Privacy Policy
A Information about the person in charge
I Name and contact details of the person in charge
Qualitätssicherungs-Initiative Pathologie QuIP GmbH
Managing Director: Thomas Pilz
Reinhardtstraße 1
10117 Berlin
Germany
E-Mail: office@quip.eu
Phone: +49 30 9210717-0
II Contact details of the data protection officer of the controller
Data Protection Officer: Maik Gyrnich
Reinhardtstraße 1
10117 Berlin
Germany
E-Mail: datenschutz@quip.eu
Phone: +49 30 9210717-0
B Information regarding the processing of personal data
I Use of the website for informational purposes
This data protection information applies to the following websites:
With the purely informational use of the website certain information is sent to the server of our website by the browser used on your terminal device due to technical reasons, for example your IP address. We do not process any of this information and no webserver logfiles are stored.
Data from essential cookies (at Section C) are temporarily processed on our webserver for the provision of the management functions for cookie consents for this website in order to determine when the website is called up once again whether you have granted a consent already.
II Use of web analysis technologies
Web analysis service software Google Analytics:
Is used on:
Google Analytics of Google LLC. is a tool, with which it can be measured how users interact with website contents. While a user navigates between websites Google Analytics makes JavaScript tags (libraries) available to website owners, with which information on the site can be recorded that a user viewed, e.g. the URL of the site.
The JavaScript libraries of Google Analytics use HTTP cookies in order to "note" what a user did on previous sites / interactions with the website, however ONLY after the consent was granted in the cookie settings. The Cookie Consent on the site stores which settings have been accepted, the storage duration is 1 year.
When you call up our website information on your use of our website is collected by the used web analysis to, Google Analytics, and transferred to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). There is no adequacy decision of the European Commission for the USA. The transmission is carried out on the basis of standard data protection clauses according to Art. 46 (2) (c) GDPR. Upon request we will be pleased to make a copy of these standard data protection clauses available to you.
Web analysis service software Matomo:
Is used on:
Data are collected and stored on this website by using the web analysis service software Matomo, a service of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, ("Matomo") on the basis of our legitimate interest in the statistical analysis of the user behavior for optimization and marketing purposes pursuant to Art. 6 Para. 1 lit. f GDPR. Pseudonymized usage profiles can be created and evaluated from these data for the same purpose.
This service is hosted locally and no data are transferred to the provider.
III Use of online contact forms
On the website we offer you the possibility to contact us via contact forms. We process the information communicated by you in the contact forms for processing your concern, in which the entered data are sent by mail.
When using the contact forms on the website certain information is sent to the server of our website by the browser used on your terminal device due to technical reasons, for example your IP address. Neither processing nor storage of these data take place at this point.
IV Use of the online registration form
On the website we offer you the possibility to register your institute via an online registration form for the participation in our Proficiency Tests or Digital Readout Tests. We process the information communicated by you in the registration form in particular for the following purposes:
- Processing of the registration and implementation of pre-contractual measures with your institute including pre-contractual communication,
- Fulfillment of the contract with your institute on the basis of our General Business Terms and Conditions for the Participation in Proficiency Tests including contractual communication, service exchange, invoicing and payment processing,
- Fulfillment of the contract with your institute on the basis of our General Business Terms and Conditions for the Participation in Digital Readout Tests including contractual communication, service exchange, invoicing and payment processing.
- Only with free or non-cost-covering Digital Readout Tests: Transmission to industrial sponsors
- Proper accounting and storage for the fulfillment of contractual and statutory, in particular commercial and tax law, storage obligations,
- Storage of the information for evidentiary purposes for the possible assertion, exercising or defense of legal claims.
If you grant your consent to this at the end of the registration process, we shall additionally use the email address entered by you in the registration in order to regularly send you information on updates to the program and information on Proficiency Tests by email newsletter.
When using the registration form on the website certain information is sent to the server of our website by the browser used on your terminal device due to technician reasons, for example your IP address. We process this information for the provision of the registration form on the website.
Please find detailed information in this respect below:
Details regarding the personal data that are processed
Categories of personal data that are processed | Personal data that are contained in the categories | Sources of the data | Obligation for provision of the data | Storage duration | De-registration |
---|---|---|---|---|---|
Contact person data | Details relating to your person, which you communicate to us in a registration form of the website. These include form of address, title, first name, last name, email address, password. | Users of the registration form | Provision is not stipulated by law or as per contract. There is no obligation to provide the data. The provision is necessary for the conclusion of a contract. In the event that the data are not provided we cannot process your registration. | Data are stored for the duration of the contract with your institute. We furthermore additionally store these data for evidentiary purposes for the possible assertion, exercising or defense of legal claims for a transitional period of three years from the close of the year, in which the contract was ended and in the event of possible lawsuits until they are ended. We additionally store these data in case of statutory, in particular commercial and tax law, storage obligations. Depending on the type of documents, there may be retention obligations under commercial and tax law of six or ten years (Section 147 German Fiscal Code [Abgabenordnung - AO], Section 257 German Commercial Code [Handelsgesetzbuch - HGB]. | |
Institute data | Details relating to your institute, which you communicate to us in the registration form of the website. This shall include the following obligatory details: Name of hospital, name of institute, VAT ID number, address, telephone number, email address, fax number, indication of whether the institute is active in patient care. This shall additionally include the following optional details: (deviating) billing address, certification address | Users of the registration form | The provision is not stipulated by law or as per contract. There is no obligation for provision of the data. The provision of obligatory details is necessary for the conclusion of a contract. In the event that obligatory data are not provided we cannot process your registration. | Data are stored for the duration of the contract with your institute. We furthermore additionally store these data for evidentiary purposes for the possible assertion, exercising or defense of legal claims for a transitional period of three years from the close of the year, in which the contract was ended and in the event of possible lawsuits until they are ended. We additionally store these data in case of statutory, in particular commercial and tax law, storage obligations. Depending on the type of documents, there may be retention obligations under commercial and tax law of six or ten years (Section 147 German Fiscal Code [Abgabenordnung - AO], Section 257 German Commercial Code [Handelsgesetzbuch - HGB]. | |
Newsletter-Opt-In-Data: For the consent to the sending of an e-mail newsletter, a Double-Opt-In (DOI) procedure is necessary for the evidence-proof logging of subscriptions and unsubscriptions | Log data that is generated for technical reasons when subscribing to and unsubscribing from the newsletter. These shall include date and time of registration for the newsletter, date and time of sending the registration notification in the Double-Opt-In procedure, date and time of confirmation of the registration in the Double-Opt-In procedure as well as IP address of the terminal device used for confirmation, date and time of any unsubscription from the newsletter. | Newsletter subscriptions | Provision is not stipulated by law or as per contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data are not provided we cannot make a newsletter available to you. | We will store these data as long as you are registered for our newsletter. We furthermore additionally store these data for evidentiary purposes for the possible assertion, exercise or defense of legal claims for a transitional period of three years from the close of the year in which you unsubscribed and, in the event of possible lawsuits, until they are ended. | For the unsubscription from the newsletter, you will find the following text and link at the bottom of each newsletter: If you would no longer like to receive this email (to: *********) you can cancel the order for this free of charge here. |
Registration form HTTP data | Log data that is technically generated when contact forms are called up on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This shall include IP address, type and version of your internet browser, used operating system, the called site, the previously visited site (Referrer URL), date and time when called up. | Users of the website | Provision is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data are not provided we cannot provide the called contents of the website. | Data are stored in server log files in a form, which enables the identification of the data subjects, for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). In the event of a security-relevant event server log files will be stored until the remedy and full clarification of the security-relevant event. |
Details relating to the processing of the personal data
Purpose of the processing of the personal data | Categories of personal data that are processed | Automated decision-making | Legal basis and, if applicable, legitimate interests | Recipients |
---|---|---|---|---|
Processing of the registration and execution of pre-contractual measures with your institute including pre-contractual communication. | Contact persons for data, institute data | No automated decision-making takes places | Article 6 Para. 1 f General Data Protection Regulation (balancing of interests). Our legitimate interest is the processing of your registration and the execution of pre-contractual measures with your institute. | |
Provision of our registration form on the website: For this purpose, HTTP data are processed temporarily on our web server. | Registration form HTTP data. | No automated decision-making takes places. | Article 6 Para. 1 f General Data Protection Regulation (balancing of interests). Our legitimate interest is the provision of the contents of the website called up by the user. | Hosting provider |
Fulfillment of the contract with your institute on the basis of our General Business Terms and Conditions for the Participation in Proficiency Tests including contractual communication, service exchange, invoicing and payment processing. | Contact persons for data, institute data | No automated decision-making takes places. | Article 6 Para. 1 f General Data Protection Regulation (balancing of interests). Our legitimate interest is the fulfillment of the contract with your institute. | |
Fulfillment of the contract with your institute on the basis of our General Business Terms and Conditions for the Participation in Digital Readout Tests including contractual communication, service exchange, invoicing and payment processing. | Contact persons for data, institute data | No automated decision-making takes places. | Article 6 Para. 1 f General Data Protection Regulation (balancing of interests). Our legitimate interest is the fulfillment of the contract with your institute. | |
Only with free or non-cost-covering Digital Readout Tests: Transmission to industrial sponsors If we offer Digital Readout Tests free of charge or in a manner that does not cover our costs (by charging a low registration flat rate), we can make this possible with the support of industrial sponsors. After conducting such an industry-supported Digital Readout Test we can transmit the participant data (name, institute/practice, city and country) to the respective industrial sponsor insofar as it has requested/requests the data from us for Compliance purposes. We will inform you whether with your respective Digital Readout Test such a transmission takes place and, if applicable, to whom within the scope of the registration to the respective Digital Readout Test. | Contact persons for data, institute data (from this only name, institute/practice, city and country) | No automated decision-making takes places. | Article 6 Para. 1 f General Data Protection Regulation (balancing of interests). Our legitimate interest is to enable free or as far as possible reasonably priced (and thereby non-cost-covering) Digital Readout Tests by means of support by industrial sponsors. Industrial sponsors have, if applicable, on the basis of internal Compliance Guidelines a legitimate interest to receive these data for verification of the sponsoring. | Industrial sponsors |
Guarantee of the security of the IT infrastructure used for the provision of the form, in particular for determination, remedy and documentation of interferences for the preservation of evidence (e.g. DDoS attacks): For this purpose, data are temporarily stored and evaluated in log files on our webserver. | Registration form HTTP data | No automated decision-making takes places. | Article 6 Para. 1 f General Data Protection Regulation (balancing of interests). Our legitimate interest is to guarantee the security of the IT infrastructure used for the provision of the form, in particular for determination, remedy and documentation of interferences for the preservation of evidence (e.g. DDoS attacks). | Hosting provider |
Proper accounting and storage for the fulfillment of contractual and statutory, in particular commercial and tax law, storage obligations. | Contact persons for data, institute data | No automated decision-making takes places. | Article 6 Para. 1 c General Data Protection Regulation (compliance with a legal obligation). | |
Storage and processing for evidentiary purposes for the possible assertion, exercising or defense of legal claims. | Contact persons for data, institute data | No automated decision-making takes places. | Article 6 Para. 1 f General Data Protection Regulation (balancing of interests). Our legitimate interest is the assertion, exercising or defense of legal claims. | |
Sending of the email newsletter with regular information on updates to the program and information relating to Proficiency Tests to newsletter subscribers. | Contact person data, newsletter opt-in data | No automated decision-making takes places. | Article 6 Para. 1 a General Data Protection Regulation (consent). | Email newsletter provider |
Double-Opt-In procedure to confirm the e-mail newsletter subscription: For this purpose, we send an email message with the request for confirmation to the email address entered during the registration. A subscription will only be effective when the subscriber confirms the email address by calling up the confirmation link contained in the email. | Contact person data, newsletter opt-in data | No automated decision-making takes places. | Article 6 Para. 1 f General Data Protection Regulation (balancing of interests). Our legitimate interest is the legally secure documentation of your consent to the receipt of the newsletter. | Email Newsletter Provider |
Details regarding the recipients of personal data and the transmission of personal data to third countries and/or to international organizations
Recipients | Role of the recipient | Transmission to third countries and/or to international organizations | Adequacy decision or suitable or adequate guarantees for transmissions to third countries and/or to international organizations |
---|---|---|---|
Email Newsletter Provider: CleverReach GmbH & Co. KG | Data processor | No transmission to third countries and/or international organizations takes place. | |
Hosting provider: Amazon Web Services/ Hetzner Online GmbH | Data processor | No transmission to third countries and/or international organizations takes place. | |
Industrial sponsor (We will inform you whether with your respective Digital Readout Test such a transmission takes place and, if applicable, to whom within the scope of the registration for the respective Digital Readout Test.) | Controller | No transmission to third countries and/or international organizations takes place. |
V Data processor of personal data
Please find enclosed a list of further recipients respectively data processors of personal data:
Recipient | Task/reason | Used data | Headquarters of the recipient |
---|---|---|---|
Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States | Cloud & web space for homepage quip.eu and QS Monitor | all relevant invoice and delivery data | USA There is no adequacy decision of the European Commission for the USA. The transmission is carried out on the basis of standard data protection clauses according to Art. 46 (2) (c) GDPR. Upon request we will be pleased to make a copy of these standard data protection clauses available to you. |
BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main | Payment service provider for purchase on account | all relevant invoice and bank data | Germany |
CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany | Newsletter dispatch | Name, address, email | Germany |
Datev eG, Paumgartnerstr. 6 – 14, 90429 Nuremberg | Accounting, annual financial statements and dunning process | all relevant invoice and bank data | Germany |
General Logistics Systems, Germany GmbH & Co. OHG, GLS Germany-Straße 1 – 7, 36286 Neuenstein | Shipping service provider | all relevant invoice and delivery data | Germany |
Google Analytics der Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Google") " | Web analysis service | anonymized user behavior on the website quip.eu | USA There is no adequacy decision of the European Commission for the USA. The transmission is carried out on the basis of standard data protection clauses according to Art. 46 (2) (c) GDPR. Upon request we will be pleased to make a copy of these standard data protection clauses available to you. |
Hetzner Online GmbH Industriestr. 25, 91710 Gunzenhausen | Website hosting | all relevant content of the website "quip.eu | Germany |
intertrex / messenger Express GmbH, Martin-Luther-Str. 7, 10777 Berlin | Shipping service provider | all relevant invoice and delivery data | Germany |
Smart In Media AG, Gleueler Straße 245 - 249, 50935 Cologne | Programming webshop & Zerpa (evaluation and certification tool), PD-L1 portal hosting (incl. PathoZoom). | all relevant invoice and delivery data, results of the Proficiency Tests (Details) | Germany |
Your Secure Cloud GmbH, Regensburger Str. 63, 92318 Neumarkt i.d. OPF. | Cloud- & Webspace | all relevant invoice and delivery data | Germany |
37 Grad Analyse und Beratung GmbH, Overstolzenstraße 2a, 50677 Köln | Concept, design and programming of the web presence | all relevant data for the creation of the website | Germany |
Zoom Video Communications, Inc. 55 Almaden Blvd, Suite 600 San Jose, CA 95113, USA | Registration and execution of online seminars | all relevant data for the execution of online seminars | USA There is no adequacy decision of the European Commission for the USA. The transmission is carried out on the basis of standard data protection clauses according to Art. 46 (2) (c) GDPR. Upon request we will be pleased to make a copy of these standard data protection clauses available to you. |
C Information regarding the use of cookies
We use cookies in connection with the website and the offers provided on the website.You can find detailed information in this respect below.
I General information relating to cookies
Cookies are small text files with information, which may be placed on the terminal device of the user during the visit to a website via the browser. When the website is called up once again using the same terminal device the cookie and the information stored therein can be called.
First- and Third-Party cookies
Depending on where a cookie stems from a distinction can be made between so-called First-Party cookies and Third-Party cookies:
First-Party cookies
Cookies, which are set and accessed by the operator of the website as controller responsible for the processing or by a data processor commissioned hereby.
Third-Party cookies
Cookies, which are set and accessed by other parties responsible for the processing than the operator of the website, which do not operate as data processor by order of the operator of the website.
Transient and persistent cookies
Depending on the duration of validity additionally a distinction can be made between so-called transient and persistent cookies:
Transient cookies (session cookies)
Cookies, which are erased automatically when you close your browser.
Persistent cookies
Cookies, which remain stored on your terminal device after the browser is closed for a certain period of time.
Consent-free cookies and cookies that require consent
Depending on their function and their intended use the consent of the user may be required for the use of certain cookies. Insofar a distinction can be made between cookies regarding whether the consent of the user is necessary for their use:
Consent-free cookies
Cookies, the sole purpose of which is to execute the transmission of a message via an electronic communication network.
Cookies, which are absolutely essential so that the provider of a service of the information society, which was explicitly requested by the participant or user, can make this service available ("Absolutely essential cookies")
Cookies that require consent
Cookies for all other intended uses than the aforementioned.
II Management of the cookies used on this website
Granting of a consent to the use of cookies and management of cookies via Cookie Dashboard
Insofar as the consent of the user is required for the use of certain cookies, we will only use these cookies when you use the website when you have granted your prior consent hereto. You can obtain information regarding whether a consent is necessary for the use of a cookie in the information regarding the cookies used on this website in Section C.III. Data protection information.
When you access our website, we display a so-called "cookie banner" for this purpose, in which you can declare your consent to the use of cookies on this website by pressing a button. By pressing the button provided for this purpose, you have the possibility to consent to the use of all cookies described in detail in Section C.III. of this data protection information. Alternatively, you have the possibility by clicking on the "Cookie Dashboard" button to carry out an individual selection of cookies. In the "Cookie Dashboard" of this website, you also have the option to individually adjust the selection you have made at a later point in time.
We also store your consent and, if applicable, your individual selection of cookies in the form of a cookie ("Opt-In-Cookie") on your terminal device in order to determine with a renewed call-up of the website whether you have already granted a consent. The Opt-In-Cookie has a limited duration of validity of 6 months.
Absolutely essential cookies cannot be deactivated via the cookie management function of this website. You can however generally deactivate these cookies in your browser at any time.
Management of cookies via browser settings
You can also manage the use of cookies in the settings of your browser. Different browsers offer different ways to configure cookie settings in the browser.
However, we would like to point out to you that several functions of the website will possibly not work or no longer work properly if you generally deactivate cookies in your browser.
III Cookies used on the websites
No cookies are used on the following websites:
The following cookies of Google Analytics are used on our websites:
Only applies to: www.qs-monitor-quip.eu
Designation | First Party/Third Party | Intended use and content | Duration of validity | Need for consent |
---|---|---|---|---|
_ga | Third Party | This analysis cookie of Google Analytics for making a distinction between users, which we use indirectly, for the map service on our home page. This cookie registers a clear ID, with which statistical data are generated regarding how the visitor uses the website. Partner: / Google (see in this respect Section B - V) | Persistent duration of validity: 2 years | Yes |
_gid | Third Party | This analysis cookie of Google Analytics for making a distinction between users, which we use indirectly, for the map service on our home page. This cookie registers a clear ID, with which statistical data are generated regarding how the visitor uses the website. Partner: / Google (see in this respect Section B - V) | Transistent duration of validity: Session/24 hours | Yes |
utag_main | Third Party | Is used to issue a time stamp, the number of times sites are called up and a clear ID. This information is used within our analysis tools to enrich the data collected (Tealium Inc). | Transistent duration of validity: 1 year | Yes |
_gat | Third Party | This analysis cookie of Google Analytics is used to throttle the request rate. If Google Analytics is made available through Google Tag Manager this cookie is named. | Transistent duration of validity: Session/1 minute | Yes |
AMP_TOKEN | Third Party | Contains a token, with which a Client-ID can be called from the AMP-Client-ID-Service. Other possible values are Opt-out, inflight requirement or an error when calling a Client-ID from the AMP-Client-ID-Service. | Transistent duration of validity: Session/30 seconds up to 1 year | Yes |
_gac_ | Third Party | Contains campaign-related information for the user. If you have linked your Google Analytics and Google Ads accounts, the conversion tags of the Google Ads website read this cookie unless you opt out. | Transistent duration of validity: Session/90 days | No |
__utma | First Party | Serves to make a distinction between users and sessions. The cookie is created when the Javascript library is running and there are no existing __utma cookies. The cookie is updated each time when data are sent to Google Analytics. SERVICE PROVIDER ! | Transistent duration of validity: 2 years from set / update | Yes |
__utmt | First Party | Is used to throttle the request rate. | Transistent duration of validity: 10 minutes | No |
__utmb | First Party | Is used to determine new sessions / visits. The cookie is created when the Javascript library is running and there are no existing __utma cookies. The cookie is updated each time when data are sent to Google Analytics. | Transistent duration of validity: 30 minutes from set / update | Yes |
__utmc | First Party | Is not used in ga.js. Set for interoperability with urchin.js. In the past, this cookie was executed in conjunction with the cookie to determine if the user was in a new session/visit. | Transistent duration of validity: End of the browser session | Yes |
__utmz | First Party | Stores the source of traffic or campaign, which explains how the user reached your website hat. The cookie is created when you run the Javascript library and is updated every time data is sent to Google Analytics. | Transistent duration of validity: 6 months from set / update | Yes |
__utmv | First Party | Is used for storing user-defined variable data on visitor level. This cookie is created when a developer uses the method with a user-defined variable on visitor level. This cookie was also used for the deprecated method. The cookie is updated each time when data are sent to Google Analytics. _setCustomVar_setVar | Transistent duration of validity: 2 years from set / update | Yes |
catAccCookies | Third Party | This cookie is used to store your Opt-in for cookie use. This cookie stores as values, either a "1" as consent to the cookie use or a "0", if you have not agreed to this. | Persistent duration of validity: 30 days | Yes |
mltlngg_language | Third Party | This cookie is used for the language settings of the website contents. This cookie stores as values, either "German" or "English" | Transistent duration of validity: Session/24 hours | No |
PHPSESSIONID | Third Party | This cookie is used in order to be able to recognize the user again. This cookie contains your PHP Session ID for the further processing on the website. Partner: Wordpress. | Transistent | No |
D Information regarding rights of the data subjects
As a data subject you have the following rights with regard to the processing of your personal data:
- Right of access (Article 15 General Data Protection Regulation)
- Right to rectification (Article 16 General Data Protection Regulation)
- Right to erasure ("Right to be forgotten") (Article 17 General Data Protection Regulation)
- Right to restriction of the processing (Article 18 General Data Protection Regulation)
- Right to data portability (Article 20 General Data Protection Regulation)
- Right to object (Article 21 General Data Protection Regulation)
- Right to revocation of consents (Article 7 Para. 3 General Data Protection Regulation)
- Right to lodge a complaint at the supervisory authority (Article 77 General Data Protection Regulation)
In order to exercise your rights, you can contact us under the contact information stated in Section A.
You can, if applicable, obtain information regarding possible special modalities and mechanisms, which facilitate the exercising of your rights, in particular the exercising of your rights to data portability and to object, in the information regarding the processing of personal data in Section B of this data protection information.
Please find detailed information below regarding your rights with regard to the processing of your personal data:
I Right of access
As a data subject you have under the prerequisites of Article 15 General Data Protection Regulation a right of access.
This means in particular that you have the right to request from us a confirmation regarding whether we process personal data in relation to you. If this is the case, you additionally have a right of access regarding these personal data and to the information listed in Article 15 Para 1 General Data Protection Regulation. This includes, for example, information regarding the processing, regarding the categories of personal data that are processed, as well as regarding the recipients or categories of recipients, towards whom the personal data have been disclosed or will be disclosed still (Article 15 Para.1 lit. a, b and c General Data Protection Regulation).
Please refer to Article 15 der General Data Protection Regulation for the full extent of your right of access, which you can call under this link.
II Right of rectification
As a data subject you have under the prerequisites of Article 16 of the General Data Protection Regulation a right to rectification.
This means in particular that you have the right to request from us without delay the rectification of incorrect personal data relating to you as well as the completion of incomplete personal data.
Please refer to Article 16 General Data Protection Regulation for the full extent of your right to rectification, which you can call under this link.
III Right to erasure ("Right to be forgotten")
As a data subject you have under the prerequisites of Article 17 General Data Protection Regulation a right to erasure ("Right to be forgotten").
This means that you principally have the right to request from us that personal data relating to you are erased without delay and we are obliged to erase personal data without delay insofar as one of the reasons listed in Article 17 Para. 1 General Data Protection Regulation applies. This can, for example, be the case if personal data are no longer required for the purposes, for which they were collected or processed in any other manner (Article 17 Para. 1 a General Data Protection Regulation).
Insofar as we have published the personal data and we are obliged to erase these, we are additionally obliged, by taking the available technology and the implementation costs into consideration, to take reasonable measures, also of a technical kind, to inform other controllers responsible for the data processing, which process the personal data, that a data subject has requested from them the erasure of all links to these personal data or of copies or replications of these personal data (Article 17 Para. 2 General Data Protection Regulation).
The right to erasure ("Right to be forgotten") shall not apply, as an exception, insofar as the processing is necessary for the reasons listed in Article 17 Para. 3 General Data Protection Regulation. This can, for example, be the case insofar as the processing is necessary to fulfill a legal obligation or for the assertion, exercising or defense of legal claims (Article 17 Para. 3 lit. a and e General Data Protection Regulation).
Please refer to Article 17 General Data Protection Regulation for the full extent of your right to erasure, which you can call under this link.
IV Right to restriction of the processing
As a data subject you have under the prerequisites of Article 18 General Data Protection Regulation a right to restriction of the processing.
This means that you have the right to request from us the restriction of the processing if one of the prerequisites listed in Article 18 Para. 1 General Data Protection Regulation exists. This can, for example, be the case if you dispute the accuracy of the personal data. The processing shall be restricted in this case for a duration that enables us to check the accuracy of the personal data (Article 18 Para. 1 a General Data Protection Regulation).
Restriction means the marking of stored personal data with the aim to restrict their future processing (Article 4 No. 3 General Data Protection Regulation).
Please refer to Article 18 General Data Protection Regulation for the full extent of your right to restriction of the processing, which you can call under this link.
V Right to data portability
As a data subject you have under the prerequisites of Article 20 General Data Protection Regulation a right to data portability.
This means that you principally have the right to receive the personal data relating to you, which you have made available to us, in a structured, common and machine-readable format, and you have the right to transmit these data to another controller without being impeded by us, insofar as the processing is based on a consent pursuant to Article 6 Para. 1 a or Article 9 Para. 2 a General Data Protection Regulation or on a contract pursuant to Article 6 Para. 1 b General Data Protection Regulation and the processing is carried out using an automated procedure (Article 20 Para. 1 General Data Protection Regulation).
You can obtain information regarding whether processing is based on a consent pursuant to Article 6 Para. 1 a or Article 9 Para. 2 a General Data Protection Regulation or on a contract pursuant to Article 6 Para. 1 b General Data Protection Regulation, in the information regarding the legal bases of the processing in Section B of this data protection information.
When exercising your right to data portability you additionally principally have the right to achieve that the personal data are transmitted directly by us to another controller insofar as this is technically possible (Article 20 Para. 2 General Data Protection Regulation).
Please refer to Article 20 General Data Protection Regulation for the full extent of your right to restriction of processing, which you can access at this link.
VI Right to object
As a data subject you have under the prerequisites of Article 21 General Data Protection Regulation a right to object.
We will explicitly point out your right to object as a data subject at the latest at the time of the first communication with you.
Please find detailed information in this respect below:
Right to object for reasons, which arise from the particular situation of the data subject
As a data subject you have the right to file an objection for reasons, which arise from your particular situation, at any time to the processing of personal data relating to you, which is carried out due to Article 6 Para. 1 lit. e or f General Data Protection Regulation; this also applies to profiling supported on these provisions.
You can obtain information regarding whether processing is carried out due to Article 6 Para. 1 lit. e or f General Data Protection Regulation in the information regarding the legal bases of the processing in Section B of this data protection information.
In the event of an objection for reasons, which arise from your particular situation, we will no longer process the personal data concerned, unless we can prove essential reasons for the processing that are worthy of protection, which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercising or defense of legal claims.
Please refer Article 21 General Data Protection Regulation for the full extent of your right to object, which you can call under this link.
Right to object to direct marketing
If personal data are processed in order to carry out direct marketing, then you have the right at any time to file an objection to the processing of personal data relating to you for the purpose of such marketing; this shall also apply to profiling, insofar as associated with such direct marketing.
You can obtain information regarding whether and to what extent personal data are processed in order to carry out direct marketing in the information regarding the purposes of the processing in Section B of this data protection information.
In the event of an objection to processing for the purpose of direct marketing, we will no longer process the personal data concerned for these purposes.
Please refer to Article 21 General Data Protection Regulation for the full extent of your right to object, which you can call under this link.
VII Right to revocation of consents
If the processing is based on a consent according to Article 6 Para. 1 a or Article 9 Para. 2 a General Data Protection Regulation you as a data subject according to Article 7 Para. 3 General Data Protection Regulation have the right to revoke your consent at any time. The lawfulness of the processing carried out based on the consent until the revocation will not be affected by the revocation of the consent. We will inform you hereof before submission of the consent.
You can obtain information regarding whether processing is based on a consent according to Article 6 Para. 1 a or Article 9 Para. 2 a General Data Protection Regulation in the information regarding the legal bases of the processing in Section B of this data protection information.
VIII Right to lodge a complaint at a supervisory authority
As a data subject you have under the prerequisites of Article 77 General Data Protection Regulation the right to lodge a complaint at a supervisory authority.
The responsible supervisory authority for us is:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin
German
Telephone: +49 (0)30/138 89-0
Fax: +49 (0)30/215 50 50
E-Mail: mailbox@datenschutz-berlin.de
E Information relating to the terms of the General Data Protection Regulation used in this data protection information
The terms used in this data protection information have the meaning allocated to them in the General Data Protection Regulation.
The full scope of the definitions of the General Data Protection Regulation can be found in Article 4 General Data Protection Regulation, which you can access under this link.
Please see below for more detailed information relating to the important terms of the General Data Protection Regulation used in this data protection information:
- "Personal data" describes all information, which refer to an identified or identifiable natural person ("data subject"); a natural person is considered to be identifiable, who can be identified directly or indirectly, in particular by means of allocation to an identifier such as a name, to a code number, location data, to an online identifier or to one or several special characteristics, which are an expression of the physical, physiological, genetic, mental, financial, cultural or social identity of this natural person;
- "Data subject" describes the respectively identified or identifiable natural person, to whom personal data refer.
- "Processing" describes each activity carried out with or without the help of automated processes or each such series of activities in connection with personal data, such as the collection, the entry, organization, classification, storage, adjustment or change, the read-out, querying, the use, disclosure by transmission, dissemination or any other form of the provision, comparison or the linking, restriction, erasure or destruction;
- "Profiling" describes each type of automated processing of personal data, which consists of the fact that these personal data are used to assess certain personal aspects, which refer to a natural person, in particular to analyze or forecast aspects with regard to work performance, financial situation, health, personal preferences, interests, reliability, behavior, place of abode or change in location of this natural person;
- "Controller" describes the natural person or legal entity, authority, institution or other body, which solely or together with others decides on the purposes and means of the processing of personal data; if the purposes and means of this processing are stipulated by Union law or the law of the member states then the controller respectively the certain criteria of its appointment according to Union law or the law of the member states can be envisaged;
- "Data processor" describes a natural person or legal entity, authority, institution or other body, which processes personal data by order of the controller;
- "Recipient" describes a natural person or legal entity, authority, institution or other body, to which personal data are disclosed, irrespective whether it concerns a third party or not. Authorities, which within the scope of a certain investigation order according to Union law or the law of the member states possibly receive personal data, shall however not be deemed recipients; the processing of these data by the stated authorities is carried out in line with the applicable data protection regulations pursuant to the purposes of the processing;
- "Third party" is a natural person or legal entity, authority, institution or other body, apart from the data subject, the controller, the data processor and the persons, who under the direct responsibility of the controller or the data processor are authorized to process the personal data;
- "International organization" describes an organization under international law and its subordinate bodies or all other institutions, which were created by an agreement reached between two or more countries or on the basis of such an agreement;
- "Third country" describes a country that is not a member of the European Union ("EU") or of the European Economic Area ("EEA");
- "Special categories of personal data" describes data, from which the racial and ethnic origin, political opinions, religious or ideological convictions or the union affiliation can be derived, as well as genetic data, biometric data for the clear identification of a natural person, health-related data or data relating to the sexual life or the sexual orientation of a natural person.
F Status and changes to this data protection information
This data protection information has the status April 10, 2022.
Due to further technical development and/or due to amended statutory and/or official stipulations it may be necessary to adjust this data protection information.
The respective current data protection information can be called here at any time.