Privacy Policy for EIT Health Germany GmbH

Introduction

The following privacy statement is intended to clarify which types of personal data (hereinafter also referred to as ‘data’) we process for what purposes and to what extent. The Privacy Policy applies to all processing of personal data carried out by us, both in the framework of the provision of our services and, in particular, on our websites, in mobile applications, and within external online features, such as our social media profiles (collectively referred to as the “online offer”).

As of: August 28, 2019

Table of Contents

Data protection officer

The person responsible for the collection, processing, and use of your personal data within the meaning of Article 4(7) of the GDPR and other national data protection laws of the Member States and other data protection legislation shall be:

EIT Health Germany GmbH  Dr. med. Katharina Ladewig  Sandhofer Str. 116 68305 Mannheim

Authorized persons: Katharina Ladewig

E-mail: katharina.ladewig@eithealth.eu

Legal: https://www.eit-health.de/impressum

Overview of processing

The table below summarises the types of data processed and the purposes for which they are processed and refers to the data subjects.

Types of data processed

  • Inventory data (names, addresses, etc.).
  • Content data (e.g. text input, photographs, videos).
  • Contact data (e.g., email address, phone numbers).
  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g., websites visited, interest in content, access times).

Categories of data subjects

  • Communication partner
  • Users (website visitors, users of online services).

Purposes of processing

  • Providing online services and user-friendliness.
  • Office and organisation procedures.
  • Behavioural and interest-based marketing.
  • Contact requests and communication.
  • Profiling (creating profiles for users).
  • Range measurement (access statistics, recognition of recurring visitors).
  • Security measures.
  • Tracking (interest/behavioural profiling, cookies).
  • Contractual services.
  • Managing and responding to requests.

Applicable legal bases

Below, we provide the legal bases of the Basic Data Protection Regulation (DSM) on which we process personal data.
Please note that, in addition to the rules of the DSM, the national data protection rules may apply in your or our country of residence.

  • Consent (Art. 6 para. 1 p. 1 lit. a. GDPR)– The data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes.
  • Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR)– Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
  • Legitimate interests (Art. 6, Para. 1 p. 1 lit. f. GDPR)– Processing is necessary to safeguard the legitimate interests of the officer or of a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data outweigh those of the data subject.

National data protection regulations in Germany: In addition to the data protection provisions of the General Data Protection Regulation, national rules on data protection apply in Germany. This includes, in particular, the Law on the Protection against the Abuse of Personal Data in the Processing of Data (Federal Data Protection Law – BDSG-new).
In particular, the BDSG-new contains special rules on the right of access, the right of erasure, the right of appeal, the processing of specific categories of personal data, the processing for other purposes, and the transmission and automated decision-making in individual cases, including profiling. It also regulates the processing of data for the purposes of the employment relationship (Paragraph 26 of the BDSG-new), in particular, the creation, performance or termination of employment and the consent of employees. In addition, national laws on data protection can be applied in the individual federal states.

Security measures

We shall take appropriate technical and organisational measures, taking into account the cost of implementation and the nature, extent, circumstances and purposes of processing, the different probabilities of entry and the extent of the threat to the rights and freedoms of natural persons, in accordance with the legal requirements, to ensure a level of protection in accordance with the risk.

Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data through control of physical and electronic access to the data, as well as access to the data relating to them, input, transfer, securing availability and separation. We have also put procedures in place to ensure the exercise of rights of data subjects, the erasure of data and the response to data threats. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly defaults.

Shortening the IP address: If we are able to do so, or if it is not necessary to store the IP address, we shall shorten your IP address in compliance with Member States of the European Union or other States Parties to the European Economic Area Agreement. In the case of IP address shortening, also known as IP masking, the last octet, i.e. the last two numbers of an IP address, is deleted (the IP address in this context is a unique identifier associated with an internet connection by the online access provider). The shortening of the IP address is intended to prevent or make it much more difficult to identify a person on the basis of their IP address.

SSL encryption (https): We use SSL encryption to protect your data transmitted via our online services. You can recognise encrypted connections by the prefix “https://” in the page link in the address line of your browser.

Transmission and disclosure of personal data

As part of our processing of personal data, the data is transferred to or disclosed to other entities, undertakings, legally independent organisational units or persons. Recipients of this data may include payment institutions in connection with payment transactions, service providers entrusted with IT tasks or service and content providers included in a website. In the event that we outsource certain parts of data processing (“order processing”), we contractually oblige contractors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.

Data Transfer within the Organization: We may transfer personal data to other entities within our organization or grant them access to it. Where such disclosure is made for administrative purposes, the transfer of data shall be based on our legitimate commercial and business interests or shall take place where it is necessary to fulfil our obligations under the contract or where consent or legal authorisation is obtained from the data subject.

Data transfer to a third country: In principle, transfers of your personal data which we have received in the context of our business relationship to countries outside the EU or the EEA will only take place if you have given us consent to do so or if this is a condition necessary for the performance of a contract. If personal data is transferred to a third country or an international organisation, you have the right to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

The use of cookies

“Cookies” are small files stored on users’ devices. Cookies can be used to store different information. Such information may include language settings on a web page, login status, a cart, or the location where a video was viewed.

Cookies are usually used when the interests of a user or his behaviour (e.g. viewing specific content, using functions, etc.) are stored on individual websites in a user profile. Such profiles are used to provide users with information, such as content that is appropriate to their potential interests. This is also referred to as “tracking”, i.e. tracking of the potential interests of users. The term cookies also includes other technologies that perform the same functions as cookies (e.g. if user information is stored using pseudonym online identifiers, also known as “user IDs”).

Our website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies are automatically deleted when you close the browser. This especially includes session cookies. These store a so-called session ID with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie in question. You can delete the cookies in the security settings of your browser at any time.

If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy.

Legal information: The legal basis for processing your personal data using cookies depends on whether we ask you to give your consent. If this is true and you agree to use cookies, the legal basis for processing your data is the declared consent, Article 6 para. 1 p. 1 a GDPR. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in a commercial operation of our online services and its improvement) (Art. 6 para. 1 p. 1 f) GDPR) or, if cookies are needed to fulfil our contractual obligations (Art. 6 para. 1 p.1 (b) GDPR.

Withdrawal and opposition (opt-out): Whether the processing is carried out on the basis of consent or legal authorisation, you have the option at any time of withdrawing consent granted in accordance with Article 7 para. 3 GDPR or of contradicting the processing of your data by cookie technologies under Article 21 of the GDPR (collectively referred to as “opt-out”).

You may declare your opposition by using your browser settings, such as disabling cookies (which can also limit the functionality of our online services).

An objection to the use of cookies for online marketing purposes can be made through a wide range of services, particularly in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ or, more generally, at http://optout.aboutads.info.

Processing of cookie data on the basis of consent: Before processing data in the context of the use of cookies, we ask the users to give their consent which can be revoked at any time. Before consent has been given, cookies are used which are necessary for the operation of our online services. Their use is based on our interest and the interest of users in the expected functioning of our online services.

  • Processed data types: usage data (visited web pages, content interest, access times), meta/communication data (device information, IP addresses).
  • Individuals concerned: users (site visitors, users of online services).
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a GDPR), legitimate interests (Article 6 para. 1 p. 1 lit. f. GDPR).

Contact details

When contacting us (e.g. via contact form, e-mail, telephone or social media), the information provided by the requesting persons is processed, if you agree to do so, or if necessary to respond to the contact requests and any measures requested.

Responses to contact requests in the context of contractual or pre-contractual relations shall be given either for the fulfilment of our contractual obligations or for the purpose of answering (pre)contractual requests and also on the basis of the legitimate interests in answering the questions.

  • Processed data types: inventory data (names, addresses, etc.), contact details (e-mail, phone numbers), content data (text entries, photographs, videos).
  • Individuals concerned:
  • Processing purposes: contact requests and communication.
  • Legal bases: contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. a GDPR), legitimate interests (Article 6 para. 1 p. 1 lit. f. GDPR).

Provision of online services and web hosting

In order to provide our online services safely and efficiently, we are using one or more web hosting providers whose servers (or servers they manage) can access the online services. For these purposes, we can use infrastructure and platform services, computing capacity, storage and database services, as well as guarantees and technical maintenance.

The data processed in the context of the provision of the hosting services may include any information related to the users of our online service arising from use and communication. These include:

  • name and URL of file(s) you retrieve/access
  • Date and time of the access
  • The amount of data transferred
  • Message about successful retrieval (HTTP response code)
  • Browser type and browser version
  • Operating system
  • Referrer URL (i.e. the previously visited page)
  • Websites accessed by the user’s system via our website
  • The user’s Internet service provider
  • IP address and the requesting provider

E-mail delivery and hosting: The web hosting services we have used also include the sending, reception and storage of e-mails. For these purposes, the addresses of the recipients and senders are processed, as are other information concerning e-mail (e.g. the providers involved) and the content of each e-mail.
The above data may also be processed for the purpose of detecting SPAM. Please note that e-mails are not encrypted on the Internet. Typically, while e-mails are encrypted by transport, they are not encrypted on the servers from which they are sent and received (unless the end-to-end encryption method is used). We cannot therefore take responsibility for the transmission of e-mails between the sender and the reception on our server.

  • Processed data types: content data (text input, photographs, videos), usage data (web pages visited, content interest, access times), meta/communication data (device information, IP addresses).
  • Individuals concerned: users (site visitors, users of online services).
  • Legal basis: legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR in conjunction with Art. 28 GDPR).

Newsletter

We send newsletters, emails and other electronic notifications (hereinafter referred to as “newsletters”) only with the express consent of recipients or with statutory permission. If registration for the newsletter involves a specific description of its content, then this description is the basis on which users agree to receive newsletters. In addition, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally enough to enter your e-mail address. However, we may ask you to provide a name to address you with in the newsletter, or other information if it is necessary for the purposes of the newsletter.

Double-Opt-In-Procedure: Our newsletter will be registered in principle in a double-opt procedure. This means that upon registration, you will receive an email requesting confirmation of the subscription. The confirmation is required to ensure that no one can subscribe using another person’s email address. A record of subscriptions to the newsletter is kept in order to account for the subscription process in accordance with legal requirements. The record contains the time of subscription and confirmation as well as the relevant IP address. Any changes to your data registered with the newsletter distribution platform will also be recorded.

Deletion and Limitation of Processing: We can store the e-mail addresses issued for up to three years on the basis of our legitimate interests before we delete them in order to demonstrate previous consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion can be expressed at any time, provided that, at the same time, the existence of prior consent is confirmed.

Logging of the notification procedure is based on our legitimate interests for the purpose of demonstrating that it is properly conducted. If we hire a service provider to send e-mails, we do so on the basis of our legitimate interests in an efficient and secure delivery system.

Notes on legal bases: The newsletter is sent on the basis of the recipient’s consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, provided and to the extent that this is permitted by law, e.g. in the case of existing customer advertising. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to demonstrate that it has been conducted in accordance with the law.

Content:

Information about us and our partners, our services, campaigns and offers in the field of activity of EIT Health.

Success measurement: The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file, which is retrieved from our server or, if we use a dispatch service provider, from its server when the newsletter is opened. During the download, technical information such as your browser and operating system, as well as your IP address and the time of the download, are collected.

This information is used for the technical improvement of our newsletter on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or access times. This analysis also includes determining whether newsletters are opened, when they are opened and which links are clicked. Although this information technically allows the tracking of individual newsletter recipients. Neither we nor the shipping provider, if involved, are interested in watching the behaviour of individual users. Data analysis is used to recognise patterns in the reading behaviour of users, and to adapt content accordingly or send different content according to the interests of our users.

The evaluation of the newsletter and the performance measurement are carried out, subject to the express consent of the user, on the basis of our legitimate interests for the purposes of providing a user-friendly and secure newsletter system which serves both our business interests and the expectations of the user.

A separate revocation of performance measurement is unfortunately not possible. To do this, the entire newsletter subscription must be cancelled.

  • Processed data types: inventory data (names, addresses, etc. ), contact data (e-mail, telephone numbers), meta/communication data (device information, IP addresses), usage data (websites visited, interest in content, access times).
  • Individuals concerned:
  • Purposes of processing: Direct marketing (by e-mail or postal mail).
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a GDPR), legitimate interests (Article 6 para. 1 p. 1 lit. f. GDPR).
  • Opt-out: You can cancel the subscription of our newsletter at any time, i.e. revoke your consent (Art. 7 para. 3 GDPR), or object to further receipt. (Art. 21 GDPR). You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the contact options listed above, preferably e-mail.

Presence in social networks

We maintain online presences within social networks in order to communicate with the users active there or to provide information about us there.

User data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the resulting interests of users. The usage profiles can in turn be used, for example, to display advertisements that presumably correspond to the interests of the users both within and outside of the platforms. For these purposes, cookies are usually stored on the computers of the users in which the user behaviour and the interests of the users are stored (see also above under “Cookies”). Furthermore, data can also be stored in user profiles separate from the devices used by the users (especially if the users are members of the respective platforms and are logged in).

For a detailed description of the respective forms of processing and the possibilities for objection (opt-out), we refer to the data protection declarations and information of the operators of the respective networks.

We would like to point out that requests for information and the assertion of user rights are also directed most effectively to the providers. Only the providers have access to the user data and can directly take appropriate measures as well as provide information. If you still need further assistance, you can contact us.

  • Processed data types: inventory data (names, addresses, etc. ), contact data (e-mail, telephone numbers), content data (text input, photographs, videos), usage data (visited websites, interest in content, access times), meta/communication data (device information, IP addresses).
  • Individuals concerned: users (site visitors, users of online services).
  • Purposes of processing: contact enquiries and communication, tracking (interest / behaviour related profiling, cookies), remarketing, range measurement (access statistics, recognition of returning visitors).
  • Legal basis: legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Services and service providers used:

Plug-ins and embedded functions and content

 

Our online services include functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may, for example, be graphics, videos or social media buttons as well as contributions (hereinafter uniformly referred to as “Content”).

The integration always presupposes that the third party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content or functions. We strive to only use content whose respective provider uses the IP address solely for the delivery of content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, websites to be referred to, visiting times and other information about the use of our online services, as well as may be linked to such information from other sources.

Information on legal bases: If we ask the users for their consent to the use of third party providers, the legal basis of the processing of data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Processed data types: usage data (visited websites, interest in content, access times), meta/communication data (device information, IP addresses), contact data (e-mail, telephone numbers), content data (text input, photographs, videos), inventory data (names, addresses, etc. ).
  • Persons concerned: Users (website visitors, users of online services), communication partners.
  • Purposes of processing: provision of our online services and user-friendliness, contractual services and support, contact enquiries and communication, direct marketing (by e-mail or post), tracking (interest / behaviour profiling, cookies), interest based and behaviour based marketing, profiling (creation of user profiles), security measures, administration and response to enquiries.
  • Legal basis: legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDOR), consent (Art. 6 para. 1 p. 1 lit. a GDPR), Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR).

Services and service providers used:

Plug-Ins

When using the social media plug-ins, we use the so-called two-click solution.

In other words, when you visit our site, initially no personal data is passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box above its initial letter or the logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online service. In addition, data such as the dynamic IP address, browser type and browser version are transmitted. By activating the plug-in, your personal data is transferred to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies using your browser’s security settings before clicking on the greyed-out box.

We have no influence on the data collected and data processing, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is also made for users who are not logged in, to display customised advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles. You must contact the respective plug-in provider to exercise this right. Through plug-ins, we provide you with the possibility to interact with social networks and other users, so that we can improve our service and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 clause 1 f) GDPR.

The data transfer takes place regardless of whether you have an account with the plug-in provider or are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. When activating the button and link, for example, the plug-in provider also stores this information in your user account and communicates this to your contacts publicly. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.

For more information on the purpose and extent of the data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers provided below. There you will also find further information about your rights and setting options to protect your privacy.

Videos:

We have included YouTube/Vimeo/Alugha videos in our online service, which are available athttp://www.youTube.com/ or https://vimeo.com/de/ or https://alugha.com/ and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transmitted to YouTube/Vimeo/Alugha if you do not play the videos. Only when you play the videos will the following data be transmitted. We have no influence on this data transfer.

By visiting the website YouTube/Vimeo/Alugha receive the information that you have accessed the corresponding subpage of our website. In addition, the access data mentioned above will be transmitted. This occurs regardless of whether YouTube/Vimeo/Alugha provides a user account that you are logged in to, or whether no user account exists. If you are logged into Google, your information will be directly associated with your account. If you do not want your profile to be assigned to YouTube/Vimeo/Alugha, you must log out before activating the button. YouTube/Vimeo/Alugha store your data as user profiles and use them for the purposes of advertising, market research and/or the need-based design of its website. ​Such evaluation also takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

Further information on the purpose and scope of data collection and processing by YouTube/Vimeo/Alugha can be found in their privacy statements. There you will also find further information about your rights and setting options to protect your privacy.

GOOGLE ANALYTICS

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies (see under “Cookies”). The information generated by the cookie about your use of the website is usually transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is enabled on this website, your IP address will first be truncated by Google within the Member States of the European Union or other parties to the agreement on the European Economic Area. The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases.

Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and internet usage for the website operator.

The IP address provided by your browser as part of Google Analytics will not be combined with other data from Google.

You can prevent the use of cookies by selecting the corresponding settings on your browser; however, we would like to point out that if you do this, you may not be able to fully utilise all functions provided on this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under this link.

This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are further processed in truncated form, so that reference to individuals can be ruled out. If the data collected about you is personally identifiable, it will be blocked immediately and the personal data deleted as soon as possible.

We use Google Analytics to analyse and regularly improve the function of our website. We can improve our service and make it more interesting for you as a user. Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, with regard to any personal data which are transferred to the USA. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f. GDPR.

Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions, overview of data protection, as well as the data protection declaration.

This website also uses Google Analytics for an analysis of visitor flows across all devices, that is carried out via a user ID (Google Universal Analytics). You can disable the cross-device analysis of your use in your customer account under “My Data”, “Personal Information”.

Deletion of Data

The data processed by us will be deleted in accordance with the statutory provisions as soon as their consent permitted for processing is revoked or other permissions lapse (e.g. if the purpose of processing this data has lapsed or it is not necessary for the purpose).

If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data can also be found in the individual data protection notices of this data protection declaration.

Data subject’s rights

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 GDPR:

  • You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time, which is carried out in accordance with Paragraph 6 Sec. 1 lit. e or f GDPR (Art. 21 GDPR), including profiling based on those provisions. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
  • Right of revocation for consent: You have the right to revoke consent given at any time.
  • Right of access: You have the right to obtain confirmation as to whether the data in question will be processed and to request access to this data and further information and a copy of the data in accordance with the provisions of the law(Art. 15 GDPR).
  • Right of rectification: You have the right, in accordance with the provisions of the law, to request the completion of data concerning you or the rectification of inaccurate data concerning you (Art. 16 GDPR).
  • Right to deletion and limitation of processing: You have the right, in accordance with the statutory provisions, to demand that data concerning you be deleted immediately or, alternatively, to demand a limitation of data processing in accordance with the statutory provisions (Art. 17 GDPR).
  • Right to data transfer: You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to demand that it be transferred to another responsible party (Art. 20 Abs. 1 GDPR).
  • Complaint to the supervisory authority: You also have the right, in accordance with the statutory provisions, to complain to a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place where the alleged infringement was committed, if you are of the opinion that the processing of your personal data violates the GDPR (Art. 77 GDPR). This also includes the data protection supervisory authority responsible for the person responsible: The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
    PO BOX 10 29 32, 70025 Stuttgart
    Königstraße 10a, 70173 Stuttgart, 0711/61 55 41 – 0, poststelle@lfdi.bwl.de.

Changes and updates to this Privacy Policy

We ask you to inform yourself regularly about the contents of our privacy policy. We will adapt the data protection policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.