Privacy policy in accordance with GDPR

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU member states as well as other data protection regulations is:

CSL Computer GmbH
Hanseatenstraße 34
30853 Langenhagen
Germany

Phone: +49 511 / 76 900 100
Fax: +49 511 / 76 900 199
E-Mail: datenschutz@csl-computer.com
Internetseite: www.csl-computer.com

II. Name and address of the data protection officer

The data protection officer of the controller is:

HB E-Commerce Rechtsanwaltsgesellschaft mbH
Kohlgartenstraße 11-13
04315 Leipzig
E-Mail: csl-computer@datenschutz.hb-ecommerce.eu

III. General information about data processing

Scope of the processing of personal data

As a matter of principle, we only process personal data of our users to the extent necessary for the provision of a functional website as well as our content and services. The processing of our users’ personal data is regularly only carried out with the consent of the user. An exception applies in cases where prior consent cannot be obtained on practical grounds and the processing of the data is permitted by law.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

Data deletion and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned provisions expires, unless there is a need for the continued storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the computer making the access. The following data is collected:

1. Information about the browser type and version used
2. The user’s operating system
3. The user’s IP address
4. Date and time of access
5. Webpages from which the user’s system accesses our website
6. Webpages that are accessed by the user’s system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR.

Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files takes place in order to ensure the functionality of the website. In addition, we use the data to optimise the website and ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.

These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) (f) GDPR.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where data is collected for the provision of the website, deletion will take place when the respective session has ended.

Where data is stored in log files, deletion will take place after seven days at the latest. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or anonymised so that the client making the access can no longer be attributed.

Option of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no option for the user to object.

V. Use of cookies

Description, duration and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 25 (2) sentence 2 German Telecommunications and Telemedia Data Protection Act (TTDSG).
The legal basis for the processing of personal data using further cookies is Art. 6 (1) (a) GDPR if the user has given their consent in this regard.

Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of webpages for users. Some functions of our website cannot be offered without the use of cookies. These require the browser to be recognised even after a different page is loaded.

Option of objection and removal

Please note that you can configure your browser in such a way that you are notified about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Edge: https://support.microsoft.com/de-de/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy
• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
• Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de
• Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
• Opera: https://help.opera.com/de/latest/security-and-privacy/

VI. Newsletter

Description and scope of data processing

You can subscribe to a free newsletter on our website. The data from the input form is transmitted to us when you subscribe to the newsletter.

If you purchase goods or services on our website and enter your email address, this may subsequently be used by us to send you a newsletter. In such a case, only direct advertising for similar goods or services of our own will be sent via the newsletter.

No data is passed on to third parties in connection with the processing of data for the sending of newsletters. The data will only be used to send the newsletter.

Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 (1) (a) GDPR if the user has given their consent. The legal basis for sending the newsletter as a result of the sale of goods or services is section 7 (3) German Act Against Unfair Competition (UWG).

You can revoke your consent to the storage of the data, the email address and the use thereof for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The revocation does not affect the legality of the data processing operations already carried out.

Purpose of the data processing

The user’s email address is collected in order to deliver the newsletter or to record an unsubscription from the newsletter. Other personal data is collected as part of the registration process to prevent misuse of the services or the email address used.

Duration of storage

The data you provide to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and it will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. This has no effect on any data that has been stored by us for other purposes.
After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with any other data. This is both in your interest and in ours in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

Option of objection and removal

The subscription to the newsletter can be cancelled by the user concerned at any time. There is a corresponding link for this purpose in every newsletter.

VII. Registration

Description and scope of data processing

We offer you the opportunity on our website to create a registered customer account by providing personal data. The data is entered in an input form and transmitted to us and stored. The data is not shared with third parties. The following data is collected as part of the ordering process:

1. Surname and first name
2. Address
3. Email address
4. Telephone/fax number (optional)
5. Date of birth (optional)
6. Company (only if registered as business customer)
7. VAT ID (optional when registering as a business customer)

The following data is also stored at the time of registration:

1. The user’s IP address
2. Date and time of registration

The user’s consent to the processing of this data is obtained as part of the registration process.

Legal basis for data processing

The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 (1) (b) GDPR).

Purpose of the data processing

User registration is required for the provision of certain content and services on our website. This includes, above all and in particular, the administration of your delivery and invoice addresses, the overview of your current and past orders as well as the administration of your newsletter subscription.

Duration of storage

The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. This is without prejudice to statutory retention periods.

Option of objection and removal

As a user, you have the option to amend or delete the personal data stored about you at any time. You can contact us by phone or email for this purpose.

VIII. Enquiry by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your enquiry. We will not share this data without your consent.

This data is processed based on Art. 6 (1) (b) GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) (a) GDPR) and/or on our legitimate interests (Art. 6 (1) (f) GDPR), as we have a legitimate interest in the effective processing of enquiries addressed to us.

We will retain the data you send us via contact requests until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after we have finished processing your request). This is without prejudice to mandatory statutory provisions, and in particular statutory retention periods.

Contact form

Description and scope of data processing

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input form will be transmitted to us and stored. These data comprises:

1. The user’s IP address
2. Date and time of registration
3. If specified, the name and telephone number of the user

Your consent to the processing of the data is obtained as part of the process and reference is made to this privacy policy.

Alternatively, we can be contacted via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

The data will not be shared with third parties in this context. The data will be used exclusively for processing the conversation.

Legal basis for data processing

This data is processed based on Art. 6 (1) (b) GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries sent to us (Art. 6 (1) f GDPR) or on your consent (Art. 6 (1) a GDPR) if this has been requested.

Purpose of the data processing

We process the personal data from the input form solely to deal with the contact case. In the case of contact by email, this, too, constitutes a necessary legitimate interest in processing the data.

The other personal data processed during the process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

We will retain the data input into the contact form until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after we have finished processing your enquiry). This is without prejudice to mandatory statutory provisions, and in particular retention periods.

Option of objection and removal

The user may revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

In this case, all personal data stored in the course of contacting us will be deleted.

IX. Live Chat (mylivechat.com)

On our website we offer you a live chat function “mylivechat” by the provider RichScripts Inc., 2035 Sunset Lake Road, Newark, Delaware 19702, USA (hereinafter “RichScripts”) for the purpose of contacting you and providing personal advice. The following data is transmitted to RichScripts:

1. User’s IP address
2. Web page accessed

For more information, please see the RichScripts Inc. privacy policy: https://mylivechat.com/privacy.aspx

The following data is collected and processed by us during us of the live chat function:

1. User’s IP address
2. Referring URL
3. If applicable, the search engine used
4. Search engine keywords used, if applicable
5. Indicator for returning visitors incl. number of visits
6. Previous chats, if applicable
7. If applicable, chat history
8. Browser history on our website
9. Time spent on our website
10. Username (optional)

Legal basis for data processing

The legal basis for the processing of data transmitted while using the live chat function is Art. 6 (1) (f) GDPR. If the aim of the chat contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

Purpose of the data processing

We process the personal data from the live chat function solely to deal with the contact case. In the case of contact made via live chat, this also constitutes the necessary legitimate interest in processing the data.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the personal data from the live chat function when the respective conversation with the user has ended. The conversation has ended when it is clear from the circumstances that the matter in question has been conclusively dealt with.

The additional personal data collected during the process will be deleted after a period of three months at the latest.

Option of objection and removal

The user may revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

In this case, all personal data stored in the course of contacting us will be deleted.

X. Data processing for order handling

Description and scope of data processing

The following data is collected and processed by us as part of the ordering process:

1. Surname and first name
2. Address
3. Email address
4. Telephone/fax number (optional)
5. Date of birth (optional)
6. Company (only if registered as business customer)
7. VAT ID (optional when registering as a business customer)
8. The customer’s IP address
9. Date and time of the order
10. The payment method chosen by the customer
11. The shipping method chosen by the customer
12. The articles ordered by the customer with art. no., description, quantity and price
13. Different delivery or invoice address (optional)
14. The shipping costs included in the total as well as the sales tax included and the sales tax rate applicable to the order.
15. Assigned customer group (end customer, dealer, business customer with VAT ID)
16. Customer and order number
17. Federal state of the address
18. Customer’s gender (optional)
19. Referring URL

Legal basis for data processing

Your personal data is processed in accordance with Art. 6 (1) (b) GDPR on the grounds of the necessity for the fulfilment of the concluded contract. Optional data is processed in accordance with Art. 6 (1) (a) GDPR on the basis of your consent when ordering in our shop.

Purpose of the data processing

The processing of the user’s data is necessary for the performance of the contract entered into. This includes, above all and in particular, the administration of your delivery and invoice addresses, the details of the type and scope of the order, payment processing and shipping method.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is required for the fulfilment of a contract or the implementation of pre-contractual measures, early deletion of the data is only possible if deletion is not precluded by contractual or legal obligations.

Option of objection and removal

As a user, you have the option to amend or delete the personal data stored about you at any time. You can contact us by phone or email for this purpose.

Sharing of personal data with transport companies

We work together with logistics service providers / transport companies for the purpose of delivery of ordered goods: The following data may be shared with them for the purpose of delivering the ordered goods or – if necessary – for making announcements about such goods: first name, surname, postal address, email address, telephone number (e.g. for forwarding notices). The legal basis for the sharing of the data is Art. 6 (1) (b) GDPR.

Disclosure of personal data to payment service providers

PayPal

When paying via the payment service provider PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"), the payment data necessary for the processing of the payment will be forwarded to PayPal. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only insofar as this is necessary for the payment processing. For payment methods via credit card and direct debit, PayPal reserves the right to carry out a credit check. If necessary, your payment data will be passed on to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
For further information on data protection law, including information on the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

 

giropay

In the case of payment via giropay, payment processing is carried out via the payment service provider giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, Germany (hereinafter “giropay”), with whom we share your data provided during the ordering process in accordance with Art. 6 (1) (b) GDPR exclusively for the purpose of payment processing.

The data will only be shared to the extent actually necessary for the processing of the payment. If your data is no longer required for the aforementioned purposes, it will be deleted.

For further information about data protection, please refer to the giropay privacy policy: >https://www.giropay.de/agb/index.html/

You can object to this processing of your data at any time by sending a message to the controller or to giropay. However, giropay may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

giropay

In the case of payment via giropay, payment processing is carried out via the payment service provider giropay GmbH, An der Welle 4, 60322 Frankfurt/Main (hereinafter "giropay"), to whom we pass on your data provided during the ordering process exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.
The data will only be passed on to the extent that it is actually necessary for the processing of the payment. As far as your data is no longer required for the aforementioned purposes, it will be deleted.
For further information on data protection, please refer to the giropay data protection statement: https://www.giropay.de/rechtliches/datenschutz-agb/
You can object to this processing of your data at any time by sending a message to the data controller or to giropay. However, giropay may still be entitled to process your personal data if this is necessary for the processing of payments in accordance with the contract.

amazon pay

When paying via amazon pay, we share your payment data primarily with Amazon Payments Europe s.c.a., and secondarily with Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three located at 5, Rue Plaetis L 2338 Luxembourg (hereinafter “Amazon Payments”), as part of the payment processing procedure. The data is shared in accordance with Art. 6 (1) (b) GDPR and only insofar as this is necessary for payment processing. Amazon Payments reserves the right to conduct a credit check. If necessary, your payment data will shared with credit agencies in accordance with Art. 6 (1) (f) GDPR on the basis of Amazon Payments’ legitimate interest in determining your creditworthiness. Amazon Payments uses the outcome of the credit check compared to the statistical probability of non-payment to decide whether to provide the respective payment method. The credit report may contain probability values (known as score values). Where score values are included in the result of the credit report, these are based on a scientifically recognised mathematical and statistical procedure. Address data, among other things, is included in the calculation of the score values. In addition, Amazon Payments is entitled to share your data with unnamed third parties (banks, e-service providers, service partners, and also auditors, analysis services, credit agencies, marketing partners, cloud service providers, retargeting providers, affiliated companies), among others.

For further information about data protection law, including information about the credit agencies used, please refer to Amazon Payments’ privacy policy: https://pay.amazon.com/help/201751600

You can object to this processing of your data at any time by sending a message to Amazon Payments. However, Amazon may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

Paydirekt

Where payment is made using the payment method paydirekt, the payment is executed via the payment service provider paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany. In the course of this process, your payment data and your confirmation that the payment data is correct are collected, processed and transmitted to your bank by paydirekt GmbH in accordance with Art. 6 (1) (b) GDPR for the purpose of carrying out the paydirekt payment. This processing only takes place to the extent actually necessary for the execution of the payment. Paydirekt GmbH then authenticates the payment using the authentication procedure stored for you at your bank.

Further information about the transfer and processing of your data can be found in the paydirekt privacy policy, which you can view via the following link: https://www.paydirekt.de/agb/index.html

You can arrange for the erasure, blocking and rectification of your stored personal data as well as the provision of information about this data by contacting paydirekt GmbH at the following contact address: paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt, Germany, email: datenschutz@paydirekt.de. However, paydirekt GmBH may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.

Klarna

We use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; "Klarna") on our website. With the selection and use of payment via Klarna, the data required for payment processing is transmitted to Klarna in order to be able to fulfil the contract with you with the selected payment method. This processing is carried out on the basis of Art. 6 Para. 1 lit. B GDPR.

"Pay Later" (invoice), "Pay Now" (payment by direct debit), "Financing" (hire purchase)

For individual payment methods such as "Pay Later" (invoice), "Pay Now" (payment by direct debit), "Financing" (hire purchase), Klarna reserves the right to obtain credit information on the basis of mathematical-statistical methods using credit agencies. For this purpose, Klarna transmits the personal data required for a credit check, such as first name and surname, address, gender, email address, IP address as well as data related to the order to a credit agency for the purpose of checking identity and creditworthiness and uses the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship. The creditworthiness information may include probability values (score values) which are calculated on the basis of scientifically recognised mathematical-statistical procedures and in the calculation of which, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Art. 6 (1) lit. f GDPR for our overriding legitimate interest in protection against payment default when Klarna makes advance payments. You have the right to object to this processing of your personal data based on Art. 6 (1) (f) of the German Data Protection Regulation (GDPR) at any time by notifying Klarna. The provision of the data is necessary for the conclusion of the contract with the payment method requested by you. Failure to provide the data will result in the contract not being concluded with the payment method you have chosen. Further information, in particular to which credit agencies Klarna passes on your personal data, can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.

Stripe

We use the payment service Stripe of Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) on our website. The data processing serves the purpose of being able to offer you payment via the payment service. With the selection and use of Stripe, the data required for payment processing is transmitted to Stripe in order to be able to fulfil the contract with you with the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Stripe reserves the right, if necessary, to obtain a credit report on the basis of mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship. The creditworthiness information may include probability values (score values) which are calculated on the basis of scientifically recognised mathematical-statistical procedures and in the calculation of which, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Art. 6 (1) lit. f GDPR for our overriding legitimate interest in protection against payment default when Stripe makes advance payments. You have the right to object to this processing of your personal data based on Art. 6 (1) (f) GDPR at any time by notifying Stripe for reasons arising from your particular situation. The provision of the data is necessary for the conclusion of the contract with the payment method requested by you. Failure to provide it will result in the contract not being concluded with the payment method you have chosen. All Stripe transactions are subject to the Stripe privacy policy. You can find this at https://stripe.com/de/privacy.

Financing through Consors Finanz

The responsible party for the personal data entered in the order form in the sense of payment data for the processing of payment transactions is not CSL Computer GmbH, but Consors Finanz BNP Paribas S.A. Niederlassung Deutschland, Rüdesheimer Straße 1, 80686 Munich (hereinafter "Consors Finanz").
Consors Finanz collects, processes and uses the data you enter there directly and exclusively on its own responsibility. CSL Computer does not store this data itself. For more information, please refer to the Consors Finanz privacy policy: https://www.consorsfinanz.de/datenschutz/index.html

XI. Web analytics services

Google Analytics

We use the Google Analytics web analytics service provided by Google Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. The data processing serves the purpose of analysing this website and its visitors as well as for marketing and advertising purposes. Google will use the information obtained on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. In the process, the following information may be collected, among others: IP address, date and time of page view, click path, information about the browser you are using and the device you are using, pages visited, referrer URL (website from which you accessed our website), location data, purchase activities. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google Analytics uses technologies such as cookies, web storage in the browser and tracking pixels, which enable an analysis of your use of the website. The information generated by this about your use of this website is usually transferred to a Google server in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. Both Google and US government agencies have access to your data. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices and any other data Google may have about you. IP anonymisation is activated on this website. This means that your IP address will be truncated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. You can find more information on the terms of use and data protection at https://www.google.com/analytics/terms/de.htmlor at https://www.google.de/intl/de/policies/ as well as at https://policies.google.com/technologies/cookies?hl=de .

 

Matomo

We use the analysis tool Matomo by InnoCraft Ltd (150 Willis St, 6011 Wellington, New Zealand; "Matomo") on our website. The data processing serves the purpose of analysing this website and its visitors. Cookies may be used for this purpose, which enable the recognition of the Internet browser. In the process, the following information may be collected, among others: IP address, information about the browser you are using and about the device you are using, files you have clicked on or downloaded, clicks on links to third-party websites, referrer URL (website from which you accessed our website), URL of our website, number of visits, time of your first visit, date and time of visit, time zone, location data. From this data, usage profiles can be created under a pseudonym. The data collected using Matomo technologies will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym. In doing so, your data will be transferred to a third country outside the European Union for which an adequacy decision of the EU Commission is available.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

XII. Online marketing

Microsoft Advertising

We use Microsoft Advertising from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft") on our website. The data processing serves marketing and advertising purposes and the purpose of measuring the success of the advertising measures (conversion tracking). We learn the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, it is not possible to personally identify these users. Microsoft Advertising uses technologies such as cookies and tracking pixels to help analyse how you use the website. When you click on an ad placed by Microsoft Advertising, a cookie for conversion tracking is placed on your computer. This cookie has a limited validity and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognise that you have clicked on the ad and have been redirected to this page. In doing so, the following information may be collected, among other things: IP address, identifiers assigned by Microsoft (identifiers), information about the browser you are using and the device you are using, referrer URL (website from which you accessed our website), URL of our website. Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. You can find more information on data protection and the cookies used at Microsoft here.

Facebook Pixel

We use the "Custom Audiences" remarketing function of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland "Facebook") on our website. Meta Platforms Ireland and we are jointly responsible for the collection of your data and the transmission of this data to Facebook when the service is integrated. This is based on an agreement between us and Meta Platforms Ireland on the joint processing of personal data, which defines the respective responsibilities. The agreement can be accessed at https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible in particular for fulfilling the information obligations pursuant to Art. 13, 14 of the GDPR, for complying with the security requirements of Art. 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations pursuant to Art. 33, 34 of the GDPR insofar as a personal data breach affects our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling data subject rights under Art. 15 - 20 GDPR, for complying with the security requirements of Art. 32 GDPR with respect to the security of the Service, and for complying with the obligations under Art. 33, 34 GDPR to the extent that a personal data breach affects Meta Platforms Ireland's obligations under the Joint Processing Agreement. The application serves the purpose of targeting visitors to the website with interest-based advertising on the social network Facebook. For this purpose, the Facebook remarketing tag has been implemented on the website. This tag establishes a direct connection to the Facebook servers when the website is visited. This transmits to the Facebook server which of our pages you have visited. Facebook assigns this information to your personal Facebook user account. When you visit the Facebook social network, you will then be shown personalised, interest-related Facebook ads. Your data may be transferred to the USA. For the USA, an adequacy decision of the EU Commission is in place, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. For more information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy, please refer to Facebook's privacy policy at https://www.facebook.com/about/privacy/.

Google Ads Conversion Tracking

We use the online advertising programme "Google Ads" on our website and in this context conversion tracking (visit action evaluation). Google Conversion Tracking is an analysis service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google). When you click on an ad placed by Google, a cookie for conversion tracking is placed on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we will be able to recognise that you clicked on the ad and were redirected to that page. Each Google Ads customer receives a different cookie. Thus, there is no way that cookies can be tracked across Ads customers' websites. The information obtained with the help of the conversion cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our ads and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. Your data may be transmitted to Google LLC servers in the USA. For the USA, an adequacy decision of the EU Commission is in place, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. You can find more information and Google's privacy policy at: https://www.google.de/policies/privacy/.

Google Adsense

We use the AdSense function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. The data processing serves the purpose of renting advertising space on the website and targeting visitors to the website with interest-related advertising on these. By means of this function, visitors to the provider's website are shown personalised, interest-related advertising from the Google Display Network. Google uses cookies to analyse your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation. You can find more information and Google's privacy policy at: https://www.google.com/policies/technologies/ads and https://www.google.de/policies/privacy/ .

 

Remarketing or "similar target groups" function of Google Inc.

We use the remarketing or "similar target groups" function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. The application serves the purpose of analysing visitor behaviour and visitor interests. Google uses cookies to carry out the analysis of website usage, which forms the basis for the creation of interest-based advertisements. The cookies are used to record visits to the website as well as anonymised data on the use of the website. No personal data of visitors to the website is stored. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas. Your data may be transmitted to Google LLC servers in the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. You can find more information on Google Remarketing and the associated data protection declaration at: https://www.google.com/privacy/ads/.

 

XIII. Advertising by conventional mail

We reserve the right to store your first name and surname, your postal address and – insofar as we have received this additional information from you as part of the contractual relationship – your title, academic degree, year of birth and your occupational, industry or business designation based on our legitimate interest in personalised direct advertising in accordance with Art. 6 (1) (f) GDPR and to use this information to send you interesting offers and information about our products by conventional mail.

You may revoke your consent to the processing of personal data at any time. If you contact us by email (datenschutz@csl-computer.com), you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

In this case, all personal data stored in the course of contacting us will be deleted.

XIV. Tools and miscellaneous

Google Maps

We use the function for embedding GoogleMaps maps of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. The function enables the visual display of geographical information and interactive maps. In the process, Google also collects, processes and uses data from visitors to the websites when they call up the pages in which GoogleMaps maps are integrated. Your data may also be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. Your personal data is processed on the basis of Art. 6 (1) lit. f GDPR for our overriding legitimate interest in the needs-based and targeted design of the website. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation. You can find more information on the collection and use of data by Google in Google's data protection information at https://www.google.com/privacypolicy.html. There you also have the option in the data protection centre to change your settings so that you can manage and protect your data processed by Google.

Google reCAPTCHA

We use the reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. The query serves the purpose of distinguishing the input by a human or by automated, machine processing. For this purpose, your input is transmitted to Google and used there. In addition, the IP address and any other data required by Google for the reCAPTCHA service will be transmitted to Google. This data is processed by Google within the European Union and may also be transmitted to Google LLC servers in the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. Your personal data is processed on the basis of Art. 6 (1) (f) GDPR for our overriding legitimate interest in protecting our website from automated spying, misuse and SPAM. You have the right to object to this processing of your personal data based on Art. 6 (1) (f) GDPR at any time for reasons arising from your particular situation. You can find more information on Google reCAPTCHA and the associated data protection declaration at: https://www.google.com/recaptcha/intro/android.htmland https://www.google.com/privacy.

Cloudflare

We use the Cloudflare CDN content delivery network of Cloudflare Inc. (101 Townsend St, San Francisco, CA 94107, USA; "Cloudflare") on our website. This is a supra-regional network of servers in various data centres to which our web server connects and via which certain contents of our website are delivered. The data processing serves the purpose of optimising the loading times of our website and thus making our offer more user-friendly. In the process, the following information may be collected, among others: IP address, system configuration information, information about traffic to and from customer websites (so-called server log files). Your data may be transmitted to the USA. For the USA, an adequacy decision of the EU Commission is in place, the Trans-Atlantic Data Privacy Framework (TADPF). Cloudflare has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. Your personal data is processed on the basis of Art. 6 (1) lit. f GDPR for our overriding legitimate interest in the demand-oriented and targeted design of the website. You have the right to object at any time to the processing of your personal data based on Art. 6 (1) (f) of the German Data Protection Act (GDPR) for reasons relating to your particular situation. You can find more information on data protection when using Cloudflare at https://www.cloudflare.com/dede/privacypolicy/.

Youtube

We use the function for embedding YouTube videos from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "YouTube") on our website.YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). The function displays videos stored on YouTube in an iFrame on the website. The option "Extended data protection mode" is activated. This means that YouTube does not store any information about visitors to the website. Only when you watch a video is information about it transmitted to YouTube and stored there. Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. Your personal data is processed on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in the demand-oriented and targeted design of the website. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation. For more information on the collection and use of data by YouTube and Google, your rights in this regard and ways to protect your privacy, please refer to YouTube's privacy policy at https://www.youtube.com/t/privacy.

 

Customer reviews

Trustpilot (trustpilot.com)

We use the independent rating portal Trustpilot, which is operated by Trustpilot A/S, Pilestræde 58, 5,
1112 Copenhagen, Denmark (hereinafter “Trustpilot”). We seek to constantly improve ourselves and our service and for this reason we have decided to use such a solution. The invitations to provide an evaluation are automatically emailed to our customers in the course of a order dispatched in our online shop. The invitation to provide an evaluation is based on Art. 6 (1) (f) GDPR to protect our legitimate interests in order to ensure a complete, independent and customer evaluation that cannot be influenced by us as a shop for our company and our services. The data transferred to Trustpilot for this purpose is the customer name, the customer’s email address, the order number, the item number and the item description. These are transferred to Trustpilot and used by Trustpilot itself or passed on to third parties in order to fulfil the contract. As a customer, you are free to submit a rating. By submitting your rating/feedback, you agree to Trustpilot’s current communication rules. If you have any questions about the collection, processing or use of your personal data, or if you wish to obtain information, rectify, block or erase data, or revoke any consent you may have given or object to a particular use of data, please contact us at: datenschutz@csl-computer.com

For more information about Trustpilot’s privacy policy, please visit:

https://uk.legal.trustpilot.com/end-user-privacy-terms

eKomi (ekomi.de)

We use the independent review portal eKomi, which is operated by eKomi Ltd, Markgrafenstr. 11, 10969 Berlin, Germany (hereinafter “eKomi”). We seek to constantly improve ourselves and our service and for this reason we have decided to use such a solution. The invitations to provide an evaluation are automatically emailed to our customers in the course of a order dispatched in our online shop. The invitation to provide an evaluation is based on Art. 6 (1) (f) GDPR to protect our legitimate interests in order to ensure a complete, independent and customer evaluation that cannot be influenced by us as a shop for our company and our services. The data transferred to eKomi for this purpose comprises the customer name, the customer’s email address, the order number, the item number and the item description. These are transferred to eKomi and used by eKomi itself or passed on to third parties in order to fulfil the contract. As a customer, you are free to submit a rating. By submitting your rating/feedback, you agree to the current communication rules of eKomi. If you have any questions about the collection, processing or use of your personal data, or if you wish to obtain information, rectify, block or erase data, or revoke any consent you may have given or object to a particular use of data, please contact us at: datenschutz@csl-computer.com

For more information about eKomi’s privacy policy, please visit: https://www.ekomi.co.uk/uk/privacy/

Google Customer Reviews

We use the "Google Customer Reviews" programme of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google") on our website to collect customer reviews from users of our website. If you have given us your express consent pursuant to Art. 6 (1) lit. a GDPR during or after your order, we will transmit your e-mail address to Google so that Google can send you a rating reminder by e-mail. The review you submitted will then be aggregated with other reviews and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard, as well as being used for Google seller reviews.
You can withdraw your consent at any time by sending a message to the data controller or to Google.
Google LLC, based in the USA, is certified for the us-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU.
For more information on Google's privacy policy in relation to the Google Customer Reviews programme, please see the following link: https://support.google.com/merchants/answer/7188525?hl=de
You can read more information about the privacy of Google Seller Ratings at this link: https://support.google.com/adwords/answer/2375474

 

XV. Social Media

Data processing by social networks

We maintain publicly accessible profiles on social networks. Social networks such as Facebook, Google+ etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
We would like to point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information offered via this page on our website.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Responsible person and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy).

 

XVI. Applications to CSL Computer GmbH

In accordance with the requirements of Art. 13, 14 and 21 GDPR, we hereby inform you about the processing of the personal data you have provided as part of the application process

Description and scope of data processing

We only process data that is related to your application. This may include general personal data (name, address, contact details, etc.), information about your professional qualifications and school education, information about further professional training and, if applicable, other data that you send us in connection with your application by post, email or via the contact form on our website.

Legal basis and purpose of data processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the decision to establish an employment relationship with us. The legal basis for this is Art. 88 GDPR in conjunction with section 26 BDSG – new version and, if applicable, Art. 6 (1) (b) GDPR for the initiation or implementation of contractual relationships.

Furthermore, we may process your personal data if this is necessary to fulfil legal obligations (Art. 6 (1) (c) GDPR) or to defend legal claims asserted against us. The legal basis for this is Art. 6 (1) (f) GDPR. The legitimate interest is, for example, a duty of proof in proceedings under the German General Equal Treatment Act (AGG). If you give us express consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. Consent given can be revoked at any time, with effect for the future.

If an employment relationship arises between you and us we may process the personal data already received from you for the purposes of the employment relationship in accordance with Art. 88 GDPR in conjunction with. section26 BDSG – new version, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representation resulting from a law or a collective bargaining agreement, a company or service agreement (collective agreement).

Duration of storage

We store your personal data for as long as this is necessary to take the decision about your application. Your personal data or application documents will be deleted a maximum of six months after the end of the application procedure (e.g. notification of the rejection decision), unless longer storage is required or permitted by law. We will only store your personal data beyond this period insofar as this is required by law or in the specific case for the establishment, exercise or defence of legal claims for the duration of a legal dispute.

Option of objection and removal

You have the option to amend or delete the personal data stored about you at any time. You can contact us by post, telephone or email.

XVII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right of access

You may request confirmation from the controller as to whether personal data relating to you is being processed by us.

If such processing is taking place, you can request information from the controller about the following:

1. the purposes for which the personal data is being processed;
2. the categories of personal data which are being processed;
3. the recipients or categories of recipients with whom the personal data concerning you has been or will be shared;
4. the envisaged period for which the personal data relating to you will be stored or, if specific information about this is not possible, the criteria used to determine that storage period;
5. the existence of a right to rectify or erase personal data concerning you, a right to have processing restricted by the controller or a right to object to such processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. any available information about the origin of the data if the personal data is not collected from the data subject;
8. the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is inaccurate or incomplete. The controller shall perform the rectification without delay.

Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
3. the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise or defence of legal claims, or
4. if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate interests of the controller outweigh your interests.

Where the processing of personal data relating to you has been restricted, that data may only be processed, with the exception of storage, with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to erasure

Obligation to erase

You may request that the controller erase the personal data concerning you without delay and the controller is obliged to erase this data without delay if one of the following reasons applies:

1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
2. You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a GDPR and there is no other legal ground for the processing.
3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
4. The personal data concerning you has been processed unlawfully.
5. The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
6. The personal data concerning you was collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.

Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17 (1) GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform controllers which process the personal data that you as the data subject have requested that they erase all links to, or copies or replications of, that personal data.

Exceptions

The right to erasure does not exist to the extent that the processing is necessary

1. to exercise the right to freedom of expression and information;
2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, where the right referred to in part a) is likely to render impossible or seriously prejudice the achievement of the objectives of such processing, or
5. for the establishment, exercise or defence of legal claims.

Right of notification

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you has been shared, unless this proves impossible or involves a disproportionate effort.

You have the right to be notified of these recipients by the controller.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

1. (1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
2. (2) the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, where this is technically feasible. The rights and freedoms of other persons must not be affected by this.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In connection with the use of information society services and notwithstanding Directive 2002/58/EC, you may exercise your right to object by means of automated procedures using technical specifications.

Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent up to the point of revocation.

Automated decision-making in individual cases including profiling

You have the right not to be subject to decision-making based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

1. is necessary for the conclusion or performance of a contract between you and the controller,
2. is authorised by legislation of the Union or the Member States to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or is done with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms, and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express their point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.