Skip to main content

Privacy policy

General Part

Introduction

The protection of your personal data is important to us. It is an essential part of our development and sales activities. With this Privacy Policy, we would like to inform you about which types of personal data (hereinafter also referred to as “data”) we process, for which purposes, and to what extent.

Controller

LOGO InfraConsult GmbH
Bessie-Coleman-Straße 7
D-60549 Frankfurt am Main

Controller representatives: Andreas Klein, Huascar Rodriguez
Managing Directors authorised to represent the company: Andreas Klein, Huascar Rodriguez
Commercial Register: Frankfurt am Main, HRB 93639
VAT ID No.: DE282667948

Data Protection Officer: MFM Datenschutz-Consulting GmbH, represented by its managing directors Florian Kaiser and Marc Schönberger
You can contact our Data Protection Officer at datenschutz@datenschutzfrankfurt.de.

Overview of Processing

Below you will first find an overview of the categories of data processed and the categories of data subjects affected by the processing.

Categories of Processed Data

We distinguish between the following categories of processed data:

  1. Usage data:This includes, in particular, visited websites and content-related interests.
  2. Metadata:This means data generated during communication processes, such as IP addresses, browser identifiers and device information.
  3. Content data:This refers to the data provided in the course of using our services themselves (texts, images, forms).
  4. Contact data:This includes email addresses, telephone numbers and postal addresses.
  5. Contract data:Data required for the conclusion of a contract, such as the subject matter of the contract and the parties thereto.
  6. Master data:This refers to basic core data such as names and addresses.
  7. Geolocation data:This includes, for example, a person’s own location or a destination selected within a route.
  8. Payment data:Data concerning payment methods.
  9. Special categories of personal data:Special categories of personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.

Categories of data subjects

We distinguish between the following categories of data subjects affected by data processing:

  1. Users:Visitors to our websites and online services.
  2. Applicants:Persons who apply to us.
  3. Prospective customers:Persons interested in our services who contact us in this regard.
  4. Communication partners:Persons who contact us.
  5. Customers:Persons who use our services as customers.
  6. Contractual partners:Persons with whom we maintain contractual relationships without them being customers.

Purposes of processing

In general, personal data is processed for the following purposes:

  1. Provision of our online offering: We process data in order to make our online offering available at all.
  2. Obtaining feedback: Requesting and evaluating feedback regarding services and performance.
  3. Conversion measurement: Measuring the effectiveness of marketing measures.
  4. Security measures: Measures to protect our technical infrastructure.
  5. Contact requests and communication: Handling contact requests etc.
  6. Office organisation: Measures relating to office organisation, e.g. scheduling, allocation of tasks, etc.
  7. Performance of contractual services: Processing of data in connection with the performance and initiation of contracts.
  8. Improvement of the user-friendliness of our online offering: We process data to improve the user-friendliness of our offering. This is achieved in particular through analysis of visits to our online offering.
  9. Analysis of the behaviour of visitors to our online offering: Analysis of pages accessed, e.g. by recording click paths and bounce rates.
  10. Performance of the employment relationship: Data processing for the purpose of establishing, performing, administering and terminating employment relationships.
  11. Conducting the recruitment process: In the case of an application process, the data processed within that process.

Overview and explanation of legal bases

Below we inform you about the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. In addition to the provisions of the GDPR, national rules of the respective users’ country of residence or establishment may apply.

  1. Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR):Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  2. Performance of a contract and pre-contractual requests (Art. 6(1) sentence 1 lit. b GDPR):Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  3. Legal obligation (Art. 6(1) sentence 1 lit. c GDPR):Processing is necessary for compliance with a legal obligation to which the controller is subject.
  4. Protection of vital interests (Art. 6(1) sentence 1 lit. d GDPR):Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  5. Application procedure as a pre-contractual or contractual relationship (Art. 9(2)(b) GDPR):(Where special categories of personal data within the meaning of Art. 9(1) GDPR are requested from applicants as part of the application procedure (e.g. health data such as severe disability status or ethnic origin) so that the controller or the data subject may exercise the rights arising from labour law and the law on social security and social protection and comply with the related obligations, their processing is carried out pursuant to Art. 9(2)(b) GDPR, in the case of the protection of vital interests of applicants or other persons pursuant to Art. 9(2)(c) GDPR, or for the purposes of preventive or occupational medicine, for the assessment of the employee’s working capacity, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services pursuant to Art. 9(2)(h) GDPR. Where special categories of data are disclosed on the basis of voluntary consent, they are processed on the basis of Art. 9(2)(a) GDPR.)
  6. Data processing for purposes of the employment relationship (Section 26 BDSG):Within the employment relationship, we process (special categories of) personal data on the basis of the statutory provision for the purpose of establishing, performing and terminating the employment relationship.
  7. Consent (where requested) (Art. 6(1) sentence 1 lit. a GDPR):The data subject has given consent to the processing of their personal data for one or more specific purposes.
  8. Processing for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR):Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  9. Storage of information in the end user’s terminal equipment with consent (Section 25(1) sentence 1 TDDDG):We use storage areas of our users’ terminal devices for certain functions with their express and informed consent.
  10. Storage of information in the end user’s terminal equipment due to necessity (Section 25(2) no. 2 TDDDG):Where we have not asked for your permission when you visit our website or use individual functions, we use your terminal device’s storage for the technical display and delivery of our telemedia service where this is technically strictly necessary.

Security measures

In accordance with statutory requirements, and taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, Art. 32 GDPR. The security measures we have taken include, in particular, the following.

  • Secure Sockets Layer | Transport Layer Security (SSL): We use SSL / TLS for the encrypted transmission of data between our visitors’ terminal devices and our server. In this way, the risk of unauthorised access to the transmitted data is significantly reduced.

Transfer and disclosure of personal data to third parties

In the course of our processing of personal data, it may happen that data is transferred to or disclosed to other bodies, companies, legally independent organisational units or persons. Recipients of this data may include, in particular:

  • IT processors: This includes processors for hosting, mail services and server technology.
  • Public authorities: Public bodies with which we exchange data for the performance of contracts or for legal basiss.
  • Shipping processors: Processors that undertake logistics tasks for us. This includes, in particular, parcel processors.

In such cases, we ensure the protection of personal data by concluding contracts or agreements with the respective third parties that serve to ensure an adequate level of data protection. We select third parties to whom we disclose data carefully and conscientiously. Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between users and those providers.

Processing of data in third countries

Where we process data in a third country, i.e. a country outside the European Union or the European Economic Area, or where processing is carried out by third parties outside this area, such processing is performed only in accordance with the applicable statutory provisions. Subject to the data subjects’ express consent or legally required transfers, we process or arrange processing of data only in third countries that provide an adequate level of protection. This includes, in particular, countries in which processing is based on appropriate safeguards, such as contractual commitments by means of the European Commission’s standard contractual clauses, certifications, or binding internal data protection rules (Arts. 44 to 49 GDPR).

General information on deletion of data

The data processed by us will be deleted in accordance with statutory provisions as soon as consent to its processing has been withdrawn or other permissions cease to apply (e.g. legitimate interests, legal obligations, etc.). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person. Further information on the deletion of personal data may also be provided under the individual sections of this Privacy Policy.

Special Part

Use of Cookies

A “cookie” is a small text file that is stored on the computer of our visitor at the request of our systems and where the visitor’s browser settings permit this. It has a key and a value and serves to identify the terminal device beyond a single request-response cycle (session persistence). The cookie’s key and value are processed by the system setting the cookie with each request. Below you will find a list of the cookies we use and the related information.

Technically necessary cookies

We request our visitors’ systems to set the following cookies already when a page is first accessed.

Name |Domain Provider | Party Description | Details Storage period
borlabs-cookie-gcs |www.logo-infraconsult.de Borlabs – Benjamin A. Bornschein This cookie is set by the consent management tool Borlabs Cookie. The cookie is used to store the cookie settings you have selected and to ensure that your consents or refusals are taken into account when you revisit our website.

The cookie stores whether and which consents you have granted so that the cookie banner does not have to be displayed again on every page visit and so that only those cookies to which you have consented are set.

The cookie does not contain any personal data, but only information about your consent settings.
Information about the function:
Cookie & consent management: We use a service to ensure and manage the setting of cookies and the individual settings of our users in this regard.
Legal bases:
Legitimate interests(Art. 6(1) sentence 1 lit. f GDPR)		 364T, 23H
borlabs-cookie |www.logo-infraconsult.de Borlabs – Benjamin A. Bornschein This cookie is set by the consent management tool Borlabs Cookie and serves to store the consents you have granted to the use of cookies and external services on our website.

The cookie stores which categories of cookies you have accepted or rejected. This ensures that when you revisit our website, only those cookies to which you previously consented are set. In addition, the cookie prevents the cookie banner from being displayed again on each page visit.

The cookie does not contain any directly personal data, but only an assignment of your consent settings.
Information about the function:
Cookie & consent management: We use a service to ensure and manage the setting of cookies and the individual settings of our users in this regard.
Legal bases:
Legitimate interests(Art. 6(1) sentence 1 lit. f GDPR)		 364T, 23H

If you do not agree with the setting of the above cookies, you can configure your browser to reject their installation. This may mean that our website no longer functions properly.

Categories of processed data:Usage data, metadata and communication data
Data subjects:Users of our website.
Legal basis:The use of these cookies is strictly necessary for the operation of the website and is based on our legitimate interest in the effective delivery of our online offering, Art. 6(1) sentence 1 lit. f GDPR and Section 25(2) no. 2 TDDDG.

Optional cookies

We only set the following cookies after the user has given consent. The legal basis for the processing is the user’s consent (Art. 6(1) sentence 1 lit. a GDPR).

Name |Domain Provider | Party Description | Details Storage period
_ga |.logo-infraconsult.de Google LLC We use the web analytics service on our website
Google LLC,
1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses cookies that enable analysis of users’ use of our website. The information generated by the cookie about the use of this website is generally transmitted to and stored on a Google server.

We use Google Analytics exclusively with IP anonymisation activated. As a result, your IP address is truncated by Google within the European Union or in other contracting states to the Agreement on the European Economic Area before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

Google processes the data on our behalf in order to evaluate use of the website, compile reports on website activity and provide other services related to website use.

Processing only takes place if you have given your consent.

A transfer of data to the USA cannot be ruled out. Google is certified under the EU-US Data Privacy Framework.

You can revoke your consent at any time via our cookie banner.
Information about the function:
Web analytics: We use web analytics services to further improve our website, understand the interests and expectations of our users, identify issues in click paths on our website, and evaluate the performance of individual pages and our website as a whole.

For this purpose, data is collected and processed concerning the user’s terminal device, the pages accessed, the time of access and time spent on the respective pages, the origin of the users (referrer), and, where possible, their geographical location.

Insofar as we achieve this exclusively by evaluating HTTP requests (see above), processing is based on our legitimate interest. Where we use additional services, this only takes place with your consent.
Legal bases:
Legitimate interests(Art. 6(1) sentence 1 lit. f GDPR)
Consent (where requested)(Art. 6(1) sentence 1 lit. a GDPR)		 729T, 23H
_ga_0N0WPMZ6R5 |.logo-infraconsult.de Google LLC This cookie is used by Google Analytics 4 to store the session status and statistically evaluate user interactions on the website. It enables page views to be assigned to a session and serves to create usage statistics for the website.

The cookie contains a randomly generated identifier and serves for the pseudonymous recognition of sessions. Direct identification of the person does not take place.
Information about the function:
Web analytics: We use web analytics services to further improve our website, understand the interests and expectations of our users, identify issues in click paths on our website, and evaluate the performance of individual pages and our website as a whole.

For this purpose, data is collected and processed concerning the user’s terminal device, the pages accessed, the time of access and time spent on the respective pages, the origin of the users (referrer), and, where possible, their geographical location.

Insofar as we achieve this exclusively by evaluating HTTP requests (see above), processing is based on our legitimate interest. Where we use additional services, this only takes place with your consent.
Legal bases:
Legitimate interests(Art. 6(1) sentence 1 lit. f GDPR)
Consent (where requested)(Art. 6(1) sentence 1 lit. a GDPR)		 729T, 23H

Categories of processed data:Usage data, metadata and communication data
Data subjects:Users of our website.
Legal basis:User consent (Art. 6(1) sentence 1 lit. a GDPR).
Objection / withdrawal:You can revoke your consent for the future by using the consent tool on this website.

Storage areas used on the terminal device

We use storage areas of the end user’s terminal device made available by the browser (sessionStorage, localStorage).

Our website uses a function of the WordPress content management system to check whether your browser can correctly display emojis. For this purpose, an entry is stored in your browser’s local storage. The entry contains information on whether your browser supports certain emoji renderings as well as a timestamp of the last check. Storage serves exclusively for the technical optimisation of the display of our website and prevents the check from having to be repeated on every page visit. No personal data is stored and no data is transferred to third parties.

Legal bases:
Legitimate interests(Art. 6(1) sentence 1 lit. f GDPR)
Storage of information in the end user’s terminal equipment due to necessity(Section 25(2) no. 2 TDDDG)

Data processing (internal)

Contact form

Information and description

We offer you the opportunity to get in touch with us via a contact form.

To prevent abusive automated entries in our forms, we use a locally integrated CAPTCHA system (ALTCHA).

A technical check is carried out in the user’s browser in order to determine whether the input is made by a natural person. The check is carried out exclusively via our own servers and without integrating external services.

As part of this check, technical connection data, in particular the IP address, may be processed. Processing is carried out exclusively to protect our website against spam and abusive use.

Processed data:Metadata, content data, contact data

Data subjects:Users, applicants, prospective customers, communication partners, customers, contractual partners

Legal basis of processing:Legitimate interests, performance of a contract and pre-contractual requests, application procedure as a pre-contractual or contractual relationship, consent (where requested)

Legitimate interests:

  • Customer communication and support:Our legitimate interest in direct and simple communication with our (potential) customers, possibly also in an environment they already use, as well as our legitimate interest in being able to provide customer-oriented support at this point.

Data processing by external processors and processors

Google LLC

Google Analytics

After consent

Function
Web analytics

We use web analytics services in order to further improve our website, understand the interests and expectations of our users, identify issues in click paths on our website, and evaluate the performance of individual pages and our website as a whole.

For this purpose, data is collected and processed concerning the user’s terminal device, the pages accessed, the time of access and time spent on the respective pages, the origin of the users (referrer), and, where possible, their geographical location.

Insofar as we achieve this exclusively by evaluating HTTP requests (see above), processing is based on our legitimate interest. Where we use additional services, this only takes place with your consent.

Processed data:Usage data, metadata

Data subjects:Users

Legal basis of processing:Legitimate interests, consent (where requested)

Legitimate interests:

  • Optimisation of the user interface:Our legitimate interest in optimising our user interface and thus the effective design of our services.
  • Performance measurement:Our legitimate interest in measuring the performance of our website and individual pages.

Affected domains: analytics.google.com, region1.analytics.google.com, www.google-analytics.com (including subdomains)

Google Tag Manager

After consent

Function
Integration tools

We use external services to simplify the integration and handling of additional solutions on our website.
Use takes place either within the scope of our legitimate interest in the secure and uncomplicated integration of external resources or with the consent of our users.

Processed data:Usage data, metadata

Data subjects:Users

Legal basis of processing:Legitimate interests, consent (where requested)

Legitimate interests:

  • Low-maintenance operation:Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • Development outsourcing:Our legitimate interest in not having to develop all services ourselves and instead being able to rely on highly complex services operated by third parties.
  • High availability:Our legitimate interest in using a highly available service.

Affected domains: www.googletagmanager.com (including subdomains)

Google Statics

After consent

Function
Content Delivery Network, optimised delivery of images and files (CDN)

We use external processors to optimise the delivery and integration of files in terms of performance and compatibility. They may store files we require on servers in various geographic regions in order to reduce retrieval times.
In this context, the respective providers receive the corresponding request data.

Processed data:Usage data, metadata

Data subjects:Users

Legal basis of processing:Legitimate interests

Legitimate interests:

  • Low-maintenance operation:Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • High availability:Our legitimate interest in using a highly available service.

Affected domains: yt3.ggpht.com (including subdomains), ajax.googleapis.com, lh5.googleusercontent.com (including subdomains), www.gstatic.com

YouTube

After consent

Function
Video platform

We use external providers to display videos on our website. As a rule, these are integrated into our page by means of an iframe. When our own page is loaded, the browser accesses the external page containing the video.
We use these external providers on the basis of our legitimate interest in the simple integration of multimedia content into our offering.

Processed data:Usage data, metadata

Data subjects:Users

Legal basis of processing:Legitimate interests

Legitimate interests:

  • Low-maintenance operation:Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • Development outsourcing:Our legitimate interest in not having to develop all services ourselves and instead being able to rely on highly complex services operated by third parties.
  • High availability:Our legitimate interest in using a highly available service.

Affected domains: jnn-pa.googleapis.com, googlevideo.com (including subdomains), www.youtube.com (including subdomains), www.youtube-nocookie.com, s.ytimg.com, i.ytimg.com (including subdomains)

Google Maps

After consent

Information and description

Google Maps is a mapping service that provides interactive maps for a large part of the world.

Function
Maps

We use map services to present locations to our users easily within a dynamic, interactive and visually appealing map.

Processed data:Usage data, metadata, geolocation data

Data subjects:Users

Legal basis of processing:Legitimate interests

Legitimate interests:

  • Low-maintenance operation:Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • Licence management:Our legitimate interest in using a service that handles the management of any licences upstream.
  • Development outsourcing:Our legitimate interest in not having to develop all services ourselves and instead being able to rely on highly complex services operated by third parties.
  • High availability:Our legitimate interest in using a highly available service.

Affected domains: maps.google.com, maps.google.de, maps.googleapis.com, khms1.googleapis.com, places.googleapis.com, maps.gstatic.com

Provider information

Google LLC; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Subsidiary in the European Union: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy

This provider may process data outside the territorial scope of the European Union.

Standard Contractual Clauses (SCCs) have been concluded between the above controller and the provider.

OpenStreetMap Foundation

OpenStreetMap

After consent

Information and description

We have integrated the interactive map function of OpenStreetMap on our website.

This is intended to enable you to find our location more quickly. The basis for the integration is the Open Data Commons Open Database Licence (ODbL) granted by the OpenStreetMap Foundation (OSMF).

To the best of our knowledge, users’ data is processed by OpenStreetMap solely for the purpose of displaying map functions and temporarily storing the selected settings. Such data may include, in particular, users’ IP addresses and location data, although this is generally not collected without their consent (usually granted via the settings of their mobile devices).

We do not receive this data ourselves. The OpenStreetMap Foundation is the independent controller for the processing of your data.

Function
Maps

We use map services to present locations to our users easily within a dynamic, interactive and visually appealing map.

Processed data:Usage data, metadata, geolocation data

Data subjects:Users

Legal basis of processing:Legitimate interests

Legitimate interests:

  • Low-maintenance operation:Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • Licence management:Our legitimate interest in using a service that handles the management of any licences upstream.
  • Development outsourcing:Our legitimate interest in not having to develop all services ourselves and instead being able to rely on highly complex services operated by third parties.
  • High availability:Our legitimate interest in using a highly available service.

Affected domains: c.tile.openstreetmap.org, a.tile.openstreetmap.org, b.tile.openstreetmap.org

Provider information

OpenStreetMap Foundation; St John’s Innovation Centre Cowley Road Cambridge CB4 0WS United Kingdom, https://wiki.osmfoundation.org/wiki/Terms_of_Use#II._Privacy

This provider may process data outside the territorial scope of the European Union.
An adequacy decision of the European Commission exists for the United Kingdom as the country of transfer (Art. 45(3) GDPR). Further information on data protection at the OpenStreetMap Foundation can be found at: https://wiki.osmfoundation.org/wiki/Privacy_Policy#Why_do_we_store_and_process_personal_data?

External platforms

Social media

In order to communicate effectively with our (potential) customers and other interested persons and to provide them with an obvious point of contact and information, we maintain presences on certain social media platforms.
Please note that when social media is used, data may be processed outside the European Union, which may result in risks for users regarding the enforcement of their rights.

Social media platforms regularly analyse the behaviour of their users for marketing purposes. In doing so, they create extensive profiles relating to their users’ interests and usage behaviour in order to display personalised advertising. By setting cookies and integrating content on third-party pages, information may also be collected that goes beyond the direct use of the social network.
In particular, information may also be collected about the terminal device used, the internet connection (IP address) and, where applicable, the user’s location.

Please note that only the providers of these networks have access to the data collected about the user; accordingly, a request for access is most effectively asserted directly against those providers.
Details and further data protection information regarding the social networks used can be found below.

LinkedIn

We maintain a presence on the social network LinkedIn, which serves in particular for professional networking. On this website, we merely provide a link to that presence. Data is only processed by LinkedIn once you click this link.

Please note that you use this LinkedIn page and its functions under your own
responsibility. This applies in particular to the use of the interactive functions
(e.g. commenting, sharing, rating). Alternatively, you may also access the information made available via this page
on our website.

When visiting our LinkedIn page, LinkedIn collects, among other things, your IP address as well as further
information stored on your PC in the form of cookies.
LinkedIn provides further information in this regard at the following URL:
https://de.linkedin.com/legal/privacy-policy?

Provider information

LinkedIn Corp.; for the EU: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland Parent company: LinkedIn Corp. 605 W Maude Ave, Sunnyvale, CA 94085, USA, https://www.linkedin.com/legal/privacy-policy

Use

We use this platform for the following functions.

Social media

In order to communicate effectively with our (potential) customers and other interested persons and to provide them with an obvious point of contact and information, we maintain presences on certain social media platforms.

Our website may display elements which, when clicked, direct users to the respective social media presence (icon links, etc.).

Processed data:Usage data, metadata, content data, contact data, master data, geolocation data

Data subjects:Users, communication partners

Legal basis of processing:Legitimate interests

Legitimate interests:

  • Customer communication and support: Our legitimate interest in direct, simple communication with our (potential) customers, possibly also in an environment they already use, as well as our legitimate interest in being able to provide customer-oriented support there.

Rights of data subjects

Data subjects have rights about which we inform you below.

  • Right of access (Art. 15 GDPR):You have the right to request confirmation as to whether personal data concerning you is being processed and, where that is the case, access to such data as well as further information and a copy of the data in accordance with statutory provisions.
  • Right to rectification (Art. 16 GDPR):In accordance with statutory provisions, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing (Arts. 17, 18 GDPR):In accordance with statutory provisions, you have the right to request that data concerning you be erased without undue delay or, alternatively, to request restriction of the processing of the data.
  • Right to data portability (Art. 20 GDPR):You have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with statutory provisions, or to request its transmission to another controller.
  • Complaint to a supervisory authority (Art. 77 GDPR):Furthermore, in accordance with statutory provisions, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
  • Right to withdraw consent (Art. 7(3) GDPR):You have the right to withdraw consent given at any time vis-à-vis the controller.
  • Right to object (Art. 21 GDPR):You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Glossary

Below you will find a list with explanations of the terms most frequently used in this context.

Personal data

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 no. 1 GDPR).

Processing

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (cf. Art. 4 no. 2 GDPR).

Controller

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law (cf. Art. 4 no. 7 GDPR).

Processor

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (cf. Art. 4 no. 8 GDPR).

Click tracking

“Click tracking” allows tracking whether and on which button a user clicked, where that click led the user, and, where applicable, from which page of the online offering the click originated.