Privacy Policy

Thank you for visiting our website! The protection of personal data is of particular importance to us.

We would therefore like to take this opportunity to inform you about

what kind of your personal data we collect when you visit our websites,
for what purposes they are used and
to whom we may make it available.

We declare our compliance with the legal provisions on data protection and data security. Personal data will be used exclusively for the purposes indicated below, as well as measures to ensure data security by ensuring that data is used properly and not made accessible to unauthorized persons. Our employees as well as authorized service providers and their employees are obliged to maintain secrecy of the data disclosed by us unless there is a legally permissible reason for a transmission or disclosure of the data entrusted or made accessible to them.

This privacy policy applies to the websites of the controller which can be accessed under the domain https://www.bludelta.de/ as well as the various subdomains (hereinafter referred to as “our websites”). We reserve the right to adapt this privacy policy with future effect, in particular in the event of further development of the website, the use of new technologies or changes in regard to the legal basis or corresponding jurisdiction.

Content

Controller
Contact for Data Protection Inquiries.
General Information on Data Processing
Collection of Access Data and Log Files
1. Legal basis.
2. Storage Period
Cookies
Contact via E-mail
Newsletter
Use of Analytics tools
Plugins
Rights of the Data Subject.
Disclosure of Personal Data.
Bludelta Online Trial
Hyperlinks to External Websites.
Data Integrity
Changes to the Privacy Policy.
Data Processing in the Context of Application Procedures.
Duration of Storage and Deletion.

1 Controller

The following party is responsible for the processing of personal data within the scope of this privacy policy referred to in Art. 4 (7) of the EU General Data Protection Regulation (GDPR):

Blumatix Intelligence GmbH
Schwarzstraße 48
5020 Salzburg – Austria

For general inquiries, please use the contact details published on our homepage. For all questions and concerns regarding data protection, please contact our data protection coordinator directly: dataprivacy@blumatix.at

2 Contact for Data Protection Inquiries

DI Kurt Berthold
Certified data protection officer
clever data gmbh
Danhausergasse 9/Top 3
A-1040 Wien
Tel: +43 664 131 7999
E-Mail: kurt.berthold@cleverdata.at

3 General Information on Data Processing

3.1 Scope of Processing of Personal Data

Personal data is any information relating to an identified or identifiable natural person. In general, we collect and use personal data of our users only to the extent necessary to provide a functional website and to present our content and services. The collection and use of personal data of our users takes place only with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent and the processing of the data is permitted by a legal provision.

3.2 Legal Bases for the Processing Personal Data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis for the processing of personal data.

For the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which the controller is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the case that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

3.3 Data Deletion and Storage Period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this is required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data will also be deleted or blocked if a storage period prescribed by the aforementioned conditions expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

4 Collection of Access Data and Log Files

When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file. When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

Information about the browser type and browser version that is beeing used
Information about the user’s opferating system
Information about the user’s Internet service provider
The user’s IP address
Date and time of access to our website
Websites from which the user’s system reaches our website
Websites accessed by the user’s system via our website

The data is also stored in the log files of our system.

4.1 Legal basis

Art. 6 (1) (f) GDPR serves as the legal basis for data processing. The processing is necessary for the operation of our website and thus serves to safeguard a legitimate interest of our company.

4.2 Storage Period

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

5 Cookies

Our website uses cookies. Cookies are small text files that are stored locally in the cache of the browser used. When a user accesses our website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is called up again. Cookies do not become part of the PC system, cannot run programs and do not contain viruses.

Cookies are being used to make our website more appealing to our users. Some elements of our website require that the calling browser can be identified even after a page change. The use of cookies may be technically necessary or cookies may be used for other purposes.

Various cookies are used on our websites, which differ in type and function.

List of all data processing

5.1 Session Cookies and Persistent Cookies

Session cookies are a form of cookies that is deleted as soon as the user closes the browser after their current session. We use technically necessary session cookies, which store a session ID. With this session ID various requests from your browser can be assigned to the joint session. Some elements of our website require that the calling browser can be identified even after a page change.

Persistent cookies are stored on the user’s device to provide a user’s login information, settings or preferences the next time they visit the website. They serve to enable a more convenient and faster use of the website. This storage of these cookies is limited to a certain storage period, after which they are automatically deleted. Note that the storage period may vary depending on the cookie. You can also delete these cookies from your system beforehand by using the usual functionality of your browser.

5.2 Essential Cookies

Essential cookies are necessary for the provision of our website. We use these cookies for our website to function properly. We use essential cookies to ensure the basic functions of our website. The legal basis for this processing is Art. 6 (1) (f) GDPR.

The user data collected by essential cookies is not processed for the creation of user profiles.

5.3 Non-Essential Cookies

Non-essential cookies are used in terms of efficiency and to make our website more appealing to its users. These cookies are not necessary for the basic functions of our website. The legal basis for this processing is Art. 6 (1) (a) GDPR. Non-essential cookies are automatically deleted after a specified storage period, which may differ depending on the cookie.

5.3.1 Preference Cookies

Preference cookies enable our website to remember information that changes the way our website is presented such as the selection of your preferred language.

5.3.2 Analytical Cookies

Analytical cookies help website providers to understand how visitors interact with websites by collecting and reporting information anonymously.

5.3.3 Marketing Cookies

Third-party advertising cookies make it possible to show you various offers that match your interests. These cookies can be used to record users’ web activities over a longer period of time. You may recognize these cookies on various devices you use.

5.4 Legal Basis for Data Processing

The legal basis for the processing of essential cookies is our legitimate interest in the processing of personal data in accordance with Art. 6 (1) (f) GDPR. For non-essential cookies or so-called third-party cookies, we need your consent. If you have given us your consent regarding the use of non-essential cookies via the “cookie banner”, the legality of the use is based on Art. 6 (1) (a) GDPR. You can revoke this consent at any time by deactivating cookies in your browser settings for the future.

5.5 Storage Period

As soon as the data transmitted to us via the cookies is no longer required to achieve the purposes described above, this information will be deleted, in particular if cookies are deactivated. Further storage may take place in individual cases if this is required by law.

5.6 Configuration of Browser Settings

The administration of cookie settings is possible for you via the configuration options of your browser-settings listed below.

Most browsers are preset to automatically accept cookies. By changing the settings of your browser, you can completely deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. However, we would like to point out that you may no longer be able to use all the functions of our website to their full extent if cookies are deactivated by your browser settings on our website. You can also use your browser settings to delete cookies already stored in your browser or display the storage period. Furthermore, it is possible to receive a notification before cookies are stored via respective browser settings. The different browsers differ in their respective functions, so we ask you to use the respective help menu of your browser for configuration options.

6 Contact via E-mail

Contact forms are available on our websites, which can be used for electronic contact. If you choose this option, the data entered in the input mask will be transmitted to us and stored. The following data will be collected as part of our contact form:

First name
Surname
Company (optional)
E-mail address
Details of the request

Usage of the contact form takes place on a voluntary basis and is initiated by yourself. If you provide information on how to contact you, we will use these channels to contact you according to your request. For the processing of the data, your consent will be obtained as part of the sending process and a link to our privacy policy is provided. Alternatively, it is possible to contact us via the e-mail address provided on our website. In this case, the user’s personal data transmitted with the e-mail will be stored. The data will be deleted as soon as the purpose of the processing has been achieved unless there is another legal retention period. The conversation is concluded when it can be inferred from the circumstances that the facts in question have been conclusively clarified. In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of your request or the purpose of contacting us.

The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has given their consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, additional legal basis for the processing is Art. 6 (1) (b) GDPR.

7 Newsletter

7.1 Processing Data Types

On our website there is the possibility to subscribe to a newsletter. When registering for the newsletter, the e-mail address you provided will be transmitted to us.

The registration for our newsletter takes place through a double opt-in procedure. We will then send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm your subscription to the newsletter. You can agree by clicking on the confirm button you received. In this way, we can ensure that this is your e-mail address and that you wish to receive our newsletter.

Furthermore, the following data will be processed at the time of registration for the newsletter:

IP address
Date/time of subscription to the newsletter
Time of your confirmation by clicking the confirmation-link

To send our newsletter we use the services of:

Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, www.sendinblue.com

7.2 Legal Basis

The legal basis for the processing of the data to receive our newsletter is Art. 6 (1) (a) GDPR if the user has given their consent.

7.3 Purposes of Processing

The storage of the user’s e-mail address serves to deliver the newsletter. The collection of other personal data as part of the registration process as described above serves to prevent misuse of the services or the e-mail address used.

7.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user’s e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

7.5 Revocation of Consent

A revocation of your consent to the processing of the e-mail address for the receipt of the newsletter is possible at any time by directly clicking on the link to unsubscribe contained in the newsletter. The legality of the data processing carried out based on your consent before the revocation is not affected by the revocation itself.

8 Use of Analytics tools

8.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountainview, CA 94043 USA (“Google”). Google Analytics uses cookies that are stored on your computer and that enable the analysis of your use of the website.

The information generated by these cookies includes data about the time, place and frequency of the usage of this website and is transmitted to a server operated by Google and stored there. We would like to point out that Google may transfer this information to third parties if this is required by law, or if third parties process this data on behalf of Google.

Google will use the information generated by cookies on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. You can prevent the storage of cookies in general by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

To prevent information about your use of the website from being recorded by Google Analytics and transmitted to Google Analytics, you can also download and install a plugin for your browser from the following link: http://tools.google.com/dlpage/gaoptout?hl=en. This plugin prevents information about your visit to the website from being sent to Google Analytics. Another analysis is not prevented by this plugin.

We would like to point out that you cannot use the browser plugin described above when visiting our website via the browser of a mobile device (smartphone or tablet). By clicking on this link, a so-called opt-out cookie is set in your browser. This prevents information about your visit to the website from being sent to Google Analytics. Please note that the opt-out cookie is only valid for this browser and only for this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted. To continue preventing Google Analytics from collecting data, you must click the link again.

To ensure the best possible protection of your personal data, Google Analytics has been extended on this website by the code “anonymizeIp”. This code causes the last 8 bits of the IP address to be deleted and your IP address is thus recorded anonymously (so-called IP masking). Your IP address will be shortened by Google before transmission within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thus anonymized.

As part of the use of Google Analytics, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. The US is considered by the European Court of Justice to be a country with an insufficient level of data protection according to EU standards. Due to the absence of an adequacy decision and without appropriate safeguards, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without redress. In this respect, we would like to point out that there may currently be no suitable guarantees for data transfer to the USA.

Further information can be found under http://tools.google.com/dlpage/gaoptout or under https://policies.google.com/ (general information on Google Analytics and data protection).

Further information on Google’s use of data for advertising purposes, setting and objection options can be found on Google’s websites: www.google.com/intl/de/policies/privacy/partners/ („Use of data by Google when you use websites or apps of our partners“), www.google.com/policies/technologies/ads („Use of data for advertising purposes“), www.google.de/settings/ads („Manage information that Google uses to show you advertisements“) und www.google.com/ads/preferences/ („Determine which ads Google shows you“). Auftragsdatenvereinbarung https://privacy.google.com/businesses/processorterms/; Data protection declaration for GDPR https://policies.google.com/privacy/update?hl=en.

8.1.1 Legal Basis

The legal basis for the use is your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke this consent at any time by deactivating cookies in your browser settings for the future.

8.1.2 Storage Period

The website operators have limited the storage period of the data in Google Analytics to 14 months.

8.2 Google Ads and Google Conversion-Tracking

This website also uses the online advertising program “Google AdWords” and conversion tracking as part of Google AdWords. Google Conversion Tracking is an analysis service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). These tools are used on the basis of your consent (Art. 6 (1) (a) GDPR), which can be revoked at any time for the future. If you click on an ad placed by Google, a conversion tracking cookie will be placed on your computer. These cookies lose their validity after 30 days, contain no personal data and are therefore not used for personal identification. If you visit certain web pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Each Google AdWords customer receives a different cookie. As a result, there is no way that cookies can be tracked through AdWords advertisers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Here, customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in tracking, you can object to this use by preventing the installation of cookies by setting your browser software accordingly, switching off the cookie in the Cookie-Configuration or deactivating it here. From this point on, you will no longer be included in the conversion tracking statistics.

You can find more information about Google Ads and Google Conversion Tracking at: http://www.google.com/policies/technologies/ads/ and http://www.google.de/policies/privacy/.

8.3 Facebook Custom Audience Pixel

We use “Facebook Custom Audience Pixel” by Meta/Facebook on our website to optimize our advertising. The operator is Facebook, Inc. 1 Hackerway, Menlo Park, CA 94025, USA. For persons living outside the United States or Canada, the controller is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Habour, Dublin 2, Ireland. We use Facebook Custom Audience Pixel to show personalized ads to people who visit our website while logged in to Facebook. It also allows us to measure the effectiveness of our advertising by analyzing actions that users perform on our website. No personal data is provided to us. Facebook itself stores and processes the data at the same time, so that Facebook can connect to the respective Facebook user profile.

For information on the processing and use of personal data by Facebook, please refer to the “Privacy Policy” published by Facebook. These can be found at: https://www.facebook.com/about/privacy/

Facebook may use your data for its own advertising purposes in accordance with the Privacy Policy.

The legal basis for the storage of cookies and integration of the Facebook pixel is your consent in accordance with Art. 6 (1) (a) GDPR, if you have given your consent via the cookie banner. You have the option of preventing the storage of cookies and the integration of the web analysis service by means of selecting the corresponding settings.

9 Plugins

Our websites can contain plugins from social networks. It is possible that personal data about users of our websites are collected via these plugins, transmitted to the respective service provider, and linked to the profile of the visitor. We ourselves do not collect any personal data via plugins and their use.

9.1 Legal Basis

The legal basis for the processing of the data is Art. 6 (1) (a) GDPR.

Please note that Blumatix Intelligence GmbH has no influence on whether and to what extent the respective service providers use and collect personal data. We are not aware not aware of the scope, purpose and storage peroids of the data collection by each respective provider. However we would like to inform you that it must be assumed that at least the IP-address and device-related information are used and collected via cookies used by the plugin provider.

As part of the use of plugins personal data may be transferred to countries outside the EU/EAA (in particular to the USA). The US is considered by the European Court of Justice to be a country with an insufficient level of data protection according to EU standards. Due to the lack of an adequacy decision and appropriate safeguards there is a risk that your data will be processed by US authorities for control and monitoring purposes, possibly without any legal redress.

For further information about the scope and purpose of the data collected by the providers of plugins as well as further information about the processing and the usage of your personal data please refer to information provided by each respective service provider via their website or privacy policy.

9.1.1 Notice – Processing with Joint Responsibility

On our Facebook “fan page”, we process personal data together with Facebook, which provide information about the interaction of users and serve to optimize the usability of the website and marketing activities. For this purpose, we may refer to an agreement on joint responsibility, available at https://www.facebook.com/legal/controller_addendum or https://www.facebook.com/legal/terms/page_controller_addendum. Further information on the joint processing of personal data can be found in Facebook’s privacy policy under https://www.facebook.com/policy.php and under https://www.facebook.com/legal/terms/information_about_page_insights_data. In accordance with Art. 6 (1)(f) GDPR (“legitimate interest”), we use this information to create aggregated evaluations of the use of our social media presence and to optimize our marketing activities. This data will be stored by Facebook in accordance with the deadlines set out in https://www.facebook.com/policy.php, chapter: “Data storage, deactivation and deletion of accounts”.

9.2 Google Maps

Our website also uses the “Google Maps” service from Google to display maps or map sections and thus enables you to conveniently use the map function on the website. Google Maps is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

To increase the protection of your data when you visit our website, the plugin is integrated into the website using a so-called 2-Click solution. This integration ensures that when you access a page on our website that contains such plugins, no connection to the provider’s servers is established. The plugin is activated by clicking. When you click on the plugin your browser establishes a direct connection to the provider´s servers. The content of the plugin is then transmitted to your browser by the provider and integrated into the page.

By clicking on the Google map of our website Google receives the information that you have accessed the corresponding subpage of our website.

In addition, access data is transmitted to Google. This takes place regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned to your account. If you do not wish to be associated with your profile on Google, you must log out of your Google profile before you click on the map.

Further information on the purpose and scope of processing by the plug-in provider can be found in the provider’s data protection declaration. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.

Further information on the Google Maps terms of use can be found here: https://www.google.com/intl/de_de/help/terms_maps.html.

By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. You can also prevent the use of cookies by opening the browser used in “private mode”. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

9.3 YouTube Plugins

We use plug-ins from the video platform YouTube.de or YouTube.com on our website, a service that – represented by Google – is operated by YouTube LLC (headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA; “YouTube”).

By using plugins we can also integrate visual content (“videos”) that we have published on Youtube.de or Youtube.com on this website.

By clicking on the Video of our website Google receives the information that you have accessed the corresponding subpage of our website.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. Access data is also transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in, or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your personal user account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube saves your data as usage profiles and processes them for the purposes of advertising, market research and the need-based design of its website. Such an evaluation is carried out (also for users who are not logged in) to provide need-based advertising.

Further information on the handling of user data can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de&gl=en.

9.4 LinkedIn Insight-Tag

We use the LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2 Ireland; “LinkedIn”) website analytics function LinkedIn Insight Tag. This enables the collection of data from your visit to our website, including URL, referrer URL, IP address, device and browser properties (user agent) and timestamp. The IP addresses are shortened or hashed.

LinkedIn does not share any personal data with us, but uses the data collected on our website for reports (in which you are not identified) on website visitors and ad performance. LinkedIn also offers retargeting for website visitors on LinkedIn, so that we can use this data to display targeted advertising outside of our website without identifying you. LinkedIn also uses data that does not identify you to improve ad relevance and reach members across devices. If you do not want this, you can object to retargeting. Further information on data protection in connection with LinkedIn.

10 Rights of the Data Subject

If your personal data is processed by the controller, you are a data subject within the meaning of the GDPR and you have the following rights listed below.

10.1 Right of Access by the Data Subject

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
The right to obtain a copy referred to in (10) shall not adversely affect the rights and freedoms of others.

10.2 Right to Rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

10.3 Right to Restriction of Processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted under the abovementioned circumstances, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing pursuant to the conditions above shall be informed by the controller before the restriction of processing is lifted.

10.4 Right to Erasure (‘Right to be Forgotten’)

10.4.1 Right to Erasure

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2) GDPR, and where there is no other legal ground for the processing;
the data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

10.4.2 Information to Third Parties

Where the controller has made the personal data public and is obliged pursuant to the abovementioned conditions to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

10.4.3 Exceptions

The right to erasure does not exist if the processing is necessary:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) as well as Article 9 (3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right referred to in the aforementioned paragraphs is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.

10.5 Right to Information

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

10.6 Right to Data Portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: the processing is based on consent pursuant to point (a) of Article 6 (1) or point (a) of Article 9 (2) GDPR or on a contract pursuant to point (b) of Article 6 (1) GDPR; and where the processing is carried out by automated means.

In exercising his or her right to data portability pursuant to the abovementioned conditions, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The exercise of the right referred to above shall be without prejudice to Article 17 GDPR (Right to erasure). That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right referred to above shall not adversely affect the rights and freedoms of others.

10.7 Right to Object to Processing

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

10.8 Right to Revoke Consent under Data Protection Law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

10.9 Automated Individual Decision-Making (Including Profiling)

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This does not apply if the decision:

is necessary for entering into, or performance of, a contract between the data subject and a data controller;
is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
is based on the data subject’s explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

10.10 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the respective supervisory authority.

In Germany, the supervisory landscape under data protection law is federally structured. The non-public area is gener