Privacy policy declaration
Privacy policy
declaration
nilo kilim
- 1. Introduction and contact details of the responsible person
- 2. Data collection when visiting our website
- 3. Cookies
- 4. Contact
- 5. Use of customer data for direct advertising
- 6. Data processing for order processing
- 7. Web analytics services
- 8. Tools and other
- 9. Rights of the data subject
- 10. Duration of the storage of personal data
1. Introduction and contact details of the responsible person
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.
1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Nilo Design e.U.Inhaber: Niel Mazhar, Josefstädter Straße 82/4/94, 1080 Wien, Österreich, Tel.: +43 6505426781, E-Mail: hello@nilo-kilim.com . The controller of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the responsible party), this website uses an SSL or SSL protocol. TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.
2. Data collection when visiting our website
During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect such data that your browser transmits to the page server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
– Our visited website
– Date and time at the time of access
– Amount of data sent in bytes
– Source/reference from which you reached the page
– Browser used
– Operating system used
– IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
3. Cookies
To make your visit to our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your terminal device. In some cases, these cookies are automatically deleted after the browser is closed (so-called “session cookies”), in other cases, these cookies remain on your terminal device for longer and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.
If personal data are also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the execution of the contract, according to Art. 6 para. 1 lit. a DSGVO in the case of granted consent or pursuant to Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
4. Contact
When contacting us (e.g. via contact form or e-mail), personal data is processed – exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.
The legal basis for the processing of this data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR. If your contact is aimed at a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted when it is clear from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
5. Use of customer data for direct advertising
Subscribe to our newsletter
If you subscribe to our e-mail newsletter, we will send you regular information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. For the newsletter dispatch, we use the so-called double opt-in procedure, which ensures that you will only receive newsletters if you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the specified mail address.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In doing so, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later date. The data we collect when you register for the newsletter is used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for any other purpose that is permitted by law and about which we inform you in this declaration.
6. Data processing for order processing
6.1. Transmission of image files for order processing by e-mail
On our website, we offer customers the opportunity to request the personalization of products by sending image files via e-mail. The submitted image motif is used as a template for the personalization of the selected product.
The customer can send one or more image files from the memory of the end device used to us via the mail address provided on the website. We then collect, store and use the files transmitted in this way exclusively for the production of the personalized product as defined in the respective service description on our website. If the transmitted image files are passed on to special service providers for the preparation and processing of the order, you will be explicitly informed about this in the following paragraphs. Any further disclosure will not take place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all the processing operations just mentioned are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 Para. 1 lit. b GDPR.
After final processing of the order, the transmitted image files are automatically and completely deleted.
6.2 As far as necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be processed in accordance with Art. 6 para. 1 lit. b DSGVO to the contracted transport company and the contracted credit institution.
Insofar as we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data (name, address, e-mail address) provided by you when placing the order in order to inform you within the scope of our statutory information obligations pursuant to Art. 6 Para. 1 lit. c DSGVO by appropriate means of communication (e.g. by mail or e-mail) about upcoming updates in person within the period provided for by law. Your contact data will be used strictly for the purpose of notifying you of updates we owe you and will be processed by us for this purpose only to the extent necessary for the information in question.
In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.
6.3. Transfer of personal data to shipping service providers
– DHL Express
We use the following provider as transport service provider: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany.
We disclose your e-mail address and/or telephone number in accordance with Art. 6 para. 1 lit. a DSGVO before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification to the provider, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery, we will disclose pursuant to Art. 6 para. 1 lit. b DSGVO only the name of the recipient and the delivery address to the provider. The disclosure is made only to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with the supplier or the delivery notice is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the provider.
– DPD Austria
We use the following provider as transport service provider: DPD Direct Parcel Distribution Austria GmbH, Arbeitergasse 46, 2333 Leopoldsdorf, Austria.
We disclose your e-mail address and/or telephone number in accordance with Art. 6 para. 1 lit. a DSGVO before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification to the provider, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery, we will disclose pursuant to Art. 6 para. 1 lit. b DSGVO only the name of the recipient and the delivery address to the provider. The disclosure is made only to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with the supplier or the delivery notice is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the provider.
6.4. Use of payment service providers (payment services)
– Apple Pay
If you choose the payment method “Apple Pay” of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the “Apple Pay” function of your terminal device running iOS, watchOS or macOS by charging a payment card deposited with “Apple Pay”. Here, Apple Pay uses security features built into your device’s hardware and software to protect your transactions. In order to approve a payment, you must enter a code that you have previously specified and verify it using the “Face ID” or “Touch ID” function of your terminal device.
For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to make the payment. Encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the success of the payment.
Insofar as personal data are processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was completed successfully. Anonymization completely excludes any reference to persons. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on the iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay”, and uncheck “Allow payments on Mac”.
For more information about Apple Pay privacy, please visit the web address below:
Link
.
– EPS bank transfer
One or more online payment methods from the following provider are available on this website: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2,1200 Vienna, Austria.
If you choose a payment method of the provider where you make an advance payment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number), as well as information about the content of your order in accordance with Art. 6 para. 1 lit. b DSGVO passed on. In this case, your data will be passed on exclusively for the purpose of processing payment with the provider and only to the extent necessary for this purpose.
– Klarna
Online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
If you select a payment method of the provider for which you make an advance payment, your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 1 lit. b GDPR. In this case, your data will only be passed on for the purpose of processing payment with the provider and only to the extent necessary for this purpose.
When selecting a payment method of the provider with which the provider makes advance payments, you will also be asked to provide certain personal data (first name and surname, street, house number, postcode, city, date of birth, e-mail address, telephone number, if applicable data on alternative means of payment) during the ordering process.
In order to safeguard our legitimate interest in determining the solvency of our customers, this data is passed on to the provider by us for the purpose of a credit check in accordance with Art. 6 1 lit. f GDPR. On the basis of the personal data provided by you as well as further data (such as shopping cart, invoice total, order history, payment history), the provider checks whether the payment option selected by you can be granted with regard to payment and/or bad debt risks.
In addition to internal provider criteria, identity and creditworthiness information from the following credit agencies may also be included in the decision-making process as part of the application review in accordance with Art. 6 1 lit. f GDPR: Link
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
– PayPal
One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
If you choose a payment method of the provider where you make an advance payment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number), as well as information about the content of your order in accordance with Art. 6 para. 1 lit. b DSGVO passed on. In this case, your data will be passed on exclusively for the purpose of processing payment with the provider and only to the extent necessary for this purpose.
If you select a payment method for which the provider makes an advance payment (such as purchase on account or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, e-mail address, telephone number, and, if applicable, data on an alternative means of payment) during the ordering process.
In order to protect our legitimate interest in determining the solvency of our customers, this data is used by us in accordance with Art. 6 para. 1 lit. f DSGVO to the provider for the purpose of a credit check. On the basis of the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment option selected by you can be granted with regard to payment and/or bad debt risks.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
– PayPal Checkout
This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal’s own payment methods and local third-party payment methods.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “Pay Later” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b DSGVO and only insofar as this is necessary for payment processing.
PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “Pay later” via PayPal. For this purpose, your payment data may be processed in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
If you select the PayPal payment method “purchase on account”, your payment data will first be transmitted to PayPal in preparation for payment, whereupon PayPal will forward them to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”) in order to make the payment. The legal basis in each case is Art. 6 para. 1 lit. b GDPR. In this case, RatePay carries out an identity and credit check on its own behalf to determine solvency in accordance with the principle already mentioned above and discloses your payment data on the basis of the legitimate interest in determining solvency pursuant to Art. 6 para. 1 lit. f DSGVO to credit agencies. A list of credit bureaus that Ratepay can use can be found here:
Link
.
When using the payment method of a local third party provider, your payment data will first be used to prepare the payment in accordance with Art. 6 para. 1 lit. b DSGVO passed on to PayPal. Depending on your selection of an available local payment method, PayPal will then transmit your payment data for the execution of the payment pursuant to Art. 6 para. 1 lit. b DSGVO to the corresponding provider:
– Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
– iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, The Netherlands)
– giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main
– bancontact (Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium)
– blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland).
– eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2
1200 Vienna, Austria)
– MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
– Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
For more information on data protection, please refer to PayPal’s privacy policy:
Link
.
– Stripe
One or more online payment methods are available on this website from the following provider: Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
If you choose a payment method of the provider where you make an advance payment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number), as well as information about the content of your order in accordance with Art. 6 para. 1 lit. b DSGVO passed on. In this case, your data will be passed on exclusively for the purpose of processing payment with the provider and only to the extent necessary for this purpose.
If you select a payment method for which the provider makes an advance payment (such as purchase on account or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, e-mail address, telephone number, and, if applicable, data on an alternative means of payment) during the ordering process.
In order to protect our legitimate interest in determining the solvency of our customers, this data is used by us in accordance with Art. 6 para. 1 lit. f DSGVO to the provider for the purpose of a credit check. On the basis of the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment option selected by you can be granted with regard to payment and/or bad debt risks.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
7. Web analytics services
Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website.
By default, Google Analytics sets 4 cookies when you visit the website, which are stored as small text modules on your terminal device and collect certain information. The scope of this information also includes your IP address, which is, however, shortened by Google by the last digits in order to exclude a direct personal reference.
The information is transferred to Google servers and processed there. In the process, transfers to Google LLC based in the USA are also possible.
Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide other services relating to website activity and internet usage. The IP address transmitted and shortened by your browser as part of Google Analytics is not merged with other data from Google. The data collected in the context of the use of Google Analytics 4 is stored for a period of two months and then deleted.
All of the processing described above, in particular the setting of cookies on the end device used, will only take place if you have given us your express consent to do so in accordance with the German Data Protection Act. Art. 6 par. 1 lit. a DSGVO have given.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent with effect for the future at any time. To exercise your right of withdrawal, please deactivate this service via the “cookie consent tool” provided on the website.
We have concluded an order processing agreement with Google, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
For the transfer of data to the U.S., Google invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at.
Link
and at
Link
.
Demographic characteristics
Google Analytics 4 uses the special “demographic characteristics” function and can use it to create statistics that make statements about the age, gender and interests of site visitors. This is done through the analysis of advertising and information from third parties. This allows target groups to be identified for marketing activities. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to have cross-device reports generated. If you have activated personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to. Art. 6 par. 1 lit. a GDPR to analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analytics, you can disable the Personalized Advertising feature in your Google Account settings. To do this, follow the instructions on this page:
Link
. You can find more information about Google Signals at the following link:
Link
.
UserIDs
As an extension to Google Analytics 4, the “UserIDs” function can be used on this website. If you consent to the use of Google Analytics 4 acc. Art. 6 par. 1 lit. a GDPR, have created an account on this website and log in with this account on different devices, your activities, including conversions, may be analyzed across devices.
PayPal Marketing Solutions
This website uses the web analytics service of the following provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading terminal device and browser information), the service collects and stores pseudonymized visitor data, including information of the terminal device used such as the IP address and browser information, in order to evaluate it for statistical analyses of usage behavior on our website and to create pseudonymized usage profiles. Among other things, this enables the evaluation of movement patterns (so-called heat maps), which show the duration of page visits as well as interactions with page content (e.g. text entries, scrolling, clicks and mouse-overs). Pseudonymization fundamentally excludes the possibility of direct personal reference. Your personal data will not be merged with data collected in any other way.
All processing described above, in particular the reading or saving of information on the end device used, will only be carried out if you have given us your consent in accordance with Art. 6 para. 1 lit. a DSGVO have given your express consent to this. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.
We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
Google Tag Manager
This website uses the “Google Tag Manager”, a service of the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”).
Google Tag Manager provides a technical foundation for bundling diverse web applications, including tracking and analytics services, and calibrating, controlling, and conditioning them through a unified user interface. Google Tag Manager itself does not store or read any information on user devices. Also, the service does not perform any independent data analysis. However, your IP address is transmitted to Google by the Google Tag Manager when you access the page and may be stored there. Also a transmission to servers of Google LLC. In the USA is possible.
This processing will only be carried out if you have notified us in accordance with Art. 6 para. 1 lit. a DSGVO have given your express consent to this. Without this consent, Google Tag Manager will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.
We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
8. Tools and other
Cookie Consent Tool
This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users on page access in the form of an interactive user interface on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. By using the tool, all cookies/services that require consent are only loaded if the respective user gives the corresponding consent by ticking the corresponding box. This ensures that such cookies are only set on the respective end device of the user if consent has been granted.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.
Further legal basis for the processing is furthermore Art. 6 para. 1 lit. c GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
You can find more information about the operator and the setting options of the cookie consent tool directly in the corresponding user interface on our website.
9. Rights of the data subject
9.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise prerequisites:
– Right to information according to Art. 15 DSGVO;
– Right to rectification pursuant to Art. 16 DSGVO;
– Right to erasure pursuant to Art. 17 DSGVO;
– Right to restriction of processing pursuant to Art. 18 DSGVO;
– Right to information pursuant to Art. 19 GDPR;
– Right to data portability according to Art. 20 DSGVO;
– Right to revoke consent given in accordance with Art. 7 para. 3 GDPR;
– Right to lodge a complaint pursuant to Art. 77 GDPR.
9.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
10. Duration of the storage of personal data
The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of processing and – if relevant – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a DSGVO, the data concerned will be stored until you revoke your consent.
If there are legal retention periods for data that are required in the context of legal transactions or obligations similar to legal transactions on the basis of Art. 6 Para. 1 lit. b DSGVO, this data is routinely deleted after expiry of the retention periods, provided that it is no longer required for the fulfillment of the contract or the initiation of the contract and/or there is no legitimate interest on our part to continue storing it.
When processing personal data on the basis of Art. 6 para. 1 lit. f DSGVO, this data will be stored until you exercise your right to object according to Art. 21 para. 1 DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f DSGVO, this data will be stored until you exercise your right to object according to Art. 21 para. 2 GDPR exercise.
Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.