Privacy Policy2018-07-09T12:32:09+00:00

Thank you for your interest in our online presence and in our services.

We will process your personal data in compliance with the General Data Protection Regulation (“GDPR”) and the applicable national rules.

For this reason, we inform you below about the nature, scope, purpose and the respective legal basis for the collection, use and processing of personal data by us, as well as about the rights that you are entitled to as the data subject.

As data controller, we have of course taken care that numerous technical and organizational measures ensure the highest possible level of security for the personal data processed by us.

For example, the SSL (Secure Socket Layer) procedure in connection with the highest level of encryption supported by your browser is used during your visit within our website. If your browser supports this, 256 bit encryption is used. If your browser does not support this, 128 bit technology is used instead.

Whether your data are transmitted in encrypted form is indicated by a closed padlock symbol in the status bar of your browser.

I. Definitions

Since the duties to provide information specified in this privacy notice are based on the provisions of the GDPR and since we want to make this notice as comprehensible as possible nevertheless, we take the liberty of providing you with a few definitions in advance to make it easier for you to read and understand this privacy notice (please refer to Article 4 of the GDPR for further definitions):

1.            “personal data” means any information relating to an identified or identifiable natural person (the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2.            “data subject” is thus every identified or identifiable natural person whose personal data can be processed by the controller;

3.            “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

4.            “restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;

5.            “profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

6.            “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

7.            “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

8.            “recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

9.            “third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

10.          “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

II. Duties to provide information

Based on the foregoing, we herewith inform you in accordance with Article 13 of the GDPR as follows:

1.            Identity and contact details of the controller:

data controller is:

Q-rious Music
Stefan Groß (Inhaltlich Verantwortlicher gemäß § 10 Absatz 3 MDStV)
Moltkestr. 80
50674 Köln

Tel.: 49(221)500859-0
Fax : 49(221)500859-10
E-Mail: info@qrious.de

Verantwortlich

Geschäftsführer: Dominic Miller, Rutis Music Ltd., 5 Harley Place, London, W1G 8QD, UK

2.            Description and scope of the processing, the purpose of the processing, the relevant legal basis and the period for which personal data will be stored, as well as the possibility of objection, where applicable;

a)            Making this website available/generating log files

(1)          Description and scope of the processing

You may generally use our website without having to reveal your identity.

When you visit our website, your browser sends data to the server of our website without any action on your part. During this process, the following data are automatically stored in a so-called log file by us or our hosting provider until it is automatically erased:

–              IP address of the computer from which our website is accessed
–              date and time of the respective access
–              name and URL of the file retrieved from us
–              website from which our website was accessed (referrer URL)
–              browser you are using and operating system of the accessing computer

(2)          Purpose of the processing

We store these data for the following purposes:

–              ensuring a smooth connection to our website
–              ensuring the most convenient use of our website
–              evaluating system security and stability, as well as
–              for other administrative purposes

In this respect, the data are necessary for the functionality of our website.

(3)          Legal basis for the processing

The legal basis for the processing of these data is point f) of Article 6(I)(1) of the GDPR.

Pursuant to point f) of Article 6(I) of the GDPR, the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. This follows from our interest in keeping the website functional and as comfortable and secure as possible. In this respect, our hosting provider is a processor on the basis of a processing contract (Article 28 of the GDPR).

 (4)          Period for which personal data will be stored

The data will be erased when they are no longer needed for the fulfilment of the purpose.

(5)          Possibility of objection

Since the processing of the above data is absolutely necessary for the operation of the website, there is no possibility of objection in this case.

b)           Use of cookies

(1)          Description and scope of the processing

Cookies are files that are stored in or by the internet browser used on the computer system used.

We use cookies to make our website more user-friendly. Various elements of our site, such as our shopping cart, require that the calling internet browser can still be identified after a page change.

The following data are stored in the cookies accordingly:

–              language settings
–              items in your shopping cart
–              log-in information 

(2)          Purpose of the processing

The purpose of using the technically necessary cookies is to simplify the use of the website, since some website functions require that the browser can still be identified after a page change.

The following applications require cookies:

–              shopping cart
–              language settings

Of course, the data processed by the technically necessary cookies are not used to create user profiles.

(3)          Legal basis for the processing

The simplification of the use of our website is also our legitimate interest in line with the legal basis for the processing of personal data by technically necessary cookies, point f) of Article 6(I) of the GDPR.

(4)          Period for which personal data will be stored, possibility of objection and elimination

Cookies are stored on the computer used and transmitted from there to our website. This gives you as a user full control over the use of cookies. By changing your browser settings, you can deactivate or restrict the transmission of cookies and delete cookies already stored (even automatically) at any time.

If you deactivate cookies for our website, it may, however, no longer be possible to use all functions of our website in full.

c)            Orders in our shop

(1)          Description and scope of the processing

We offer you an online shop on our website. You can place orders as a guest in this shop without registration or you can register as a customer.

If you register, you can log into our shop directly with your e-mail address and password for future orders without having to enter your data again.

When using our shop, the items in the shopping cart and the log-in status are stored by means of cookies.

You enter your personal data into an input mask during the order process and these data are transmitted to us and stored.

The data collected in this respect are:

–              title
–              first name
–              last name
–              e-mail address
–              company
–              street address
–              addition to address
–              postcode
–              city
–              country

and different address for delivery, if desired. 

(2)          Purpose of the processing

These data are processed in order

–              to verify you as a customer;
–              to handle, fulfil and process your order;
–              to communicate with you and to address you in an appropriate manner;
–              to issue invoices;
–              to settle possible liability claims and to assert possible claims against you;
–              to ensure the technical administration of our website;
–              to manage our customer data. 

When registering, logging in (again) and using our online shop and our download portal, we also store the IP address and the respective actions performed via this address. 

(3)          Legal basis for the processing

During the order process, you are asked to consent to the processing of these data.

In addition, the legal basis of point b) of Article 6(I) of the GDPR also exists with regard to the order/registration, as the data are required for the performance of a contract and/or in order to take steps prior to entering into a contract. The processing is also necessary for compliance with legal obligations of documentation and to store data (point c) of Article 6(I)(1) of the GDPR).

The IP address and the respective actions performed via this address are stored on the basis of our legitimate interests and the legitimate interests of the users to protect them against unauthorized use and other misuse.

(4)          Period for which personal data will be stored, possibility of objection

The data processed by us for the processing of your order are stored until the end of the statutory obligation to store data and subsequently erased, unless there is a longer obligation to store data due to obligations of documentation and to store data under tax and commercial law (e.g. under the German Commercial Code (Handelsgesetzbuch), the German Criminal Code (Strafgesetzbuch) or the German Fiscal Code (Abgabenordnung)) within the meaning of point c) of Article 6(I)(1) of the GDPR or you consented to a longer storage period pursuant to point a) of Article 6(I)(1) of the GDPR.

(5)          Transmission of data in the course of the order process

a)            Description and scope of the processing

Your data are only transmitted or disclosed to legal advisors and public authorities within the framework of legal permits and obligations. Furthermore, your data are only transmitted to third parties in the context of logistics and payment processing.

aa)         Logistics

As part of the ordering process, data are transmitted to the service provider commissioned to process the contract. The data are only transmitted within the framework of the processing contract concluded with the service provider in accordance with Article 28 of the GDPR.

The service provider in charge of logistics is:

bb)         Payment information

For the processing of payment transactions, we rely on external service providers, via whose platforms we and you as the customer can carry out payment transactions:

paypal

Please refer to the following website for paypal’s privacy statement:

https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

We also rely on the services of the following payment providers:

https://www.visa.de/datenschutz

https://www.mastercard.de/de-de/datenschutz.html

https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html

The service providers process inventory data such as names, addresses, bank data and card numbers, passwords, transaction numbers, totals and recipient data. These data are required for the execution of the respective transaction.

The data are processed exclusively by the payment service providers. They merely inform us of the payment or the non-execution of the payment.

Insofar as data are further transmitted by the payment service providers, for example for a credit check, please refer to the general terms and conditions and privacy notices of the respective payment service provider.

The same applies to the assertion of the rights of those concerned.

b)           Purpose of the processing and legal basis

The purpose of the use of the services of the payment service providers is to perform the contract as referred to in point b) of Article 6(I)(1) of the GDPR and to safeguard our legitimate interest (point f) of Article 6(I)(1) of the GDPR) in offering our customers a secure and effective means of payment. 

d) Processing for administrative and other accounting purposes

(1)          Description and scope of the processing

We store your data also for administrative and accounting purposes. This may include transmission to tax authorities, tax advisors and billing offices, if any.

(2)          Purpose of the processing

The purpose of the processing is the maintenance of our business operations and the corresponding proper accounting. 

(3)          Legal basis for the processing

The legal basis for the processing are legal obligations (point c) of Article 6(I)(1) of the GDPR) and our legitimate interest (point f) of Article 6(I)(1) of the GDPR). 

e) Contact by e-mail

(1) Description and scope of the processing

If you contact us by e-mail using the address provided by us, the personal user data transmitted with your e-mail are stored.

The data are not transmitted to third parties. The transmitted data are solely used for the purpose of conversation. 

(2) Purpose of the processing

The data are solely processed for the purpose of contacting and conversation. This is also our legitimate interest in the processing.

(3) Legal basis

The legal basis for the processing of the data transmitted by e-mail is point f) of Article 6(I)(1) of the GDPR. If the e-mail is aimed at the conclusion of a contract, the legal basis results from point b) of Article 6(I)(1) of the GDPR.

(4) Period for which personal data will be stored

The data will be erased when they are no longer needed. In the case of data transmitted by e-mail, this is the case when the conversation with the user has ended. The conversation is over when a final clarification of the respective facts results directly or from the circumstances.

(5) Possibility of objection and elimination

You always have the possibility to withdraw any given consent at any time. You can also object to the storage of your data at any time. In this case, however, the conversation may not be continued.

For the withdrawal of consent and/or the objection to the storage of the data transmitted by e-mail, please send an e-mail to info@qrious.de

In this case, all data transmitted by e-mail in the course of contacting us are erased.

f) Newsletter by subscription

(1) Description and scope of the processing

You can subscribe to a free newsletter on our website. The data from the input mask filled in during registration are transmitted to us in this respect.

This includes the following data:

–              title
–              name
–              first name
–              e-mail address

Furthermore, the following data are collected at registration:

–              IP address of the used computer
–              date and time of registration

During the registration process, you are asked to give your consent and you are referred to this privacy notice.

Contents of our newsletters:

Our newsletters generally contain promotional information about us, our services, products and events. If specific contents are communicated when you register and give your consent, these are decisive for the registration and consent.

Registration and logging:

We use the double opt-in procedure for the registration for our newsletter.

After registration you will receive an e-mail from us asking you to confirm your registration. This is to prevent anyone from using your e-mail address to register without your knowledge.

The registration confirmation is logged. The time of registration, the time of confirmation and the IP address are stored in this respect. This serves the purpose of compliance with the legal obligation to provide proof of the registration.

These data are also stored by the respective service provider.

To subscribe to the newsletter, simply enter your e-mail address. However, we kindly ask you to enter your form of address and your name for your personal greeting.

(2) Purpose of the processing

These data are processed to send you our newsletter. Any other personal data processed during registration serves the purpose of prevention of misuse of the e-mail address used.

(3) Legal basis

The legal basis for the processing of the data after your registration for the newsletter is your consent in accordance with point a) of Article 6(I)(1) of the GDPR. 

(4) Period for which personal data will be stored

The data will be erased when they are no longer needed for the fulfillment of the purpose. They are thus stored as long as the subscription to the newsletter is in effect. If the newsletter is cancelled, the data will be stored as a proof of consent on the basis of our legitimate interests for up to three years after consent was given. However, the processing is limited to the purpose of a possible defence against a claim. If you confirm the existence of a former consent, an individual application for cancellation is also possible.

(5) Cancellation and withdrawal – possibility of objection and elimination

You may cancel the newsletter subscription at any time. You find a corresponding link in each newsletter.

This also makes it possible to withdraw your consent to the storage of the personal data collected during the registration process.

The withdrawal of consent does not affect the lawfulness of the processing of data based on your consent until withdrawal.

g) Newsletter on the basis of your order

(1) Description and scope of the processing

If you purchase goods or services in our shop and provide us with your e-mail address, we may subsequently use it for sending you our newsletter.

In such a case you will only receive direct advertising for our own similar goods or services.

(2) Purpose of the processing

The processing serves the purpose of being able to send the newsletter.

(3) Legal basis for the processing

In case of your consent, the legal basis for sending the newsletter is point a) of Article 6(I)(1) of the GDPR. The legal basis also results from Section 7 III of the German Act against Unfair Competition (Gesetz gegen unlauteren Wettbewerb).

(4) Period for which personal data will be stored

The data will be erased when they are no longer needed for the fulfillment of the purpose. They are thus stored as long as the subscription to the newsletter is in effect. If the newsletter is cancelled, the data will be stored as a proof of consent on the basis of our legitimate interests for up to three years after consent was given. However, the processing is limited to the purpose of a possible defence against a claim. If you confirm the existence of a former consent, an individual application for cancellation is also possible.

(5) Cancellation and withdrawal – possibility of objection and elimination

You may cancel the newsletter subscription at any time. You find a corresponding link in each newsletter.

This also makes it possible to withdraw your consent to the storage of the personal data collected during the registration process.

The withdrawal of consent does not affect the lawfulness of the processing of data based on your consent until withdrawal.

h) Transmission of data when sending newsletters

Both in the case of point f) and g), the newsletter is sent via the marketing automation platform MailChimp of Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

Please refer to the privacy policy of the platform:

https://mailchimp.com/legal/privacy/

The processing by the provider of the e-mail marketing services is necessary for the purpose of our legitimate interest (point f) of Article 6(I)(1) of the GDPR). We have entered into a processing contract with the provider pursuant to Article 28 of the GDPR.

The provider of the e-mail marketing services is authorized to use the data in a pseudonymized form for the purpose of the optimization of the sending or for statistical purposes.

The data, however, are not used by the provider to directly write you. In addition, the provider does not pass on the data to third parties.

The provider is registered under the Privacy Shield Framework. It thus offers a guarantee for compliance with European data protection law:

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

i) Registration for “Media Lounge”

(1) Description and scope of the processing

On our website, users have the opportunity to register for the “Media Lounge” portal by entering personal data.

The data are entered into an input mask and transmitted to us and stored.

We will not pass on these data to third parties.

The following data are stored in the course of the registration:

–              title
–              first name
–              name
–              e-mail
–              password

During the registration process, you are asked to give your consent.

(2) Purpose of the processing

Your registration is required to make certain content and services available on our website.

(3) Legal basis

The legal basis for the storage is your consent.

(4) Period for which personal data will be stored

The data will be erased when they are no longer needed for the fulfillment of the purpose for which they are collected. This is the case for the data transmitted during the registration process if the registration on our website is finally completed or the registration data are changed by you.

(5) Possibility of objection and elimination

As a user you have the possibility to cancel the registration at any time. You can have changed the data stored about you at any time.

To erase or change your data, simply send an e-mail to: info@qrious.de

j) YouTube videos

Our website includes videos from the YouTube platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

Please refer to the privacy notices:

https://www.youtube.com/static?gl=DE&template=terms&hl=de

https://policies.google.com/privacy?hl=en

Google is registered under the Privacy Shield Framework and thus basically offers a guarantee for compliance with European data protection law.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

k) Google Analytics

(1) Description and scope of the processing

We use Google Analytics on our website for analysis purposes and to optimize our presence accordingly. Google Analytics is a web analysis tool of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Google uses cookies when using the tool. The user information generated by the cookie is usually transferred to a Google server in the USA and stored there.

Google is registered under the Privacy Shield Framework and thus basically offers a guarantee for compliance with European data protection law.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google uses these data to evaluate the use of our offer on our behalf, to create reports on the activities within the scope of our offer and to provide further services associated with the use of our offer.

During this activity, pseudonymous user profiles can be created from the data.

When using Google Analytics, your IP address is anonymized. Within the EU member states and other EEA states, Google’s IP address is shortened. The complete e-mail address is transferred to the USA only in exceptional cases and shortened there.

The transmitted IP address is not merged with other Google data. You can additionally prevent cookies from being stored by setting your browser accordingly. Furthermore, you have the option of preventing the collection and use of data relating to our offer by Google and the processing of the data by Google by downloading and installing the corresponding browser plug-in:

https://tools.google.com/dlpage/gaoptout?hl=en

Additional information about Google’s use of data, including setting and objection options, can also be found in Google’s privacy notice and the setting on how Google displays advertisements:

https://policies.google.com/privacy?hl=en

https://adssettings.google.com

(2) Purpose of the processing

The purpose of the processing is the optimization of our website for visitors.

(3) Legal basis for the processing

The legal basis for the processing is point f) of Article 6(I)(1) of the GDPR since the optimization of our website for visitors is our legitimate interest.

(4) Period for which personal data will be stored

In this respect, your personal data are erased or anonymized after 14 months.

III. Your rights as a data subject

If personal data concerning you are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller.

1.            Right of access

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed.

Where this is the case, you can request access to the following information:

(1)          the purposes for which the personal data are processed:
(2)          the categories of personal data concerned;
(3)          the recipients or categories of recipient to whom personal data concerning you have been or will be disclosed;
(4)          the envisaged period for which the personal data will be stored or, if it is not possible to provide specific information in this regard, the criteria used to determine that period;
(5)          the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
(6)          the right to lodge a complaint with a supervisory authority;
(7)          any available information as to their source where the personal data are not collected from the data subject;
(8)          the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to be informed as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Article 46 of the GDPR in connection with the transmission.

2.            Right to rectification

You have the right to request the controller to rectify and/or complete any personal data concerning you if they are inaccurate or incomplete. The controller has to do this without undue delay.

3.            Right to restriction of processing

You have the right to request the controller to restrict processing where one of the following applies:

(1)          the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
(2)          the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3)          the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims; or
(4)          you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override your legitimate grounds.

Where processing of the personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Where the processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is removed. 

4.            Right to erasure

a)            Obligation to erase personal data

You can request the controller to erase without undue delay any personal data concerning you and the controller is obliged to promptly erase these data where one of the following applies:

(1)          The personal data concerning you are no longer necessary for the purpose for which they were collected or otherwise processed;
(2)          You withdraw your consent on which the processing is based pursuant to point a) of Article 6(1) or point a) of Article 9(2) of the GDPR and there is no other legal basis for the processing;
(3)          You object to the processing in accordance with Article 21(1) of the GDPR and there or no overriding justified grounds for the processing or you object to the processing in accordance with Article 21(2) of the GDPR;
(4)          The personal data concerning you were unlawfully processed.
(5)          The erasure of the personal data concerning you is required to comply with a legal obligation under Union or Member State law to which the controller is subject;
(6)          The personal data concerning you have been collected in relation to information society services pursuant to Article 8(1) of the GDPR.

b)           Information to third parties

If the controller made public any personal data concerning you and if he or she is obliged to erase them pursuant to Article 17(1) of the GDPR, he or she shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you as the data subject have requested the erasure of all links to these personal data or of copies or replications of these personal data.

c)            Exceptions

The right to erasure does not apply if the processing is necessary

(1)          to exercise one’s right to freedom of expression and information;
(2)          to comply with a legal obligation that requires the processing under Union or Member State law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3)          for reasons of public interest in the area of public health pursuant to point h) and i) of Article 9(2) and Article 9(3) of the GDPR;
(4)          for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR if the right mentioned in subparagraph a) is likely to make the realization of the objectives of the processing impossible or to seriously affect them; or
(5)          for the establishment, exercise or defence of legal claims.

5.            Right to be informed

If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed about such rectification or erasure of data or the restriction of processing unless this turns out to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the controller.

6.            Right to data portability

You have the right to receive any personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1)          the processing is based on consent pursuant to point a) of Article 6(1) of the GDPR or point a) of Article 9(2) of the GDPR or on a contract pursuant to point b) of Article 6(1) of the GDPR; and
(2)          the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected thereby.

The right to data portability does not apply to the processing of personal data required to perform a task carried out in the public interest or in the exercise of official authority vested in the controller.

7.            Right to object

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on point e) or f) of Article 6(1) of the GDPR, including profiling based on those provisions at any time.

The controller no longer processes the personal data concerning you unless he or she demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to the processing for direct marketing purposes, the personal data are no longer processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8.            Right to withdraw the consent given under data protection rules

You are entitled to withdraw your consent given under data protection rules at any time. The withdrawal of consent does not affect the lawfulness of the processing of data based on your consent until withdrawal.

9.            Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1)          is necessary for entering into, or performance of, a contract between you and the controller;
(2)          is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3)          is based on your explicit consent.

These decisions, however, must not be based on special categories of personal data referred to in Article 9(1), unless point a) or g) Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in para. (1) and (3), the data controller implements suitable measures to safeguard your rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10.          Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

IV. Up-to-datedness and amendment of this privacy notice

This privacy notice is currently valid and is dated May 2018.

Due to the further development of this website and our offers or due to changed legal or official requirements, it may become necessary to amend this privacy notice.

You can access and print out the current data protection declaration at any time on the website http://florianweber.net