Sect. 1 General
Sect. 2 Rights of the data subject
If your personal data is being processed, you are the ‘data subject’ in terms of GDPR and you have the following rights towards the controller:
1. Right of access by the data subject
You may ask the controller to confirm whether your personal data is processed.
In the case of such processing, you may request the following information from the controller:
(1) the purposes of the processing of the personal data;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the estimated period of time for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the right to request from the controller to rectify or erase the personal data or the right to restrict the processing of personal data concerning the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) the right to all available information on the source of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information for your about the logic involved, as well as the consequences and intended effects of such processing.
As a data subject, you have the right to be informed whether the personal data concerning you are transferred to a third country or to an international organisation. In this regard, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2. Right to rectification
You have the right to have corrected and/or completed your personal data from the controller if your personal data processed is incorrect or incomplete. The controller has to make the correction without delay.
3. Right to restriction of processing
You have the right to obtain from the controller restriction of processing where one of the following applies:
(1) if you contest the accuracy of the personal data relating to you for a period of time that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to erase the personal data and request the restriction of the use of the personal data instead;
(3) the controller no longer needs the personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims; or
(4) if you have lodged an objection against the processing in accordance with Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your grounds.
Where processing of personal data relating to you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the purpose of establishing, exercising or defending legal claims or for the protecting of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the conditions mentioned above, you will be informed by the controller before the restriction of processing is lifted.
4. Analysis tools and advertising
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called cookies. Cookies are text files, which are stored on your computer and that enable an analysis of the use of the website by users. The information generated by cookies on your use of this website is usually transferred to a Google server in the United States, where it is stored.
The storage of Google Analytics cookies and the utilization of this analysis tool are based on Art. 6 Sect. 1 lit. f GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
On this website, we have activated the IP anonymization function. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyse your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.
You do have the option to prevent the archiving of cookies by making pertinent changes to the settings of your browser software. However, we have to point out that in this case you may not be able to use all of the functions of this website to their fullest extent. Moreover, you have the option prevent the recording of the data generated by the cookie and affiliated with your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objection to the recording of data
You have the option to prevent the recording of your data by Google Analytics by clicking on the following link. This will result in the placement of an opt out cookie, which prevents the recording of your data during future visits to this website: [ga-optout text=”Google Analytics deactivation”]
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.
Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
Demographic parameters provided by Google Analytics
This website uses the function “demographic parameters” provided by Google Analytics. It makes it possible to generate reports providing information on the age, gender and interests of website visitors. The sources of this information are interest-related advertising by Google as well as visitor data obtained from third party providers. This data cannot be allocated to a specific individual. You have the option to deactivate this function at any time by making pertinent settings changes for advertising in your Google account or you can generally prohibit the recording of your data by Google Analytics as explained in section “Objection to the recording of data”.
Data on the user or incident level stored by Google linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 month. For details please click the following link: https://support.google.com/analytics/answer/7667196?hl=en
Google Analytics Remarketing
This website uses the functions of Google Analytics Remarketing in combination with the functions of Google Ads and Google DoubleClick, which work on all devices. The provider of these solutions is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
This function makes it possible to connect the advertising target groups generated with Google Analytics Remarketing with the functions of Google Ads and Google DoubleClick, which work on all devices. This makes it possible to display interest-based customized advertising messages, depending on your prior usage and browsing patterns on a device (e.g. cell phone) in a manner tailored to you as well as on any of your devices (e.g. tablet or PC).
If you have given us pertinent consent, Google will connect your web and app browser progressions with your Google account for this purpose. As a result, it is possible to display the same personalized advertising messages on every device you log into with your Google account.
To support this function, Google Analytics records Google authenticated IDs of users that are temporarily connected with our Google Analytics data to define and compile the target groups for the ads to be displayed on all devices.
You have the option to permanently object to remarketing/targeting across all devices by deactivating personalized advertising. To do this, please follow this link: https://www.google.com/settings/ads/onweb/.
The consolidation of the recorded data in your Google account shall occur exclusively based on your consent, which you may give to Google and also revoke there (Art. 6 Sect. 1 lit. a GDPR). Data recording processes that are not consolidated in your Google account (for instance because you do not have a Google account or have objected to the consolidation of data), the recording of data is based on Art. 6 Sect. 1 lit. f GDPR. The legitimate interest arises from the fact that the operator of the website has a legitimate interest in the anonymized analysis of website visitor for advertising purposes.
For further information and the pertinent data protection regulations, please consult the Data Privacy Policies of Google at: https://policies.google.com/technologies/ads?hl=en.
Google Ads and Google Conversion Tracking
This website uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
In conjunction with Google Ads, we use a tool called Conversion Tracking. If you click on an ad posted by Google, a cookie for Conversion Tracking purposes will be placed. Cookies are small text files the web browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we will be able to recognise that the user has clicked on an ad and has been linked to this page.
A different cookie is allocated to every Google Ads customer. These cookies cannot be tracked via websites of Google Ads customers. The information obtained with the assistance of the Conversion cookie is used to generate Conversion statistics for Google Ads customers who have opted to use Conversion Tracking. The users receive the total number of users that have clicked on their ads and have been linked to a page equipped with a Conversion Tracking tag. However, they do not receive any information that would allow them to personally identify these users. If you do not want to participate in tracking, you have the option to object to this use by easily deactivating the Google Conversion Tracking cookie via your web browser under user settings. If you do this, you will not be included in the Conversion Tracking statistics.
The storage of “Conversion” cookies and the use of this tracking tool are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
To review more detailed information about Google Ads and Google Conversion Tracking, please consult the Data Privacy Policies of Google at: https://policies.google.com/privacy?hl=en.
You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited.
5. Right to erasure
a) Obligation regarding erasure
You have the right to obtain from the controller the erasure of your personal data immediately and the controller is obliged to erase this data without delay where one of the following reasons applies:
(1) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based accordance to point (a) of Article 6 (1), or point (a) of Article 9 (2) GDPR and where there is no other legal ground for the processing;
(3) you submit an objection to the processing accordance to Article 21 (1) of the GDPR, and there are no legitimate reasons for the processing, or you lodge an objection against the processing accordance to Article 21 (2) of the GDPR;
(4) your personal data have been unlawfully processed;
(5) your personal data need to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) your personal data have been collected in relation to the offer information society services referred to Article 8 (1);
b) Obligation to inform other controllers (third parties)
If the controller has made your personal data public and is obliged to erase them accordance to Article 17 (1) of the GDPR, he has to take reasonable steps, taking into account the available technology and the cost of implementation, including technical measures, to inform the controllers who process the personal data that you, as the person concerned, have requested the erasure of any links to, or copy or replication of those personal data.
The right to erasure does not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for fulfilment of a legal obligation which requires processing by the law of the Union or of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or the exercise of official authority transferred to the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) as well as Article 9 (3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research or for statistical purposes in accordance with Article 89 (1), insofar as the right referred to in paragraph 1 is likely to make it impossible or seriously impair the achievement of the objectives of such processing; or
(5) for the establishing, exercising or defending legal claims.
6. Notification obligation
If you have made use of your right to correct, erase or restrict the processing of your personal data, the controller is obliged to inform all recipients to whom the personal data have been disclosed of this correction or erasure of the data or limitation of the processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.
7. Right to data portability
You have the right to receive the personal data relating to you which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller, who has been provided with the personal data, where:
(1) the processing is based on a consent in accordance with the point (a) of Article 6 (1) or point (a) of Article 9 (2) or on a contract in accordance with the point (b) of Article 6 (1); and
(2) the processing is carried out using automated means.
In exercising this right, you also have the right to have your personal data are transmitted directly from one controller to another, as far as this is technically feasible. Freedoms and rights of other persons may not be affected thereby.
The right to data portability is not applicable to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority given to the data controller.
8. Right to object
For reasons arising from your particular situation, you have the right to object at any time to processing of personal data concerning you, which is carried out based on point (e) or (f) of Article 6 (1); this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you, unless the controller can prove that there are compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.
Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
Where you object to the processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility of exercising your right to object by automated means using technical specifications.
9. Right to withdraw the declaration of consent under Data Protection Act
You have the right to withdraw your declaration of consent under Data Protection Act at any time. The withdrawal of the consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.
10. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or which significantly impairs you in a similar manner.
This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions may not be based on special categories of personal data in accordance with Article 9 (1), unless point (a) or (g) of Article 9 (2) applies and appropriate measures to safeguard the rights and freedoms and your legitimate interests are in place.
Regarding the cases referred to in (1) and (3), the data controller has to take appropriate measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the data controller, to state his or her own position and to contest the decision.
11. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this Regulation.
The supervisory authority with which the complaint has been lodged is to inform the complainant on the progress and the outcome of the complaint including the possibility of judicial remedy accordance to Article 78.
Responsible for data processing:
interfides – Steuerberatungsgesellschaft m.b.H.
Elsenheimerstr. 59, 80687 München
+49 / (0)98 / 725 60 38
vertreten durch Thomas Jan, Andreas Jan, Antje Mulas
Contact details of our data protection officer:
ER Secure GmbH, c/o interfides – Steuerberatungsgesellschaft mbH
In der Knackenau 4, 82031 Grünwald
Document produced and updated by janolaw AG.