Privacy statement
Thank you for visiting our website and for your interest in our company. We want you to feel that you are in safe hands, also with regard to the protection of your data. In collecting, processing and using your personal data, we comply with the requirements of data protection legislation, in particular the requirements of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).
Name and address of the controller
The data controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other data protection legislation.
Dätwyler IT Infra GmbH
Auf der Roos 4-12 65795 Hattersheim
Alemania Tel..: +49 6190 8880-0
Fax +49 6190 8880-80
E-Mail: info.itinfra.de (at) datwyler.com
Name and address of the data protection supervisor
The data protection supervisor of the controller is
Ralf Fischinger
Dätwyler IT Infra GmbH
Auf der Roos 4-12
65795 Hattersheim / Germany
Tel.: +49 6190 8880-37
Fax: +49 6190 8880-80
E-Mail: dataprotection.itinfra.eu (at) datwyler.com
General information on data processing
Scope of the processing of personal data
In principle, we collect and use the personal data of our users only to the extent necessary to provide a functioning website and our content and services. As a general rule, personal data of users is only collected and used with their prior consent. An exception is made in cases where it is not possible to obtain prior consent for practical reasons and where the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject [data subject] for the processing of operations containing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. Where the processing of personal data is necessary for the performance of a contract and the data subject is the contracting party, the legal basis is Article 6(1)(b) GDPR.
This also applies to processing operations necessary for the implementation of pre-contractual measures. If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
If the processing is necessary for the protection of a legitimate interest of our enterprise or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the interest mentioned in the first place, Article 6 (1) (f) GDPR serves as the legal basis for the processing.
Data erasure and storage period
The data subject's personal data shall be erased or blocked as soon as the purpose for which they were stored is no longer relevant. In addition, data may be retained if so provided by the European or national legislator in regulations, laws or other provisions of Union law to which the controller is subject. Data shall also be blocked or deleted upon expiry of the storage period specified by such rules, except where further storage is necessary for the conclusion or performance of a contract.
Making the website available and creating log files
Description and scope of data processing
Each time our website is visited, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected in this context:
(1) Information on the type and version of the browser used.
(2) Operating system of the user
(3) User's Internet Service Provider (ISP)
(4) IP address of the user
(5) Date and time of access
(6) Websites from which the user's system arrived at our website
(7) Websites that the user's system accessed through our website
Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. To this end, the user's IP address must be stored for the duration of the session.
This purpose also serves our legitimate interest in the data processing in accordance with Article 6(1)(f) of the GDPR.
Storage period
Data is deleted as soon as it is no longer required for the purposes for which it was collected. Where data is collected to provide the website, this is the case when the particular session has ended.
Right of objection and deletion
The collection of data for the provision of the website and the storage of the data in log files is vital for the operation of the website. Therefore, the user has no possibility to object.
Use of cookies
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that is a unique identifier for the browser when the site is revisited.
We use cookies to facilitate the use of our website. We use cookies to make the appropriate language and country version available to users visiting the website. Some elements of our website require that the calling browser can also be identified after a page change.
Language settings are stored and transferred in cookies. User data collected in this way is pseudonymised by technical means. This means that the data can no longer be assigned to the visiting user. The data is not stored together with other personal data of the user.
An information banner informs users visiting our website about the use of cookies, and they are referred to this Privacy Policy.
Legal basis for data processing
The legal basis for processing personal data by means of technically necessary cookies is Article 6(1)(f) of the GDPR. The legal basis for processing personal data by using cookies for analytical purposes is to safeguard our legitimate interest in accordance with Article 6(1)(f) of the GDPR in the best possible functionality of the website as well as to ensure the effective and customer-friendly design of the website visit.
Purpose of data processing
The purpose of the use of technically necessary cookies is to make it easier for users to use the websites. Some functions of our website cannot be provided without the use of cookies. For this it is necessary that the browser can also be recognised again after a page change. We need cookies to transfer language settings. The user data collected by technically necessary cookies are not used to create user profiles.
Time limit for the right of storage, opposition and withdrawal
Cookies are stored on your computer and transmitted by your computer to our site. You, as the user, therefore have full control over the use of cookies. By changing the settings of your Internet browser you can disable or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. You may not be able to make full use of all the functions of the website if you deactivate cookies on our website.
You can set your browser to keep you informed about the installation of cookies, and you can decide for yourself whether you accept them or whether you wish to exclude the use of cookies in certain cases or in general. Cookies that have already been stored can also be deleted at any time. As the management of cookie settings differs from browser to browser, you can find out how to change your cookie settings in the Help menu of your browser. Here is a list of links to the Help menus of certain browsers:
Internet Explorer: support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Chrome: support.google.com/chrome/answer/95647
Safari: https://support.apple.com/en-gb/guide/safari/sfri35610/mac
Opera: help.opera.com/de/latest/web-preferences/
You may not be able to use all the functions of the website if you disable cookies on our website.
Google Analytics web analysis
This website uses the ‘Google Analytics’ service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) to analyse how users use the website. The service uses ‘cookies’, text files that are stored on your device. The information collected by cookies is usually sent to a Google server in the USA and stored there.
IP anonymisation is used on this website. The IP address of users within the member states of the EU and the European Economic Area will be shortened. This removes the personal reference to your IP address. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 letter f GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes. Within the framework of the contractual data agreement concluded between the website operators and Google Inc., Google uses the collected information to evaluate the use of the website and the website activity as well as to provide services related to the use of the Internet.
There is no guarantee that you can access all of the functions on the web without any restrictions on navigating cookies. Además, can use a complement to the navegador to evitar que la información recopilada por las cookies (incluida su dirección IP) se envíe a Google Inc. y sea utilizada por Google Inc. The siguiente enlace le lleva al plugin correspondiente: https://tools .google.com/dlpage/gaoptout?hl=es As an alternative to complementing the navigation device or the navigation device on mobile devices, you can click on the siguiente enlace para evitar que Google Analytics recopile data on this site on the web in the future (la inhabilitación Solo function in this navegador and solo for this dominio): Deactivate Google Analytics.
A cookie de exclusion is always available. If you eliminate the cookies in this browser, you can easily click on this enlace.
You can find more information about the data used by Google Inc.: https://support.google.com/analytics/answer/6004245?hl=es
GOOGLE ADS
Our website uses the online advertising program "Google Ads", a service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. As part of Google Ads, we use so-called conversion tracking. When you click on an ad served by Google, a cookie for conversion tracking is stored on your end device. These cookies lose their validity after 30 days and are not used for personal identification. The information collected with the help of the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. This means that we know the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information about this.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 31 FADP (Switzerland).
Objection: You can object to the collection by preventing the storage of cookies by setting your browser software accordingly. Further information about Google Ads and Google's privacy policy can be found at: https://policies.google.com/privacy .
GOOGLE ADS REMARKETING
We use Google Ads Remarketing to advertise our products and services on third party websites (including Google). Google Ads Remarketing shows you relevant adverts based on your previous visits to our website. Google uses cookies for this purpose. These cookies allow Google to recognise you across different devices and display your ads based on your interests.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 31 FADP (Switzerland).
Objection: You can deactivate interest-based advertising by Google by changing the settings for personalised advertising: https://adssettings.google.com/ .
GOOGLE TAG MANAGER
Our website uses Google Tag Manager, a service provided by Google Ireland Limited, which enables us to manage website tags via an interface. The Tag Manager itself does not collect any personal data. It merely triggers other tags that may collect data. We do not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest), Art. 31 FADP (Switzerland).
Further information on data protection can be found in Google's terms of use: https://policies.google.com/privacy .
META PIXEL (Formerly FACEBOOK PIXEL)
Our website uses the "Meta Pixel" (formerly Facebook Pixel) from Meta Platforms, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. With the help of the Meta Pixel, the behaviour of users can be tracked after they have clicked on a Meta or Instagram ad and have been redirected to our website. This data is used to analyse the effectiveness of the meta ads and to optimise them for future advertising measures. The data collected is anonymous to us, i.e. we do not see any personal data of individual users. However, Meta stores and processes the data so that a connection to the respective user profile is possible.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 31 FADP (Switzerland).
Objection: You can deactivate the collection and use of your data by Meta under the following link: https://www.facebook.com/settings/?tab=ads .
Functions of the social network Facebook are integrated on our website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When you visit our pages, a direct connection is established between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook "Like" button and are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 31 FADP (Switzerland).
Further information on data protection can be found in Meta's privacy policy: https://www.facebook.com/about/privacy .
Functions of the social network Instagram, which belongs to Meta Platforms Ireland Limited, are integrated on our website. If you click on the Instagram button and are logged into your Instagram account, you can link the content of our pages to your Instagram profile. Personal data, such as your IP address and the website you visited, will be transmitted to Instagram. We would like to point out that, as the provider of the page, we have no knowledge of the content of the transmitted data or its use by Instagram.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 31 FADP (Switzerland).
Further information can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875 .
X (ehemals TWITTER)
Our website uses functions of X (formerly Twitter), Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter.
Legal basis: Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in interacting with the users of our website.
Further information on data use by Twitter and setting options can be found in X's privacy policy.
We use functions of the social network LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, within our online offering. LinkedIn uses cookies to compile usage statistics and measure the success of advertising campaigns. The information collected by cookies is transferred to a server in the USA and stored there.
Legal basis: Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in analysing and improving our advertising measures.
You can object to the collection and storage of your data at any time by using the LinkedIn opt-out options: [LinkedIn Opt-Out] https://www.linkedin.com/psettings/guest-controls/retargeting-opt
Further information on data protection at LinkedIn can be found in LinkedIn's privacy policy. https://www.linkedin.com/legal/privacy/eu? .
Microsoft Clarity
We use Microsoft Clarity, an analysis service from Microsoft Corporation, to analyse and understand the behaviour of users on our website. Among other things, Clarity offers session recordings, heat maps and machine learning (ML) to identify behavioural patterns. These functions help us to continuously improve the user experience and optimise the design of the website.
Processing of personal data
Microsoft Clarity records mouse movements, clicks, scrolling behaviour and other interactions on the website. This data is processed anonymously and does not contain any personal information such as names or contact details. Clarity uses first-party cookies to analyse user behaviour without affecting the performance of the website.
Data transfer and storage duration
The data collected is stored on Microsoft servers in the Microsoft Azure Cloud. Clarity fulfils the requirements of the GDPR and the Swiss Data Protection Act. The data is stored for up to 30 days after recording and is available to the website operator for analysis. It is not passed on to third parties for commercial purposes.
Possibility of objection
Users can object to the collection of their data by Microsoft Clarity by adjusting the corresponding settings in their browser or by using the Digital Advertising Alliance (DAA) opt-out. Further information on this can be found in Microsoft's privacy policy.
EU data transfers
For EU customers, data is transferred in accordance with the Standard Contractual Clauses (SCCs) between Microsoft Ireland Operations Limited and Microsoft Corporation in the USA in order to comply with the legal requirements for cross-border data transfers.
GENERAL INFORMATION ON DATA TRANSFER TO THIRD COUNTRIES
Please note that by using some of these services, in particular Google, Meta (Facebook, Instagram), X (formerly Twitter), and LinkedIn, your personal data may also be transferred to countries outside the European Union (in particular the USA). The USA does not currently offer a level of data protection comparable to that of the EU. In order to ensure adequate protection, the transfer is based on standard contractual clauses in accordance with Art. 46 GDPR. You have the right to request information about the personal data concerning you as well as its correction, deletion or restriction of processing at any time. You can also object to the processing and have the right to data portability. Furthermore, you can complain to the competent supervisory authority about the processing of your data.
Further information on your rights can be found in our complete privacy policy. https://itinfra.datwyler.com/en/privacy-statement/ .
Newsletter
Description and scope of data processing
On our website there is the option of subscribing to a free Newsletter. When you register for the Newsletter the following data is transmitted to us from the input mask: title, surname, first name, email address and language selection. The date and time of registering are also recorded during registration.
Your consent to processing the data is obtained as part of the registration process, and reference is made to this Privacy Policy.
No data is disclosed to third parties in connection with data processing for the dispatch of Newsletters. The data are used solely for sending the Newsletter.
Double opt-in process
Registration for our Newsletter is effected in what is known as a double opt-in process. Following registration you receive an email asking you to confirm your registration. This confirmation is needed so that nobody can register with third party email addresses.
Logging
Applications for the Newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes recording the time of registration and confirmation as well as the IP address. The changes to your data stored with CleverReach are logged as well.
Use of the mailing service provider Flexmail nv
We now use the e-mail tool Flexmail (Flexmail nv, Koning Albertlaan 12, 9000 Ghent, Belgium) to send our newsletters. We have concluded a contract with Flexmail on the procedure for commissioned data processing. For this purpose, data is also stored by Flexmail solely for the purpose of sending the newsletter. Flexmail offers analysis options to determine how the newsletters are opened and used. Your data will not be passed on to other third parties for the purpose of receiving the newsletter. Flexmail does not obtain the right to pass on your data.
Legal basis for data processing
The legal basis for processing data following registration for the Newsletter by the user with the user’s consent is Article 6(1)(a) GDPR.
Purpose of data processing
Collection of the user’s email address serves to deliver the Newsletter. The language is collected in order to send the user the correct language version of the Newsletter. Title, surname and first name are used to address the recipient personally.
Storage period
The data are erased as soon as they are no longer necessary for the purpose for which they were collected. The user’s email address is therefore stored for as long as the subscription to the newsletter is active.
Other personal data collected during the registration process are usually erased after a period of seven days.
Right to object and remove
The Newsletter subscription may be cancelled by the user concerned at any time. There is an appropriate link for this in every Newsletter. By this means it is also possible to withdraw consent to the storage of personal data collected during the registration process.
Contact form and email contact
Description and scope of data processing
On our website there is a contact form which can be used to contact us by email. If a user takes advantage of this option the data entered in the input mask are transmitted to us and stored. These data are: title, surname, first name, email address, address, postcode, city, country, telephone, fax, customer number and “your message”.
The data below are also stored at the time of sending the message: date and time of sending the contact enquiry.
Alternatively, contact may be made via the email address provided. In this case the user’s personal data transmitted with the email are stored.
No data are passed on to third parties in this context. The data are used solely for the conversation.
Legal basis for data processing
The legal basis for processing data transferred in the course of an email transmission is Article 6(1)(f) GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.
Purpose of data processing
The processing of the personal data from the input mask is used by us solely for handling communication. In the event of communication by email this is also based on the requisite legitimate interest in the processing of the data.
The other personal data processed during the mailing process serve to prevent misuse of the contact form and to ensure the security of our IT systems.
Storage period
The data are erased as soon as they are no longer necessary for the purpose for which they were collected. In the case of the personal data from the input mask of the contact form and those transmitted by email, this is when the particular conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the situation concerned has been resolved.
The additional personal data collected during the mailing process are erased no later than seven days afterwards.
Right to object and remove
Users have the option of withdrawing their consent to the processing of personal data at any time. If a user contacts us by email, he/she may object to the storage of his/her personal data at any time. In such a case the conversation with the user cannot be continued. Please send a message concerning this to dataprotection.itinfra.eu (at) datwyler.com.
In this event all the personal data which were stored in the course of making contact are erased.
Form for seminar registration
Description and scope of data processing
On our website there is a form which can be used to register for a seminar. If a user takes advantage of this option the data entered in the input mask are transmitted to us and stored. These data are: title, first name, surname, telephone, fax, email address, company, department, address, postcode, city, country, confirmation of registration.
The data below are also stored at the time of sending the message: date and time of sending the contact enquiry. In this context data is not generally passed on to third parties. As a rule the data are used solely for processing the application and setting up the seminar.
In exceptional cases seminar events are held on the premises of partner companies or they are requested by us to provide classrooms or take on part of the course content. In order to provide these services it may be necessary to pass on the addresses of those who have registered for the seminar concerned.
Legal basis for data processing
The legal basis for processing the data for seminar registration transferred in the course of an email transmission is the requirement to carry out pre-contractual measures (Article 6(1)(b)).
Purpose of data processing
The processing of the personal data from the input mask is used by us solely for handling the registration and setting up the seminar. The other personal data processed during the mailing process serve to prevent misuse of the form and to ensure the security of our IT systems.
Storage period
The data are erased when they are no longer necessary for the purpose for which they were collected and there is no legal obligation to retain the data. The additional personal data collected during the mailing process are erased no later than seven days afterwards.
Right to object and remove
Users have the option of withdrawing their consent to the processing of personal data at any time. If a user contacts us by email, he/she may object to the storage of his/her personal data at any time. In such a case the conversation with the user cannot be continued. Please send a message concerning this to dataprotection.itinfra.eu (at) datwyler.com.
In this event all the personal data which were stored in the course of the enquiry are erased.
Form for cable reel fetch back
Description and scope of data processing
On our website there is a form which can be used to order the cable reel collection service. If a user takes advantage of this option the data entered in the input mask are transmitted to us and stored. These data are: company, branch, address, postcode, city, country, title, first name, surname, telephone. fax, email address, “your message”, collection date, additional information, weight, reel no., diameter, total number of reels.
The data below are also stored at the time of sending the message: date and time of sending the contact enquiry.
No data are passed on to third parties in this context. The data are used solely for processing the conversation. We will only pass relevant data and information on to third parties, such as logistics companies, so they can execute the service.
Legal basis for data processing
The legal basis for the processing of data transferred in the course of an email transmission is the legitimate interest in providing a service for an existing client/contractual partner (Article 6(1)(f)).
Purpose of data processing
The processing of the personal data from the input mask is used by us solely for handling the cable reel collection order. The other personal data processed during the mailing process serve to prevent misuse of the form and to ensure the security of our IT systems.
Storage period
The data are stored and archived for the duration of the service to be provided. The data are erased when they are no longer necessary for the purpose for which they were collected and there is no legal obligation to retain the data.
Right to object and remove
Users have the option of withdrawing their consent to the processing of personal data at any time. If a user contacts us by email, he/she may object to the storage of his/her personal data at any time. In such a case the conversation with the user cannot be continued. Please send a message concerning this to dataprotection.itinfra.eu (at) datwyler.com.
In this event all the personal data which were stored in the course of the enquiry are erased.
Embedded YouTube videos
We embed YouTube videos on some of our pages. The operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. A connection to YouTube servers is established when you visit a page with a YouTube video. At the same time YouTube is told which pages you are visiting. If you are also logged on to your YouTube account, YouTube can attribute your surfing behaviour to you personally, irrespective of whether you click on a video or not. You can prevent this by logging out of your YouTube account beforehand.
If a YouTube video is started, the provider inserts cookies which collect information on user behaviour.
Anyone who has disabled cookie storage for the Google Ad program need not reckon with such cookies when watching YouTube videos. YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you have to block the storage of cookies in the browser.
Other information on data protection in the supplier’s Privacy Policy:
https://safety.google/security-privacy/
Use of Google web fonts
In order to achieve cross-browser uniform presentation of our content on this website we use the Google web font library (https://www.google.com/webfonts/) von Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When visiting a site, Google web fonts are copied to the cache of your browser to avoid multiple loading. For this to happen the browser you are using has to contact the Google servers. This means that Google is informed that our website was accessed via your IP address.
Google web fonts are used in the interest of uniform and pleasing presentation of our online offering (Article 6(1)(f) GDPR).
If the browser does not support Google web fonts or denies access, content is displayed in a standard font.
You will find the Privacy Policy of library operator Google here:
www.google.com/policies/privacy/
Rights of the data subject
If your personal data are processed, you are the data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:
Right of information
You can ask the controller for confirmation of whether personal data concerning yourself is being processed by us.
If such processing is taking place, you may request the following information from the controller:
(1) the purposes for which the personal data are being processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom your own personal data were disclosed or are still being disclosed;
(4) the planned storage period of your own personal data or, if concrete information on this is not possible, criteria for fixing the storage period;
(5) the existence of a right to the rectification or erasure of your own personal data, of a right to restrict processing by the controller, or of a right to object to said processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all the available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved as well as the implications and intended effects of such processing for the data subject.
You have the right to request information on whether your own personal data are being transferred to a third country or to an international organisation. In this context you can request information on the appropriate guarantees pursuant to Article 46 GDPR in relation to the transfer.
Right of rectification
You have a right of rectification and/or completion vis-à-vis the controller if the processed personal data relating to you are incorrect or incomplete. The controller shall make the rectification immediately.
Right to restrict processing
You may request a restriction on the processing of your own personal data subject to the following conditions:
(1) if you dispute the accuracy of your own personal data for a period which makes it possible for the controller to check the accuracy of the personal data;
(2) if the processing is unlawful and you refuse erasure of the personal data, requesting instead that the use of the personal data be restricted;
(3) if the controller no longer needs the personal data for processing purposes, but you need them for the establishment, exercise or defence of legal claims, or
(4) if you have lodged an objection to the processing pursuant to Article 21(1) GDPR and it has not yet been established whether the controller’s legitimate reasons outweigh your reasons.
If the processing of your own personal data was restricted, these data – apart from the storage thereof – may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or of a Member State.
If the restriction on processing was imposed in accordance with the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure
a) Obligation to erase:
You may request the controller to erase your own personal data immediately, and the controller is obliged to erase said data immediately if any of the following grounds apply:
(1) Your own personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR was based, and there is no other legal basis for the processing.
(3) Pursuant to Article 21(1) GDPR you file an objection to processing and there are no overriding legitimate reasons for processing, or pursuant to Article 21(2) GDPR you file an objection to processing.
(4) Your own personal data were unlawfully processed.
(5) The erasure of your own personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) Your own personal data was collected in respect of information society services provided pursuant to Article 8(1) GDPR.
b) Information to third parties:
If the controller has made your own personal data public and is obliged to erase it pursuant to Article 17(1) GDPR, he shall with regard to the available technology and the cost of implementation take appropriate measures, including those of a technical nature, to inform those responsible for data processing and processing the personal data of the fact that you as the data subject have requested them to erase all links to said personal data or copies or replications of said personal data.
c) Exemptions
There shall be no right to erasure if processing is necessary
(1) for the exercise of the right to freedom of expression and information;
(2) to meet a legal obligation which requires the processing under the law of the Union or of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) on the grounds of the public interest in the sphere of public health pursuant to Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
(4) for the purposes of archiving, scientific or historical research in the public interest, or for statistical purposes pursuant to Article 89(1) GDPR, providing the right mentioned under section a) is likely to make it impossible to achieve the goals of said processing or to seriously jeopardise them, or
(5) for the establishment, exercise or defence of legal claims.
Right to information
If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the latter is obliged to inform all the recipients to whom your own personal data were disclosed of said rectification or erasure of data or restriction of processing, save when this proves impossible or involves unreasonable expense or effort.
You are entitled to be informed of these recipients by the controller.
Right to data portability
You are entitled to receive your own personal data which you provided to the controller in a structured, common and machine-readable format. You also have the right to transfer said data to another controller without obstruction from the controller to whom the personal data was supplied, providing
(1) processing is based on a consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
(2) processing takes place using automated procedures.
In exercising this right you further have the right to obtain the transfer of your own personal data directly from one controller to another controller if this is technically feasible. The freedoms and rights of other persons shall not be adversely affected thereby.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
For reasons arising from your own particular situation you have the right at any time to file an objection to the processing of your own personal data made on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller will cease to process your own personal data unless he can provide compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing is used for the establishment, exercise or defence of legal claims.
If your own personal data are processed in order to carry out direct marketing, you have the right at any time to file an objection to the processing of your own personal data for the purposes of this kind of advertising; this also applies to profiling if it is associated with such direct marketing.
If you object to processing for the purposes of direct marketing, your own personal data will no longer be processed for these purposes.
In connection with the use of services of the information society – notwithstanding Directive 2002/58/EC – you have the option of exercising your right to object by means of automated processes in which technical specifications are used.
Right to withdrawal of the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The legitimacy of processing carried out on the basis of consent prior to withdrawal is not affected by withdrawal of consent.
Right of complaint to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your own personal data contravenes the GDPR.
The supervisory authority with which the complaint was filed will inform the complainant of the status and results of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.