Data protection information of Dr. Beyer Internet-Beratung for visitors and users of the website www.analytic‑news.com
1 Name and address of the responsible party
The responsible party in the sense of the General Data Protection Regulation (GDPR), of the data protection regulations holding good in the member states of European Union and of other regulations with a legal data-protecting character is the:
Dr. Beyer Internet-Beratung
Inh. Dr. Torsten Beyer
Weimarer Straße 30
Tel.: +49 (0)6154 / 6246 862
Fax: +49 (0)700 / 3782 3937 (costs: 12 Cent/min.*)
*For calls coming from the German landline. For calls coming from cellular networks or foreign countries possibly higher costs may arise.
2 Data protection officer
With regard to the present legal situation, according to Sec. 38 Para. 1 BDSG we are not obliged to appoint a data protection officer.
If you have any questions regarding this Data protection information or data protection related issues in general please contact us: info(at)dr-beyer.de
The data protection information of Dr. Beyer Internet-Beratung is based on the definitions used in the General Data Protection Regulation (GDPR). The data protection information of Dr. Beyer Internet-Beratung should be easily read and understood not only by the general public but also by our customers and business partners. In order to ensure this, we would like to clarify in advance the definitions used.
In this data protection information and on our website, we use - amongst others - the following terms:
3.1 Personal data
Personal data is any information relating to an identified or identifiable natural person (hereafter "data subject"). Defined as identifiable is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3.2 Data subject
Data subject is each identified or identifiable natural person, whose personal data is processed by the responsible party for the processing.
Processing means any operation or set of operations which is carried out in connection with personal data - whether or not by automated means - such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.4 Restricting of the processing
Restricting of the processing is the marking of personal data as stored with the objective of restricting its processing in the future.
Profiling is each type of the automated processing of personal data, which consists of this personal data being used to permit particular personal aspects relating to a particular natural person, and here in particular aspects in respect of work performance, economic situation, health, personal likes, interests, reliability, behaviour, place of residence or change of place of residence of this natural person to be evaluated, analysed or forecast.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, in so far as this additional information is kept in a special way and subjected to technical and organizational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
3.7 Responsible party or party responsible for the processing
Responsible party or party responsible for the processing (hereafter responsible party) is the natural person or legal entity, authority, institution or other post, which alone or together with others decides on the purposes and means of the processing of personal data. If the purposes and means of the processing are laid down in European Union legislation or the legislation of the member states, then the responsible party or the particular criteria of the appointment of this responsible party in accordance with European Union legislation or the legislation of the member states can be provided.
3.8 Order processor
Order processor is a natural person or legal entity, authority, institution or other post, which processes the personal data on the instructions of the responsible party.
Recipient is a natural person or legal entity, authority, institution or other post to which personal data are disclosed regardless of whether this is a third party or not. However, authorities, which receive within the framework of a particular investigation order in accordance with European Union legislation or the legislation of the member states data which possibly may be/contain personal data, do not hold good as recipients.
3.10 Third party
Third party is a natural person or legal entity, authority, institution or other post with the exception of the data subject, the responsible party, the order processor and those persons which are authorized under the direct responsibility of the responsible party or of the order processor to process the personal data.
Consent is each declaration of will given voluntarily by the data subject for the definite case in an informed and unambiguous manner in the form of a declaration or other unambiguous confirmatory action, with which the data subject makes clear that he/she agrees to the processing of personal data relating to himself/herself.
4 General information on data processing
Data protection, data security and data secrecy hold high priority for Dr. Beyer Internet-Beratung. The durable protection of your personal data, of your company data and of your business secrets is especially important for us.
You can always visit our website without making statements on your person. However, if you wish to make use of the services of our company, then this makes the stating of personal data necessary. As a rule we use the data that you communicate and that is collected by the website as well as the data stored in the course of the use solely for our own purposes, namely for the execution and making available of our website and the initiation, execution and progressing of the services/offers made available via the website (contract fulfilment) and do not pass this data on to external third parties in so far as there is not an official obligation to do this. In all other cases we obtain your special agreement.
The processing of your personal data is carried out in conformity with the requirements of the General Data Protection Regulation and in conformity with the country-specific data protection regulations holding good for Dr. Beyer Internet-Beratung. With the aid of this data protection information we wish to inform you on the nature, scope and purpose of the personal data processed by ourselves. In addition, we clarify for you with the aid of this data protection information the rights to which you are entitled.
Dr. Beyer Internet-Beratung has realized technical and organizational measures in order to ensure an appropriate level of protection of the personal data processed via this website. For example, for reasons of security and to protect the transmission of confidential information — like requests you submit us as website operator — this website uses a SSL-encryption. An encrypted connection can be seen from the fact that the address bar of the browser changes from "http://" to "https://" and by the lock icon in your browser address bar.
When the SSL encryption is activated the data which you transmit to us cannot be read along by any third parties. Nevertheless, fundamentally Internet-based data transmissions can have security loopholes so that absolute protection cannot be guaranteed.
In order to guarantee the authenticity and to prevent faking of the senders of emails which are being sent via our webserver or via the email accounts from our staff we use the technologies DKIM (Domain Keys Identified Mail), SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting and Conformance).
5 Collecting of general data and information
The website of Dr. Beyer Internet-Beratung collects a range of general data and information each time the website is called by a data subject or an automated system. This general data and information is stored in the log files of the server. Able to be collected are: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website, from which an accessing system reaches our website (so-called referrer), (4) the sub-websites, which are steered to on our website via an accessing system, (5) the date and time of an access to the website, (6) an Internet-protocol-address (IP-address), (7) the Internet service provider of the accessing system and (8) other similar data and information, which serve the warding off of hazards in the case of attacks to our IT systems.
In using this general data and information Dr. Beyer Internet-Beratung draws no conclusions about the data subject. Much more is this information needed (1) to be able to deliver out the content of our website correctly, (2) to permit the optimization of the content of our website and of the advertising for this, (3) to ensure the durable functionality of our IT systems and of the technology of our website and (4) to be able to make available to the law enforcement authorities the information necessary for criminal prosecution in the case of a cyber attack. This anonymously collected data and information is evaluated by Dr. Beyer Internet-Beratung on the one hand statistically and on the other hand with the objective of increasing the data protection and the data security in our company in order finally to ensure an optimal level of protection for the personal data processed by ourselves. The anonymous data of the server-logfiles are stored separately from all the personal data stated by a data subject.
6 Registration on the Website
You have the opportunity to register yourself on our website by stating your personal data. The particular personal data, which is transmitted to the party responsible for the processing, is made clear in the input mask that is used for the registration. The personal data entered by the data subject is collected and stored solely for internal use by the party responsible for the processing and their own purposes. We can pass on the data submitted to one or more order processors, for example a payment-service provider or a parcel-service provider; the service provider may then use the personal data but solely for purposes related to the fulfilment of his order from ourselves.
When you register on our website, we store in addition the IP address issued by your Internet service provider as well as the date and the time of your registration. Storing this data enables us when necessary to clarify criminal acts and infringements of copyright that have been committed. To this extent the storing of this data for our security is necessary and lies in our justified field of interest in the sense of Article 6, Para. 1, lit f) of the GDPR. Passing on of this data to third parties does not take place in so far as there is no legal obligation to do this or in so far as the passing on serves a criminal or civil prosecution.
Apart from the above, your personal data, which you stated voluntarily when registering, aid us in offering you content or services, which by reason of the nature of the matter can only be offered to registered users.
7 Contact form and email contact, commenting function, recommending function; request function for information from third parties
7.1 Provided on our website is a contact form which can be used for making contact electronically. If a user makes use of this opportunity, the data entered in the input mask is transmitted to and will be stored by ourselves. This data is:
- Details whether the answer has to be given by mail or phone
- Details regarding the information desired
- Search engine optimization
- Web-content, Web-research
- First name*;
- Telephone number1;
- Email address*;
- Message (free text)*;
*compulsory statements; 1 in particular forms a compulsory statement
At the time of the transmission of the message the following data will also be stored:
A list of the relevant data follows. Here some examples:
- IP-address of the user
- Date and time of the transmission
7.2 Alternatively, it is possible for contact to be made via the email address that is provided. In this case the personal data of the user transmitted with the email is stored.
In this connection no data is passed on to third parties. The data is used exclusively for the processing of the conversation and will immediately be deleted if it is no longer needed.
7.3 Commenting function on this website
For the commenting function on this website, besides your comment, also statements are being stored regarding the moment of posting the comment and, if you do not post anonymous, the user name set by you.
7.4 Subscribing to comments in the message board and Content-Alerts
As a registered user you can subscribe to comments after you have logged in.
By placing "Content Alerts" you can receive information regarding Analytik NEWS for your prefered topics by mail on a daily basis. You can unsubscribe to this function at any time by using the link in your account.
7.5 Request function for information from third parties
As far as you request information / offers using our request function from third parties we forward your request to those third parties. In order to do so we obtain your separate and at any time revocable consent.
7.6 In connection with requests to us generally there is no transmission of data to third parties without your separate and at any time revocable consent. The data is solely being used for processing the conversation and will be deleted if it is n longer needed.
8 Newsletter; advertising
The newsletter is sent on the basis of your application at the website in the modus of the double-opt-in process whereby at the time of the application for the newsletter the following data from the input mask is transmitted to us:
- Choice of the newsletter*
- First name;
- Email address*;
In addition, the following data will be collected at registration:
- IP address of the calling computer
- Date and time of the registration
For the processing of the data your consent will be obtained within the framework of the registration process by way of the Double-Opt-In procedure whereby reference is made to this data protection information.
For the use of our newsletter we avail ourselves of a diligently chosen and obliged order processor which is AGNITAS AG, Werner-Eckert-Straße 6, D-81829 München; Email: firstname.lastname@example.org .
For the newsletter statistical evaluations are possible. For this purpose we capture email openings as well as the clicks on links. This information is used in order to optimize the content of the newsletter and to measure the success of marketing campaigns. There is no transmission of this information to third parties. Legal basis of this tracking is the safeguarding of the legitimate interests acc. to Art. 6 Para. 1 lit. f GDPR.
You as the recipient have at any time the possibility to object to this data collection by changing the tracking settings at the end of each newsletter.
In addition, we reserve the right to store your first name and surname, your postal address and — in so far as we have received this additional information from yourself within the framework of the contractual relationship — your title, academic degree, year of birth and professional title, sector or business designation and to store this information for our own adverting purposes, e.g. for the sending of similar, interesting offers and information on our training offers per mail or per email if you have stated your email address (possibly after separate consent).
8.3 Transmission for a specific purpose
Except for the transmission for a specific purpose of data to the order processor, without your separate consent in connection with the data processing for the sending of newsletters and advertisings there will be no transmission to third parties. The data is used exclusively for the sending of the newsletter.
8.4 Right of objection and right of revocation
We draw explicit attention to your right of revocation (newsletter) and your right of objection (advertising) in accordance with sections 17.7 and 17.8 of this data protection information.
9 Data protection with applications and application processes
We collect and process the personal data of applicants for the purpose of progressing the application process. The processing can also be carried out electronically. This is in particular the case when an applicant sends to us relevant application documents by an electronic route, e.g. per email. If we conclude a contract of employment with yourself as applicant, the data transmitted will be stored for purposes of progressing the employment relationship subject to observation of the legal regulations. If a contract of employment is not concluded by the party responsible for the processing with the applicant, then the application documents will be automatically deleted six months after notification of the rejection in so far as there is no other legitimate interest of the party responsible for the processing against deletion. Another legitimate interest in this sense is, for example, an obligation of proof in a process in accordance with the German General Equal Treatment Act. Deviations from these general storing- and processing rules may occur from job offerer to job offerer, the job offerer informs you thereover.
10.1 Description and scope of the data processing
We employ cookies in order to arrange our website in a more user-friendly manner. Certain elements of our website require that the calling browser can also be identified after a page change.
In the cookies the following date is stored and transmitted:
- Present browser session (session-ID) in order to identify the status (logged-in/logged-out) and
- For the identification of users logged in on the whole website by use of form entries (caching in case of missing entries)
The cookies are only valid for the current session and won´t be connected with personal data.
Revive-AdServer also uses tracking pixels. By these, information regarding the visitor traffic can be gathered and analyzed. The by cookies and tracking pixels generated data regarding to the use of this website and the delivery of web formats is sent to the Revive-AdServer and is there stored. These information can be transmitted to affiliates but won´t be brought together with your IP-address.
Dr. Beyer Internet-Beratung operates the said AdServer under the web address https://www.laborinformation.de. There is no transmission of personal data to other companies.
The data of users gathered in this way are in general pseudonymized through technical measures. Therefore an allocation of that data to the invoking user is no longer possible. This data is not stored together with other personal data about you.
You can set up your browser in such a way that you will be informed about the placing of cookies and that you can decide on the acceptance of cookies or exclude the acceptance of cookies in general for certain cases. If you don´t accept cookies the functionality of our website can be restricted (for example log-in or the filling in of forms is not possible then).
11 Data protection regulations for the use and application of Google Analytics (with anonymization function and demographic attributes)
11.1 We have integrated on this website the Google Analytics component (with anonymization function). Google Analytics is a web-analysis service. Web-analysis is the collecting, compilation and evaluating of data concerning the behaviour of the visitors to websites. A web-analysis service collects - amongst other things - data on from which website (the so-called referrer) a data subject has come to a website, which subsites of the website were accessed or how often and for what period a subsite was watched. Web-analysis is used primarily for optimization of a website and for cost-benefit analysis of Internet advertising.
The operating company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
Further information and the valid and applicable data protection regulations of Google can be called under https://www.google.de/intl/de/policies/privacy/ as well as under https://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link: https://www.google.com/intl/de_de/analytics/
11.2 This website also uses the "demographic features" function of Google Analytics. This allows reports to be created that contain information on the age, gender and interests of site visitors. This data comes from interest-related advertising by Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can opt-out of this feature at any time by using the ad settings in your Google Account or opt-out of the collection of your information by Google Analytics as described in Section 11.1, Para. 5.
12.2 Users can prevent the installation of Google AdSense cookies in various ways:
- by setting the browser software accordingly;
- by deactivating interest-based ads on Google;
- by deactivating the interest-based advertisements of providers that are part of the "About Ads" self-regulation campaign;
- by permanent deactivation through a browser plug-in.
The settings under b and c are deleted when cookies are deleted in the browser settings.
12.3 Further information on data protection and cookies for advertising on Google AdSense can be found in Google's data protection declaration, in particular under the following links:
13 Amazon Affiliate Program
14 Use of Google Maps
Here you will find detailed instructions for managing your own data in connection with Google products: https://support.google.com/accounts/answer/3024190
15 Use of various social-media plug-ins
We do not use plug-ins on our site. The icons of Facebook, Twitter, Google+, XING and LinkedIn displayed on our website are only links that pass the URL of the currently active page to the social media pages when you click on it and subsequently log in.
16 Legal fundamentals, purposes of the processing, duration of the storage, objections and opportunities for elimination
16.1 General statements on the legal fundamentals
Article 6 Para. 1 lit. a EU General Data Protection Regulation (EU GDPR) serves as the foundation for the processing of personal data in so far as we obtain the consent of the data subject for the processing of personal data.
Article 6 Para. 1 lit. b GDPR serves as the legal foundation for the processing of personal data which is necessary for the fulfilment of a contract if the data subject is party to this contract. This also holds good for processing processes which are necessary for the execution of pre-contractual measures.
Article 6 Para. 1 lit. c GDPR serves as the legal foundation in so far as processing of personal data is necessary for the fulfilment of a legal obligation.
Article 6 Para. 1 lit. d GDPR serves as the legal foundation for the situation that vital interests of the data subject or another natural person make the processing of personal data necessary.
Article 6 Para. 1 lit. f GDPR serves as the legal foundation for the situation that processing is necessary for ensuring a legitimate interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not exceed the first named interest.
16.2 General statements on deletion of data and duration of storing
The personal data of the data subject are deleted or disabled as soon as the purpose for which the data was stored lapses. In addition, storage can take place if this was stipulated by the European or national legislatures in orders, laws or other regulations in accordance with European Union law to which the responsible party is subject. Disabling or deletion of the data is also carried out if a storage period prescribed by the standards as named expires unless there is a necessity for the continued storage of the data for the concluding or fulfilling of a contract.
16.3 Individual statements:
|Date / data||Legal foundation||Storage purpose||Storage duration||Objection / opportunity for elimination|
|General system data in accordance with clause 5||Article 6 Para. 1 lit. f GDPR (legitimate interest)||The temporary storing of the IP-address by the system is necessary to permit the delivery of the website to the computer of the user. For this the IP-address of the user must remain stored for the duration of the session.||The data is deleted as soon as it is no longer necessary for achieving the purpose of their collection. This is the case when the particular session has ended in situations where the data is collected for making the website available.|
This is the case at the latest seven days after the time when the data was stored in log files. More extensive storing is possible. In this case the IP-addresses of the users are deleted or distorted so that an assignment of the client calling in is no longer possible.
|No because the data is essential for operating of the website|
|Registration data in accordance with clause 6||Article 6 Para. 1 lit. b GDPR (contract fulfilment)||Registration of the user is necessary for the fulfilment of a contract with the user or for the execution of pre-contractual measures.||This is the case for the fulfilment of a contract or the execution of pre-contractual measures during the registration process when the data for the execution of the contract is no longer needed. Also, after the concluding of the contract there can be a necessity for the personal data of the contractual partner to be stored in order to meet contractual or legal obligations.||As user you have the opportunity at any time to terminate the registration. You can have the data stored on you changed at any time.|
If the data is necessary for the fulfilment of contract or for the execution of pre-contractual measures, then premature deletion of the data is only possible if there are no contractual or legal obligations standing in the way of this.
|Data from the Contact form and email contact, commenting function, recommending function; request function for information from third parties accordance with clause 7||Legal foundation for the processing of the data is as a rule Article 6 Para. 1 lit. b. GDPR in the case of enquiries via the contact form and/or emails (contract fulfilment; pre-contractual measures);|
Article 6 Para. 1 lit. c. GDPR (fulfilment of a legal obligation, e.g. answering of questions on data protection) or
processing in accordance with Article 6 Abs. 1 lit. a DSGVO (in case of data transmission to third parties) and
in addition, Article 6 Para. 1 lit. f GDPR (legitimate interest).
|The processing of the personal data from the input mask / email serves us solely for the processing of the contact. This is also the necessary legitimate interest in the processing of the data.|
The other personal data processed during the sending-off process serve to prevent misuse of the contact form and to ensure the security of our IT systems.
|The data is deleted as soon as it is no longer needed for achieving the purpose of their collection. This is the case for the personal data from the input mask of the contact form and those which are sent by email when the particular conversation with the user has ended. The conversation has ended when the circumstances allow the conclusion to be drawn that the matter in question has been finally clarified.|
The above does not hold good if the correspondence is subject to a retention obligation under commercial law.
The additional personal data collected during the sending-off process is deleted at the latest after a period of seven days.
|The user has the opportunity to object at any time to the storing of his personal data. In such a case the conversation cannot be continued.|
|Newsletter-data in accordance with clause 8.1||Legal foundation for the processing of the data following the user requesting sending of the newsletter is - when the consent of the user is held - Article 6 Para. 1 lit. a GDPR (consent).|| The collection of the email serves to permit the newsletter to be sent.|
The collection of other personal data within the framework of the application process serves to prevent misuse of the services or of the email used. The collection of other personal data within the framework of the application process serves to prevent abuse of the services or of the email address used.
|The date is deleted as soon as it is no longer necessary for achieving the purpose of their collection. Accordingly, the email address of the user is kept stored for as long as the subscription for the newsletter is active.|
The other personal data collected within the framework of the application process is deleted as a rule after a period of seven days.
|The subscription for the newsletter can be terminated at any time by the relevant user. For this purpose, there is an appropriate deactivation link in each issue of the newsletter.|
Terminating the subscription represents at the same time a revocation of the consent to the storing of personal data collected during the application process.
|Advertising on the basis of business relationships in accordance with clause 8.2||Legal foundation for advertising in accordance with clause 8.2 is Article 6 Para. 1 lit. f GDPR (legitimate interest)||Purpose of the collection in addition to fulfilment of the contract is being able to send promotional material to the customer in a targeted manner (in line with his interests).||The date is deleted at the latest 6 years after the last booking or they are blocked for advertising purposes (in so far as there is retention obligation).||Right of objection in accordance with clause 17.7|
|Data collected in connection with job-applications and job-application processes in accordance with clause 9||Legal foundation for the processing of the data is as a rule Article 6 Para. 1 lit. b. GDPR with job applications submitted via the contact form and/or email (fulfilment of the employment contract; measures prior to the concluding of an employment contract);|
Article 6 Para. 1 lit. c. GDPR (Fulfilment of a legal obligation, e.g. answering of questions in connection with the job-application process) and
apart from this Article 6 Para. 1 lit. f GDPR (legitimate interest) and
special legal authorization rules such as a collective agreement, company agreement, income tax law etc. A supplementary reference is made to the Personnel / HR processing file.
|If we conclude an employment contract with you as job applicant, the data transmitted for the purpose of progressing the employment relationship will be stored whereby the legal obligations will be observed.||If no employment contract is concluded between the party responsible for the processing and the job applicant, then the job-application documents will be automatically deleted six months after the notification of rejection has been sent in so far as no other legitimate interest of the party responsible for the processing conflicts with the deletion.|
A legitimate interest in this connection could be - for example - a proof obligation in a process in accordance with the German General Equal Treatment Act).
|Only general objection and elimination opportunities.|
|Cookies in accordance with clause 10.||Article 6 Para. 1 lit. f GDPR (legitimate interests) for strictly technically essential cookies|
In addition: Article 6 Para. 1 lit. a GDPR (consent)
Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and in this way, we can continually optimize our offer.
These purposes also include our legitimate interest in the processing of the personal data in accordance with Article 6 Para. 1 lit. f GDPR.
The transmission of flash cookies cannot be prevented via the browser settings but requires changes to the setting of the flash player.
|Data transmission through third party cookies in accordance with clauses 11-14||Article 6 Para. 1 lit. f GDPR (legitimate interest)||Purpose of and legitimate interest in the setting of third party cookies is that of improving our offer for you through the analysis of your user behaviour. As a rule, only a pseudonymized transmission of data to the third parties takes place. In addition, you yourself are able to prevent transmission of third party cookies by carrying out an appropriate setting on your Internet browser. For more details look at the statements made under clauses 11-14.||Third party cookies are stored on the computer of the user and are transmitted to our computer from this. Accordingly, you as user have full control on the use of third party cookies.||By carrying out a change to the settings of your Internet browser you can deactivate or restrict the transmission of third party cookies. Third party cookies that have already been stored can be deleted at any time. This process can also be automated.|
The transmission of flash cookies cannot be prevented via the browser settings but requires changes to the setting of the flash player.
17 Your rights
If your personal data is processed, then you are the data subject in the sense of the GDPR and you are entitled to the following rights vis à vis the responsible party:
17.1 Right to information
You can demand from the responsible party confirmation as to whether personal data, that relates to you, has been processed by ourselves.
If such processing has taken place, you can demand information on the following from the responsible party:
- The purposes for which the personal data is processed;
- The categories of personal data which are processed;
- The recipients or, as the case may be, the categories of recipients to which the personal data relating to you has been disclosed or will be disclosed;
- The planned duration of the storage of the personal data relating to you or — if concrete statements on this are not possible — the criteria for the laying down of duration of storage;
- The existence of a right to correction or deletion of the personal data relating to yourself, of a right to a restriction of the processing by the responsible party or of a right of objection to this processing;
- The existence of a right of appeal at a supervisory authority;
- All the available information on the origin of the data if the personal data was not collected at the data subject;
- The existence of an automated decision-finding process including profiling in accordance with Article 22 Para. 1 and 4 GDPR and — at least in these cases — meaningful information on the logic involved and its scope and the effects strived for of such a processing for the data subject in question
You are entitled to the right to demand information on whether the personal data relating to yourself is transmitted to a third country or an international organization. In this connection you can demand to be instructed on the suitable guarantees in accordance with Article 46 GDPR in connection with the transmission.
17.2 Right to correction
You have a right to correction and/or complementing vis à vis the responsible party in so far as the personal data as processed and which relates to yourself is incorrect or incomplete. The responsible party has to carry out the correction without delay.
17.3 Right to restriction of the processing
Subject to the meeting of the following preconditions you can demand restriction of the processing of the personal data relating to you:
- if you dispute the correctness of the personal data relating to yourself for a period which makes it possible for the responsible party to check the correctness of the personal data;
- the processing is unlawful and you reject deletion of the personal data and instead demand restriction of the use of the personal data;
- the responsible party no longer needs the personal data for purposes of the processing but you need the data for the advancing, exercising or defending of legal claims, or
- if you have advanced objection to the processing in accordance with Article 21 Para. 1 GDPR but it has not yet been established whether the justified reasons of the responsible party outweigh your reasons.
If the processing of the personal data relating to yourself has been restricted, then this data — apart from the storing of this — may only be processed with your consent or for the assertion, exercising or defending of legal claims or for the protection of the rights of another natural person or legal entity or for reasons relating to an important public interest of the European Union or of a member state.
If the restriction of the processing has been restricted in accordance with the afore-mentioned preconditions, then you will be informed by the responsible party before the restriction is removed.
17.4 Right to deletion
17.4.1 Deletion obligation
You can demand of the responsible party that the personal data relating to yourself is deleted without delay and the responsible party is then obliged to delete this data without delay in so far as one of the following reasons applies:
- The personal data relating to yourself is no longer required for the purposes for which it was collected or for which it was processed.
- You revoke your consent, on which processing in accordance with Article 6 Para. 1 lit. a or Article 9 Para. 2 lit. a GDPR was based, and there is no other legal foundation for the processing.
- You submit an objection to the processing in accordance with Article 21 Para. 1 GDPR and there are no justified reasons for the processing with a higher priority, or you submit an objection to the processing in accordance with Article 21 Para. 2 GDPR.
- The personal data relating to you was processed in an unlawful manner.
- The deletion of the personal data relating to you is required to fulfil a legal obligation in accordance with European Union law or the law of the member states, which laws the responsible party is subject to.
- The personal data relating to you was collected in relation to services offered by the information company in accordance with Article 8 Para. 1 GDPR.
17.4.2 Information to third parties
If the responsible party has made the personal data relating to you public and if he/she is obliged to delete this data in accordance with Article 17 Para. 1 GDPR, then he/she shall take reasonable measures including ones of a technical nature — whereby account shall be taken of the available technology and the implementation costs — to inform the responsible parties for the data processing which process the personal data that you as data subject have demanded from them the deletion of all links to this personal data or of copies or replicates of these.
The right to deletion does not exist in so far as the processing is necessary for
- the exercising of the right of free expression of opinion and to information;
- for the fulfilment of a legal obligation, which requires the processing in accordance with the law of the European Union or the law of the member states, which laws the responsible party is subject to, or for the carrying out of a task, which lies in the public interest or which is carried out in the exercising of public authority, which authority was transferred to the responsible party;
- for reasons of public interest in the field of public health in accordance with Article 9 Para. 2 lit. h and i as well as Article 9 Para. 3 GDPR;
- for archiving purposes, scientific or historical research purposes lying in the public interest or for statistical purposes in accordance with Article 89 Para. 1 GDPR, in so far as the right named in section 1 probably makes the reaching of the objectives of the processing impossible or impairs it seriously, or
- for the advancing, exercising or defending of legal claims.
Moreover, the right to deletion does not exist in so far as the personal data has to be stored by the controller in order to fulfill legal duties to preserve records and legal retention periods. In such a case instead of deletion blockage of the personal data applies.
17.5 Right to information
If you have advanced the right to the correcting, deleting or restricting of the processing vis à vis the responsible party, then the latter is obliged to inform all recipients, to which the personal data relating to you was disclosed, of this correction or deletion of the data or of the restricting of the processing, unless this proves itself to be impossible or linked with unreasonable expenditure.
You are entitled to the right vis à vis the responsible party to be informed about these recipients.
17.6 Right to data portability
You have the right to receive the personal data relating to you, which you made available to the responsible party, in a structured, conventional and machine-readable format. In addition, you have the right to transmit this data to another responsible party without hindrance by the responsible party to whom the personal data was made available, in so far as
- the processing is based on a consent in accordance with Article 6 Para. 1 lit. a GDPR or Article 9 Para. 2 lit. a GDPR or on a contract in accordance with Article 6 Para. 1 lit. b GDPR and
- the processing is carried out with the aid of automated processes.
In exercising this right, you have in addition the right to bring about the situation that the personal data relating to you is transferred directly from one responsible party to another responsible party in so far as this is technically possible. The freedoms and rights of other persons may not be impaired thereby.
The right to data portability does not hold good for the processing of personal data, which is necessary for the carrying out of a task, which lies in the public interest or in the exercising of public authority and which task was transferred to the responsible party.
17.7 Right to object
For reasons which result from your particular situation you have the right to advance at any time objection to the processing of the personal data relating to you, which processing is carried out on the basis of Article 6 Para. 1 lit. e or f GDPR; this right also holds good for profiling based on these provisions.
The responsible party shall then no longer process the personal data relating to you, unless he/she can demonstrate compelling reasons worthy of protection, which reasons overweigh your interests, rights and freedoms or where the processing serves the advancing, exercising or defending of legal claims.
If the personal data relating to you is processed for the carrying out of direct advertising, then you have the right to advance at any time objection to the processing of the personal data relating to you for purposes of such advertising; this holds good too for profiling in so far as this is carried out in connection with such direct advertising.
If you object to the processing for purposes of direct advertising, then the personal data relating to you will no longer be processed for these purposes.
You have the opportunity – in connection with the use of services of the information company and regardless of directive 2002/58/EC — to exercise your right of objection with the aid of automated processes in which technical specifications are used.
17.8 Right to revocation of the declaration of consent under data protection law
You have the right to revoke at any time and without giving reasons your declaration of consent under data protection law. In the event of revocation we immediately will delete your personal data and no longer process it. The legality of the processing carried out on the basis of your consent and carried out up to the time of the revocation is not affected by the revocation.
17.9 Automated decision-making in individual cases including profiling
You have the right to not subject yourself to a decision based solely on an automated processing process — including profiling — which unfolds a legal effect vis à vis yourself or which impairs you significantly in a similar way. This does not hold good if the decision
- is necessary for the concluding or fulfilment of a contract between you and the responsible party,
- is permissible on the basis of legal regulations of the European Union or of its member states, which the responsible party is subject to, and these regulations contain reasonable measures for the maintenance of your rights and freedoms as well as for your legitimate interests or
- is carried out with your explicit consent.
However, these decisions may not be based on particular categories of personal data in accordance with Article 9 Para. 1 GDPR, in so far as Article 9 Para. 2 lit. a or g does not hold good and reasonable measures have been taken for the protection of the rights and freedoms as well as of your legitimate interests.
In respect of the cases named in (1) and (3) above the responsible party shall take reasonable measures to ensure the rights and freedoms as well as your legitimate interests, whereby belonging thereto is at the least the right to the affecting of the intervention of a person on the side of the responsible party for the representation of the responsible party's standpoint and to the challenging of the decision.
17.10 Right to complain at a supervisory authority
Regardless of another regulatory or judicial remedy, you are entitled to the right to lodge a complaint at a supervisory authority and here in particular at a supervisory authority in the member state of your place of residence, of your place of work or of the place where the suspected infringement took place when you are of the opinion that the processing of the personal data relating to you infringes the GDPR.
In this situation the supervisory authority, at which the complaint was lodged, shall inform the complainant on the status and the results of the complaint including the possibility of a judicial remedy in accordance with Article 78 GDPR.
Status: September 2018
Responsible party: Dr. Beyer Internet-Beratung