Privacy Policy

1   Preface

Data protection is of great importance to DSC Software AG.

This data privacy statement explains the method, extent, and aim of the processing of personal data in our online services and related websites, functions, and content (in the following referred to jointly as “online services” or “website”). The data privacy statement applies independently of domains, systems, platforms, and devices (e.g. desktop or mobile) on which the online services is executed.

2   Data Controller

The data controller in the sense of the General Data Protection Regulation (GDPR), or other data protection laws applicable in the member states of the European Union and other regulations regarding data protection is:

DSC Software AG

Am Sandfeld 17

76149 Karlsruhe

Germany

Tel.:                +49 721 9774 100

E-Mail:           info@dscsag.com

Website:        www.dscsag.com

3   Data Protection Officer

The data protection officer of the data controller is:

ah-consulting GmbH

Am Sandfeld 17 a

76149 Karlsruhe

Germany

+49 721 75408840

datenschutz@ah-consulting.gmbh

In the event of questions and suggestions on the subject of data protection, anybody concerned can refer to our data protection officer anytime.

4   Definition

Our data privacy statement is based on the terminology used by the European Regulatory Body in adoption of the General Data Protection Regulation (GDPR). Our data privacy statement is intended to be easy to read and to understand by the public, our customers, and our business partners.

In order to ensure this, we will explain the terminology used in advance. Terms used (such as “personal data” or its “processing”) are defined in Art. 4 of the General Data Protection Regulation (GDPR).

In this data privacy statement, we use (among others) the following terms:

4.1      Personal Data

Personal data consists of all information referring to an identified or identifiable natural person (in the following referred to as the “data subject”). An identifiable person is a natural person who can be identified directly or indirectly, in particular by means of an assignment to a label such as a name, to an ID number, to location data, to an online ID or to one or more special features that are an expression of the physical, physiological, genetic, psychic, economic, cultural, or social identity of this natural person.

4.2      Data Subject

The data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

4.3      Processing

Processing is any process or operation carried out with or without the help of automated procedures or any such series of operations in connection with personal data, for example: collecting, recording, organizing, ordering, storing, adapting, or changing, reading, retrieving, using, disclosing through transmission, dissemination or other form of provision, comparing or linking, restricting, deleting, or destroying.

4.4      Restriction of Processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

4.5      Profiling

Profiling is any kind of automated processing of personal data that consists in using such personal data in order to evaluate personal aspects referring to a natural person, in particular to analyze, or predict aspects regarding job performance, economic situation, health, personal preference, interests, reliability, conduct, place of residence, or change of locality of this natural person.

4.6      Pseudonymization

Pseudonymization is the processing of personal data so that the personal data can no longer be assigned to a specific data subject without additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

4.7      Data Controller

The data controller is the natural or legal person, authority, institution, or other entity that determines, either alone or jointly with others, the purposes and means of the processing of personal data. If the purposes and means of this processing are controlled by EU law or the laws of EU member states, the data controller – or the specific criteria of his or her nomination – can be determined according to EU law or the laws of EU member states.

4.8      Processor

The processor is a natural or legal person, authority, institution, or other entity that processes personal data on behalf of the data controller.

4.9      Recipient

The recipient is a natural or legal person, authority, institution, or other entity to whom personal data is disclosed, regardless of whether this is a third party or not. However, authorities that receive personal data in the course of a particular inquiry in accordance with EU law or the laws of EU member states are not considered recipients.

4.10  Third Party

A third party is a natural or legal person, authority, institution, or other entity (other than the data subject, the data controller, the processor, and the persons who are authorized to process the personal data under the direct responsibility of the data controller or the processor) that is authorized to process the personal data.

4.11  Consent

Consent is any expression of willingness issued freely for the specific case in an informed manner and unambiguously by the data subject in the form of a declaration or any other clearly affirmative act, with which the data subject makes it clear that they agree with the processing of the personal data concerned.

5   General Notes on Data Processing

5.1      Extent of Processing of Personal Data

Basically, we collect and use the personal data of our users only if it is necessary for maintaining a well-functioning website as well as for our contents and services. The collection and use of personal data of our users takes place regularly only with the prior consent of the users. An exception applies in cases where it is impossible to obtain consent in advance and the processing of the data is permitted by legal regulations.

5.2      Legal Framework for Processing Personal Data

If we obtain the consent of the data subject for the processing of personal data, Art. 6 Sec. 1 lit. a EU General Data Protection Regulation serves as the legal basis.

In the processing of personal data that is required for fulfilling a contract of which the data subject is a contractual party, Art. 6 Sec. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required for the implementation of pre-contractual measures.

If the processing of personal data is required for meeting a legal obligation, to which our company is subject, Art. 6 Sec. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or of another natural person require the processing of personal data, Art. 6 Abs. 1 lit. d GDPR serves as the legal basis.

If processing is required for safeguarding a justified interest of our company or a third party, and if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the first-named interest, Art. 6 Abs. 1 lit. f GDPR serves as the legal basis for the processing.

5.3      Data Deletion and Storage Duration

The personal data of the data subject is deleted or blocked as soon as the purpose of the storage is no longer valid. Storage can also happen if stipulated by European or national legislation in EU regulations, laws, or other rules to which the data controller is subject.

The data can also be blocked or deleted if a storage period prescribed by the mentioned standards expires – unless it is necessary to store the data for the purposes of the conclusion or fulfillment of a contract.

6   Provision of Website and Creation of Log Files

6.1      Description and Extent of Data Processing

Every time our website is called, our system automatically records data and information of the computer system of the calling computer.

The following data is collected:

  • Information about the browser type and the version used
  • User’s operating system
  • User’s IP address
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Session cookie for identifying the logged-in user
  • Date and time of the user login
  • Storage of failed login attempts
  • Date and time of the creation of the user
  • Storage of denied accesses (403)
  • Storage of sites not found (404)
  • User’s Acceptance of cookie policies
  • Information whether the user has activated JavaScript

The data is saved in the log files of our system. This data is not saved together with other personal data of the user.

7   Legal Framework for Data Processing

The legal framework for the temporary storage of data and log files is Art. 6 Sec. 1 lit. f GDPR.

8   Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the website to be sent to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Data is stored in log files in order to ensure the correct functioning of the website. The data also serves to optimize the website and to ensure the security of our information technology systems. In this context, there is no evaluation of the data for marketing purposes.

These aims also include our justified interest in data processing according to Art. 6 Sec. 1 lit. f GDPR.

9   Duration of Storage

The data is deleted as soon as it is no longer required for achieving the purpose of its collection. In case of a data collection for the provision of the website, this applies when the respective session ends.

If the data is stored in log files, this applies after a maximum of seven days. Longer storage is possible. In this case, the user’s IP addresses are deleted or distorted so that the calling client can no longer be identified.

10    Possibility of Objection and Disposal

The recording of data for providing the website and the storage of the data in log files is mandatory for the operation of the website. Therefore, the user has no possibility to object to this.

11    Use of Cookies

11.1  Description and Extent of Data Processing

Due to our justified interest, we use so-called cookies on this website. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user calls a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that enables a unique identification of the browser when the website is called again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can still be identified following a website change.

The following data is stored and transmitted in the cookies:

  • Technical cookies or system cookies (Session, JavaScript)
  • Cookies for improving usability (status of pop-up menus)
  • Analysis cookies for analyzing and improving site accesses
  • When users are logged in, https://dsc-infoportal.com/ contains a session cookie to identify the user. The corresponding information on the user is stored.

When you visit our website, an information banner informs you about the use of cookies for analysis purposes and refers you to this privacy statement.

When you visit our website, the user is informed about the use of cookies for analysis purposes. In this context, there is also a reference to this data protection declaration.

11.2  Legal Framework for Data Processing

The legal framework for the processing of personal data with the use of cookies is Art. 6 Sec. 1 lit. f GDPR.

The legal framework for the processing of personal data using technically necessary cookies is Art. 6 Sec. 1 lit. f GDPR.

11.3  Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some of the functions of our website cannot be offered without the use of cookies. For these functions, it is necessary that the user is recognized after a change of website.

User data collected by technically necessary cookies is not used on www.dsc-infoportal.com for the creation of user profiles. For the use of www.dsc-infoportal.com, these technical cookies are necessary for access with a user profile and a password.

We need cookies for the following applications:

  1. JavaScript activated
  2. Assent for cookie disclaimer
  3. Toolbar opened
  4. Authentication of user in logged-in state to the website
  5. Request limitation
  6. Tracker version
  7. User identification
  8. Toolbar opened

Analysis cookies are used for improving the quality of our website and its contents. The analysis cookies tell us how the website is used, so we can continuously optimize our offer.

In the cookie, an ID is stored linking the user with the data sent.

These aims also include our justified interest in the processing of personal data according to Art. 6 Abs. 1 lit. f GDPR.

11.4  Duration of Storage, Possibility of Objection and Disposal

Cookies are stored on the user’s computer and transferred via that computer to us. As user, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Stored cookies can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, it is possible that not all features of the website can be fully used.

12    Registration

12.1  Description and Extent of Data Processing

On the basis of our justified interests, we offer users on this website the possibility of registering by entering personal data. The data is entered in an input mask and transferred to us and stored. The data is not passed on to any third parties.

The following data is collected in the registration process (mandatory fields):

  • Title
  • First and last name
  • Company
  • E-mail address
  • User name

All other entries that are not mandatory are also transmitted and stored.

The following data is also stored with the time of registration:

  • IP address of the calling computer
  • Date and time of registration

As part of the registration process, the user’s consent to the processing of the data is obtained.

12.2  Legal Framework for Data Processing

The legal framework for the processing of the data if the user consents is Art. 6 Sec. 1 lit. a GDPR.

If the registration serves the fulfillment of a contract where the user is a contractual party, or the implementation of pre-contractual measures, an additional legal framework for the processing of the data is Art. 6 Sec. 1 lit. b GDPR.

12.3  Purpose of Data Processing

User registration is required for keeping specific contents and services ready on our website.

Contents and services in detail:

  • Manuals
  • Data sheets
  • Software
  • Updates
  • Information material

A closer identification of the user is necessary to enable an assignment of the acquired product and thus also the provision of the right documents and software updates.

12.4  Duration of Storage

The data is deleted as soon as it is no longer required for achieving the purpose of its collection.

12.5   Possibility of Objection and Disposal

As user, you can terminate the registration at any time. Your personal data can be changed at any time.

You can change data by logging in to https://www.dsc-infoportal.com. You can delete your account by sending us an e-mail.

If the data is required for the fulfillment of a contract or the implementation of pre-contractual measures, it can only be deleted prematurely if there is no conflict with contractual or legal obligations.

13    RSS Feed

13.1  Description and Extent of Data Processing

On the basis of our justified interests, we offer our users on this website the chance to subscribe to a free RSS feed.

We send this information (referred to in the following as “RSS feed”) only with the consent of the recipients or a legal permission. During registration for the RSS feed, the IP address is stored.

Provided that, in relation to a registration for the RSS feed, its contents are specifically described, they are relevant for the user’s consent. Additionally, our RSS feeds contain information concerning our products.

No other user data is collected.

14    Contact Form and E-Mail Contact

14.1  Description and Extent of Data Processing

On the basis of our justified interests, on this website we use a contact form that can be used for the electronic first contact. If a user uses this form, the data entered in the input mask is transmitted to us and stored.

This data is entered in these mandatory fields:

  • Title
  • First and last name
  • E-mail address
  • Company

All other entries that are not mandatory are also transmitted and stored.

The following data is also stored with the time of registration:

  • IP address of the calling computer
  • Date and time of registration

During this process, your consent is obtained and you are referred to this data privacy statement.

Alternatively, an initial contact is possible by means of the e-mail address provided. In this case, the user’s personal data sent with the e-mail is stored.

In this context, no data is passed on to third parties. The data is used exclusively for processing the conversation.

14.2  Legal Framework for Data Processing

The legal framework for the processing of the data if the user consents is Art. 6 Sec. 1 lit. a GDPR.

The legal framework for processing data transmitted via e-mail is Art. 6 Sec. 1 lit. f GDPR. If the aim of the e-mail contact is to conclude a contract, an additional legal framework for the processing is Art. 6 Sec. 1 lit. b GDPR.

14.3  Purpose of Data Processing

We need to process personal data from the input mask only for dealing with the initial contact. If contact is made by e-mail, there is also a justified interest in the processing of the data.

The other data processed during the transmission procedure serves to prevent a misuse of the contact form and ensure the security of our information technology systems.

14.4  Duration of Storage

The data is deleted as soon as it is no longer required for achieving the purpose of its collection. For personal data provided via the input mask of the contact form, and the data sent by e-mail, this is the case when the respective conversation with the user ends. The conversation ends when it can be inferred from circumstances that the situation concerned has been clarified finally.

The extra data collected during the sending process is deleted after a period of seven days at the latest.

14.5  Possibility of Objection and Disposal

At all times, users can withdraw their consent to the processing of their personal data. If users contact us by e-mail, they can object to storage of their personal data at any time. In such a situation, the conversation cannot be continued.

The withdrawal of consent and the objection to storage must be sent in writing to the data protection officer.

In this case, all personal data stored during the contact is deleted.

15    Google Fonts

15.1  Extent of Processing of Personal Data

On the basis of our justified interests, we use the Google Fonts service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

Google Fonts provides an intuitive and robust directory of open-source designer web fonts. With a comprehensive catalog, typography can be integrated seamlessly in any design project.

This service is used to integrate web fonts in our websites. The integration of the Google fonts takes place with a server call to Google, regularly via the URL https://fonts.google.com. The fonts are supplied by various designers and are open-source.

When a user accesses our online services, a request is usually transmitted to a Google server in the USA, where it is stored and processed.

Technically, the fonts embedded in our website are stored on a Google server and loaded from there when the site is being called. By using the Google fonts, the Google server sends a corresponding file to each user, based on the technologies supported by the user’s browser.

Google is certified under the Privacy Shield Agreement, which means it offers a guarantee to comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

The connection to Google Fonts is not authenticated. During a visit to our online services, no cookies or login information is sent to Google. Corresponding queries to Google Fonts servers are sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com, so that requirements for fonts are generally separated from login information, which otherwise is sent to Google domains such as google.com or google.de, where it can be authenticated.

Google Fonts logs records of the CSS and the font file requirements. For statistical purposes, Google assigns aggregated usage numbers showing how popular font families are, and publishes these results on an Analytics website (https://fonts.google.com/analytics).

For further information on the Google Fonts service, see https://developers.google.com/fonts/faq.

15.2  Legal Framework for Processing Personal Data

The legal framework for the processing of users’ personal data is Art. 6 Sec. 1 lit. f GDPR.

15.3  Purpose of Data Processing

Data is processed out of interest in the analysis, optimization, and economic operation of the online services in order to integrate content or service offers from third parties or their contents and services.

We use Google Fonts to make our website independent of the fonts installed by the user, the so-called system fonts, and to ensure a consistent display on different systems.

The purpose and extent of data collection and the further processing and use of the data by Google can be seen in the Google data privacy statement under https://policies.google.com/privacy?hl=de.

15.4  Duration of Storage

The data is deleted as soon as it is no longer required for our recording purposes.

15.5  Possibility of Objection and Disposal

For further information on Google’s use of data, and setting and objection options, see the following Google websites: (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“How Google uses cookies in advertising”), http://www.google.de/settings/ads (“Managing information used by Google to display advertising”).

16    Google Analytics

16.1  Extent of Processing of Personal Data

On the basis of our justified interests, we use the web analysis service Google Analytics, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google Analytics is used to analyze the surfing behavior of our users.

Google uses cookies. The cookie-generated information concerning the use of the online services by users are normally transferred to and saved on a US server by Google.

By setting a cookie, Google is enabled to analyze the use of our website. Each call of a single site of this website, which is operated by the data controller and on which a Google Analytics component is integrated, automatically causes, due to the respective Google Analytics component, the internet browser on the IT system of the data subject to transfer data for the online analysis to Google. During this technical procedure, Google receives information concerning personal data such as the data subject’s IP address , that Google uses, amongst others, to retrace the visitors’ origin and clicks, and therefore to enable commission settlements.

Via cookies, personal information such as the time of access, the location from which the access originated, and the frequency of visits on our website by the data subject is stored. During each visit of our website, this personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Possibly, Google may pass personal data that was collected with this technical procedure on to third parties.

If single sites of our websites are accessed, the following data is stored:

  • IP address of the user’s system accessing the site
  • The website accessed
  • The website from which user reaches the accessed site (Referer)
  • The subsites accessed from the accessed website
  • The duration of stay on the website
  • The frequency of accessing the website
  • Time of access
  • Device
  • Monitor resolution
  • The browser used

Google is certified for the Privacy Shield Agreement and therefore provides a guarantee for complying with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf for analyzing the use of our online services by the users, for providing reports concerning activities within our online services, and for providing additional services in connection with the usage of these online services and of the internet. Therefore, pseudonymous usage profiles of users can be created from the processed data.

The IP address transferred from the user’s browser will not be matched with other data by Google.

We use Google Analytics for displaying advertisement from the advertising services by Google and associated partners only for users that showed interest in our online services or that match specific characteristics (e.g. interest in specific topics or products relating to the accessed websites) transferred to Google (“remarketing audiences” or “Google Analytics audiences”). By means of remarketing audiences we wish to ensure that our advertisements meet the potential interest of the user and do not bother them.

Google Analytics is only used with enabled IP anonymization. This means that the user’s IP address is abridged by Google within the member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is transferred to a server by Google in the United States of America and is abridged there.

16.2  Legal Framework for the Processing of Personal Data

The legal framework for the processing of the users’ personal data is Art. 6 Sec. 1 lit f GDPR.

16.3  Purpose of Data Processing

The processing of the users’ personal data enables an analysis of the users’ browsing behavior. With the data generated from the analysis, we are able to gain information about the usage of the single components of our website. This helps us to continuously improve our website and to make it more user-friendly. These purposes are part of our justified interest in data processing according to Art. 6 Sec. 1 lit. f GDPR.

With the anonymization of IP addresses, the users’ interest in the protection of personal data is sufficiently taken into account.

16.4  Duration of Storage

The data is deleted as soon as it is no longer necessary for our recording purposes.

In this case, this applies after 14 months.

16.5  Possibility of Objection and Disposal

Cookies are stored on the user’s computer and transferred to our website and Google, therefore you are in full control of the usage of cookies. By changing the settings within your internet browser, the transfer of cookies can be disabled or restricted anytime. Already stored cookies can be deleted anytime, also automatically. If cookies are disabled on our website, it is possible that not all features are entirely accessible.

Users can disable the storage of cookies with the respective settings of their browser software or with enabling “essential” cookies within the displayed data protection settings when loading the site https://dsc-infoportal.com/. Furthermore, by installing the browser plug-in that is available here: http://tools.google.com/dlpage/gaoptout?hl=de users can prevent the recording of data generated by the cookie and data related to the usage of the only services as well as the processing of this data by Google. Otherwise, this plug-in also informs Google Analytics via JavaScript that no data and information concerning the access of websites may be transferred to Google Analytics The installation of this plug-in is considered by Google as an objection. If the IT system of the data subject is deleted, formatted, or reinstalled later on, the browser plug-in needs to be reinstalled by the data subject in order to disable Google Analytics. As long as the browser add-on is uninstalled or disabled by the data controller or another person under the data controller’s authority, it is possible to reinstall or reactivate the browser plug-in.

Further information about Google’s use of data, settings and objection options, please refer to the following Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Google’s use of data from accessing our partners‘ websites or apps“), http://www.google.com/policies/technologies/ads (“Use of data for promotional purposes“), http://www.google.de/settings/ads (“Managing information used by Google for displaying advertisement“).

17    YouTube

17.1  Description and Extent of Data Processing

On the basis of our justified interests, we use components of the YouTube service, which is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”).

YouTube is an internet video portal that enables video publishers to post video clips free of charge on the internet and other users to view, evaluate, and comment on these, also free of charge. YouTube permits the publication of all types of videos, which is why not only complete film and TV programs but also music videos, trailers or users’ own home-made videos can be accessed via this internet portal.

Every access of a page of this website, which is operated by the data controller and on which a YouTube component (YouTube video) is integrated, automatically causes (due to the respective YouTube component) the internet browser on the IT system of the data subject to download a display of the corresponding YouTube component from YouTube. For further information on YouTube, see https://www.youtube.com/yt/about/de/. During this technical procedure, YouTube and Google receive knowledge about the actual subpage of our website that is visited by the data subject.

If the data subject is simultaneously logged-in on YouTube, YouTube recognizes with the call of the subpage exactly which subpage of our website is visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

By means of the YouTube component, YouTube and Google always receive information that the data subject has visited our website if the data subject is simultaneously logged into YouTube; this takes place independently of whether the data subject clicks a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, they can prevent it by logging off from the You Tube account before calling our website.

17.2  Legal Framework for Data Processing

The legal framework for the processing of users’ personal data is Art. 6 Sec. 1 lit. f GDPR.

17.3  Purpose of Data Processing

Data is processed out of interest in the analysis, optimization, and economic operation of the online offer.

The purpose and extent of data collection and the further processing and use of the data by YouTube is accessible in the data privacy statement of YouTube under https://www.google.de/intl/de/policies/privacy/.

17.4  Duration of Storage

The data is deleted as soon as it is no longer required for achieving the purpose of its collection.

17.5  Possibility of Objection and Disposal

If a user is simultaneously using the services of YouTube and does not want YouTube to collect data about these online services and link it to the user data stored with YouTube, he or she should log off from YouTube and delete all related cookies before using our online services.

YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. It may therefore be necessary that the user logs off from any possible Google user account and delete all related cookies.

Under https://www.google.de/settings/ads/authenticated, YouTube offers the option of forbidding targeted advertising.

18    Newsletter

18.1  Description and Extent of Data Processing

On the basis of our justified interests, we offer our users the possibility of subscribing to a free newsletter on this website.

We send newsletters, e-mails, and other electronic notifications with promotional information (referred to in the following as “newsletter”) only with the recipient’s consent or a legal permission. In this case, the data from the input screen is transmitted to us if a user registers for the newsletter.

If the content of a newsletter is precisely described during the registration for the newsletter, it is relevant to the users’ consent. Our newsletters also contain information on our products, offers, actions, and our company.

The following user data is collected:

  • First and last name
  • E-mail address
  • Company
  • Position (optional)

The following data is collected during registration:

  • IP address of the calling computer
  • Date and time of registration

As part of the login procedure, the user’s consent is gathered and the user is referred to this data privacy statement.

Registration for our newsletter is secured by a double opt-in procedure – i.e., following registration, you receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with another e-mail address. The newsletter registrations are logged to provide proof that the registration process took place according to legal requirements. This includes the storage of the registration and confirmation times and also the IP address. Changes to your data stored by the delivery service provider are also logged.

If you acquire goods or services on our website and state your e-mail address during this process, it can be used for sending you newsletters. In this case, the newsletter only contains direct advertising for similar goods or services by our company.

In connection with data processing for sending newsletters, no data is passed on to third parties. The data is used exclusively for sending the newsletter.

18.2  Legal Basis for Data Processing

The legal basis for processing data following registration for the newsletter by the user and the existence of the user’s consent is Art. 6 Sec. 1 lit. a GDPR.

The legal basis for sending the newsletter following the sale of goods or services is § 7 Sec. 3 UWG (the German Law against Unfair Competition).

18.3  Purpose of Data Processing

To register for the newsletter, you only have to state your e-mail address, and your first and last name. Your e-mail address is necessary so that we can send you the newsletter. We may also ask you to state other data for the purpose of a personal address in the newsletter.

If we ask for other personal data during the registration procedure to prevent a misuse of services or of the stated e-mail address.

18.4  Duration of Storage

The data is deleted as soon as it is no longer required for achieving the purpose of its collection. The user’s e-mail address is stored as long as the subscription to the newsletter is active.

Other personal data collected during the registration procedure is normally deleted after seven days.

18.5  Possibility of Objection and Disposal

A subscription to the newsletter can be terminated at any time by the user concerned. A corresponding link for this purpose is provided in every newsletter.

This also enables a withdrawal of consent to the storage of personal data collected during the registration procedure.

If users are registered for the newsletter only and cancel the registration for the newsletter, their personal data is deleted.

19    Rights of the Data Subject

If your personal data is being processed, you are the data subject in the sense of the General Data Protection Regulation (GDPR) and you have the following rights against the data controller:

19.1  Right to Information

From the data controller, you can demand confirmation about whether personal data concerning you is processed by us.

If your data is being processed, you can demand information from the data controller about the following:

  1. The reason why the personal data is being processed;
  2. The categories of personal data that are being processed;
  3. The recipients or categories of recipients to whom your personal data has been or will be disclosed;
  4. The planned duration of storage of your personal data or, if nothing concrete can be specified here, criteria for defining the duration of storage;
  5. A right of rectification or erasure of your personal data, a right to restrict processing by the data controller, or a right of objection to this processing;
  6. The right to complain to a supervisory authority;
  7. All available information about the origin of the data if the personal data is not collected for the data subject;
  8. The existence of an automated decision-making process including profiling in accordance with Art. 22 Sec. 1 and 4 GDPR and – in these cases at least – meaningful information concerning the logic involved as well as the scope and the intended effects of such processing for the data subject.

You have the right to demand information about whether your personal data is transmitted to a third country or an international organization. In this context, you can demand to be informed about suitable guarantees acc. to Art. 46 GDPR in connection with the transmission.

This right to information can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.

19.2  Right to Correction

You have a right to correction and/or completion against the data controller if your processed personal data is incorrect or incomplete. The data controller has to make the correction immediately.

Your right to correction can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.

19.3  Right to Restriction of Processing

You can demand restriction of processing of your personal data under the following conditions:

  1. If you dispute the correctness of your personal data for a duration that enables the data controller to check the correctness of your personal data;
  2. Processing is illegal and you reject the deletion of your personal data and instead demand the restriction of the use of your personal data;
  3. The data controller no longer requires the personal data for purposes of processing, but you require it for the assertion, enforcement or defense of your legal rights;
  4. You have objected to the processing in accordance with Art. 21 Sec. 1 GDPR and it is not yet certain whether the justified reasons of the data controller outweigh your reasons.

If processing of your personal data has been restricted, this data – apart from its storage – may only be processed with your consent or for the assertion, enforcement or defense of your legal rights or to protect the rights of another natural or legal person or for reasons of an important public interest of the EU or a member state.

If restriction of processing is limited to the conditions listed above, you will be informed of this by the data controller before the restriction is lifted.

Your right to restriction of processing can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.

19.4  Right to Deletion

You can demand from the data controller that your personal data be deleted immediately, and the data controller is obliged to delete this data immediately if one of the following reasons applies:

  1. Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on the basis of which processing was carried out in accordance with Art. 6 Sec. 1 lit. a or Art. 9 Sec. 2 lit. a GDPR, and there exists no other legal basis for processing.
  3. You object to processing in accordance with Art. 21 Sec. 1 GDPR and there exist no overriding justified reasons for processing, or you object to processing in accordance with Art. 21 Sec. 2 GDPR.
  4. Your personal data concerned was unlawfully processed.
  5. The deletion of your personal data is necessary for the fulfillment of a legal obligation according to EU law or the laws of a member state to which the data controller is subject.
  6. Your personal data was collected with regard to services offered by information society in accordance with Art. 8 Sec. 1 GDPR.

19.5  Information for Third Parties

If the data controller has published your personal data and is legally obliged to delete it in accordance with Art. 17 Sec. 1 GDPR, he or she must take appropriate (including technical) measures with regard to the available technology and the implementation costs to inform the data controller who also process your personal data that you as the data subject have demanded the deletion of all links to this personal data or of copies or replications of this personal data.

19.6  Exceptions

The right to deletion does not exist if processing is necessary:

  1. For exercising the right to freedom of expression and information
  2. For fulfilling a legal obligation that requires processing according to EU law or the laws of the member states to which the data controller is subject, or performing a task that is in the public interest or in the exercise of official authority that is assigned to the data controller
  3. For reasons of public interest in the area of public health in accordance with Art. 9 Sec. 2 lit. h and i as well as Art. 9 Sec. 3 GDPR
  4. For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Art. 89 Sec. 1 GDPR, provided the right named under Section (1) will foreseeably make the realization of the aims of processing impossible or extremely difficult
  5. For the assertion, enforcement or defense of legal rights.

19.7  Right to Information

If you have enforced you right to correction, deletion or restriction against data controller, this person is legally obliged to inform all recipients to whom your personal data was disclosed about this correction or deletion of the data or restriction of processing unless this proves to be impossible or is connected with disproportionate effort.

You have the right against the data controller to be informed about these recipients.

19.8  Right to Data Portability

You have the right to receive the personal data that you have provided to the data controller in a structured, common, and machine-readable format. You also have the right to transfer this data to another data controller without hindrance by the data controller to whom the personal data was provided, if:

  1. Processing is based on consent in accordance with Art. 6 Sec. 1 lit. a GDPR or Art. 9 Sec. 2 lit. a GDPR or on a contract in accordance with Art. 6 Sec. 1 lit. b GDPR and
  2. Processing takes place with the aid of automated procedures.

In enforcing this right, you also have the right to ensure that your personal data is transferred directly from one data controller to another data controller as far as this is technically possible. The freedom and rights of other persons may not be impaired by this.

The right to data portability does not apply to the processing of personal data that is required for performing a task that is in the public interest or in the exercise of an official authority that was assigned to the data controller.

20    Right of Objection

You have the right for reasons applying to your particular situation, to object at any time to processing of your personal data that takes place on the basis of Art. 6 Sec. 1 lit. e or f GDPR; this also applies to profiling based on these regulations.

The data controller no longer processes your personal data unless he or she can provide compelling legitimate reasons for processing that outweigh your interest, rights and freedoms, or the processing serves the assertion, enforcement, or defense of your legal rights.

If your personal data is processed to pursue direct advertising, you have the right to object at any time to processing of your personal data for the purposes of such advertising; this also applies to profiling, if this is related to such direct advertising.

If you object to processing for the purposes of direct advertising, your personal data is no longer processed for these purposes.

In connection with the use of information society services – irrespective of Regulation 2002/58/EG – you can exercise your right of objection using automated procedures for which technical specifications are used.

You also have the right for reasons applying to your particular situation to object to processing of your personal data conducted for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Sec. 1 GDPR.

Your right of objection can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.

21    Right to Withdraw Declaration of Consent Concerning Data Privacy

You have the right at any time to withdraw your consent concerning data privacy. Through the withdrawal of consent, the legitimacy of the processing carried out on the basis of your consent up to its withdrawal is not affected.

22    Automated Decision for Individual Cases Including Profiling

You have the right not to be subjected to a decision based exclusively on automated processing including profiling, a decision that has a legal effect on you or that considerably adversely affects you. This does not apply if the decision:

  1. is necessary for the conclusion or fulfillment of a contract between you and the data controller
  2. is permissible on the basis of legal regulations of the EU or the member states to which the data controller is subject and these legal regulations include appropriate measures for preserving your rights and freedoms as well as your justified interests, or
  3. is made with your express consent.

However, these decisions may not be based on special categories of personal data in accordance with Art. 9 Sec. 1 GDPR, as long as Art. 9 Sec. 2 lit. a or g GDPR does not apply and appropriate measures have been taken to protect your rights and freedoms as well as your justified interests.

With regard to the cases named in (1) and (3), the data controller takes appropriate measures to protect your rights and freedoms as well as your justified interests, to which at least belongs the right to obtain the intervention of a person on the part of the data controller, to present one’s own position, and to challenge the decision.

23    Right to Complain to a Supervisory Authority

Irrespective of any other regulatory or legal remedy, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, your workplace, or the place of the alleged violation if you are of the opinion that the processing of your personal data violates the General Data Protection Regulation (GDPR).

The supervisory authority to which the complaint is submitted informs the complainant about the state and results of the complaint including the possibility of a legal remedy in accordance with Art. 78 of the General Data Protection Regulation (GDPR).