarded to our website after clicking on an advertisement. The information gained in the process is used solely for statistical analysis to optimize advertising. We do not receive any information that could be used to identify visitors personally. The statistics provided to us by Google include the total number of users who have clicked on one of our advertisements and (if applicable) whether they were forwarded to a page of our website featuring a conversion tag. These statistics allow us to understand which search terms users clicked on most often on our advertisements and let us know which advertisements led users to enter into contact with us by way of our contact form.
If you do not agree to said cookie use, you may prevent your browser from storing the cookies required for this technology by changing the settings accordingly. In this case, your visit will not be included in the user statistics.
By changing the advertising settings, you also have the option to select the types of Google advertisements or to deactivate interest-related advertisements on Google. Alternatively, you can deactivate the use of third-party cookies by accessing the deactivation support service provided by the Network Advertising Initiative.
However, we and Google will continue to receive statistical information pertaining to the number of visitors and the timing of their visits. Additional programs for your browser (such as the Ghostery add-on) can help prevent you from being included in such statistics. We use the following technology provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”): https://www.google.de/intl/de/policies/privacy
We use service providers to help operate our website by hosting our website and assisting with content management, to name a few examples. We provide said companies with the data required to provide such services, such as names and addresses.
Some of these companies process data on our behalf. As a result, they may use the data provided to them solely in accordance with our instructions. In this case, we are responsible under law for appropriate data protection measures at the companies engaged by us. We therefore cooperate with these providers to agree on specific data security measures and monitor them regularly
Content management system
Our website and the content therein have been developed using the WordPress system.
The provider’s terms of service are available at https://de.wordpress.com/tos/.
This website is hosted by an external service provider (host). The personal data recorded on this website will be stored on the host’s servers. Such data may include IP addresses, contact inquiries, meta and communication data, contract data, contact data, names, website access attempts, and other data generated through a website.
We use a host for the purpose of performing contracts with our potential and current customers (Article 6 (1) (b) GDPR) and in the interest of having a professional partner to securely, rapidly, and efficiently provide our website (Article 6 (1) (f) GDPR).
Our hosts will only process your data as required to meet its service obligations and as instructed by us in relation to said data.
We use the following host:
The provider’s general terms and conditions are available at https://raidboxes.io/en/legal/terms/.
We have entered into a processing agreement with our host to ensure that the processing of data complies with data protection law.
Our website may also contain third-party content, such as YouTube videos, maps provided by Google Maps, or graphic elements from other websites. The providers of said content (hereinafter referred to as “Third-Party Providers”) must receive users’ IP addresses in order for us to use such services.
Without the IP address, it would not be possible to transmit content to the user’s browser and display the content correctly.
We have no influence over whether or not the Third-Party Provider decides to store the IP address. We will notify users of such information, should it be provided to us.
Our website uses tools provided by companies based in the United States of America. If these tools are active, your personal data may be forwarded to the respective companies’ U.S. servers. Please note that the United States of America is not a safe third country within the meaning of EU data protection law. American companies are obligated to disclose personal data to security authorities without offering data subjects the option to object or take legal action to prevent such disclosure. Any data of yours on servers in the United States of America may therefore by processed, analyzed, and permanently stored by U.S. authorities such as intelligence agencies for surveillance purposes. Such processing activity is beyond our control.
We make every effort to store your personal data in such a way that it is accessible neither to third parties nor to the public. However, we are unable to fully guarantee the confidentiality of any information sent to us by e-mail.
We therefore recommend sending confidential information to us by physical mail only.
SSL and/or TLS encryption
For security reasons, and to protect the transmission of confidential information such as orders or inquiries sent by you to us as the operator of this website, we use SSL and/or TLS encryption. An encrypted connection is identifiable by an “https://” address and a lock symbol in the URL bar of your browser.
The data that you send to us cannot be read by third parties if SSL or TLS encryption is activated.
Despite taking great caution when selecting links to external providers, we are unable to assume any responsibility or liability for the content and data security of websites provided by third parties.
If personal data from or pertaining to you is processed, you are a data subject as defined by the GDPR and are entitled to the following rights in any dealings with the controller:
1. Right of access
You have the right to obtain from the controller confirmation as to whether or not we are processing personal data concerning you.
Where that is the case, you may demand access to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data has been or will be disclosed;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to obtain information as to whether or not the personal data concerning you has been or will be transferred to a third country or an international organization. Within this context, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2. Right to rectification
You have the right to obtain from the controller the rectification of inaccurate personal data concerning you, as well as the right to have incomplete personal data completed. The controller must make such rectification without undue delay.
3. Right to restriction of processing
You have the right to obtain restriction of processing where one of the following applies:
- if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims;
- if you have objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where the processing of personal data concerning you has been restricted, such personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.
If you have obtained restriction of processing pursuant to the above conditions, you will be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Erasure obligation
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay. The controller will be obligated to erase personal data without undue delay where one of the following grounds applies:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw the consent on which the processing was based according to Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal ground for the processing;
- you object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR;
- the personal data pertaining to you has been unlawfully processed;
- the personal data has to be erased for compliance with a legal obligation in European Union or member state law to which the controller is subject;
- the personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
b) Notification of third parties
Where the controller has made the personal data public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers that are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
The right to erasure will not apply to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation that requires processing by European Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) GDPR as well as Article 9 (3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right referred to under a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise, or defense of legal claims.
5. Right to notification
If you have made use of your right to rectification, erasure, or restriction of processing, the controller is obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The controller must inform you about those recipients if you request it.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used, and machine-readable format. In addition, you have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, or on a contract pursuant to Article 6 (1) (b) GDPR, and the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The right referred to here must not adversely affect the rights and freedoms of others.
The right to data portability will not apply to any processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions. The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to revoke consent under data protection law
You have the right to revoke your consent under data protection law at any time. The decision to revoke consent will not affect the legitimacy and legality of any processing up until said point.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into, or performance of, a contract between you and a data controller; is authorized by European Union or member state law to which the controller is subject and that also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or is based on your explicit consent.
However, such decisions may not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the data controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
If you have any questions on data protection, please contact our external data protection officer:
Mr. Matthias Lindner
c/o intersoft consulting services AG
Beim Strohhause 17
Ongoing technical developments, changes to our services or legal position, or other reasons may necessitate changes and amendments to this privacy notice. We will announce changes and amendments in due time on this page. Please inform yourself regularly of the latest status. This policy was last updated in August 2022.