Data protection declaration of Pharmaserv GmbH, as of 01 October 2019

I. Name and address of the responsible body

The responsible body in accordance with the GDPR and other national data protection laws of the Member States and other provisions under data protection laws is:

• Pharmaserv GmbH
  Emil-von-Behring-Straße 76
  35041 Marburg
  Germany
   
• phone: +49 6421 39-14
  mail: info(at)pharmaserv.de
  website: www.pharmaserv.de

The data protection declaration applies to the following websites:

www.pharmaserv-shop.de
www.pharmaserv-logistics.de
 

II. Name and address of the data protection officer
The data protection officer of the responsible body is:

• Stephan Menzemer,
  acting on behalf of GvW Graf von Westphalen GmbH
   
• dataprotection@infrareal.de
   
• Postal contact details (if required for your documents):
  Stephan Menzemer
  GvW Graf von Westphalen
  Ulmenstraße 23-25
  D-60325 Frankfurt am Main

III. General information concerning data processing

1. Scope of the processing of personal data

We generally gather and use personal data of our users only to the extent that is necessary to provide a functional website, as well as functional content and services. The gathering and processing of personal data of our users generally takes place only with the consent of the user. An exception applies in such cases where the prior obtaining of consent is not possible for actual reasons and the processing of the data is permitted under statutory regulations.

2. Legal basis for the processing of personal data

Should we obtain the consent of the affected person for the processing of personal data, Article 6 Paragraph 1 Letter a) GDPR forms the legal basis of this.

When processing personal data which is necessary to fulfil a contract where the contracting party is the affected person, Article 6 Paragraph 1 Letter b) GDPR forms the legal basis of this. This also applies to processing procedures which are necessary to carry out pre-contractual measures.

Should processing of personal data be necessary in order to fulfil a legal obligation to which our company is subject, Article 6 Paragraph 1 Letter c) GDPR forms the legal basis of this.

In case that vital interests of the affected person or of another natural person make the processing of personal data necessary, Article 6 Paragraph 1 Letter d) GDPR forms the legal basis of this.

Should the processing be necessary in order to safeguard a legitimate interest of our company or of a third party and should the interests, basic rights and basic freedoms of the affected persons not outweigh our legitimate interest referred to above, Article 6 Paragraph 1 Letter f) GDPR forms the legal basis for the processing.

3. Data deletion and saving period

The personal data of the affected person will be deleted or blocked once the purpose of the saving no longer applies. Saving can also take place if this was prescribed by the European or national legislator in EU ordinances, laws or other regulations to which the responsible body is subjected. Blocking or deletion of the data also takes place if saving period prescribed by the named norms expires, unless it is necessary to continue saving the data in order to conclude a contract, to perform a contract or in order to assert, exercise or defend legal claims.

We are permitted to not delete personal data should statutory retention obligations exist or should the saving of the personal data be permitted by law.

IV. Provision of the website and creation of logfiles

1. Description and scope of the data processing

When our Internet site is accessed, our system automatically records data and information from the system of the accessing computer.
In such a case, the following data is gathered:

• Information concerning the browser type and version used
• The operating system of the user
• The Internet service provider of the user
• The IP address of the user
• Date and time of the access
• Websites from which the system of the user accessed our Internet site
• Websites accessed from the system of the user via our website

The data will also be saved in the logfiles of our system. No saving of this data together with other personal data of the user takes place.

2. Legal basis for the data processing

The legal basis for the temporary saving of the data and logfiles is Article 6 Paragraph 1 Letter f) GDPR.

3. Purpose of the data processing

The temporary saving of the IP address by the system is necessary in order to enable the delivery of the website to the computer of the user. For this purpose, the IP address of the user needs to remain saved for the duration of the session.

The saving in logfiles takes place in order to ensure the functionality of the website. In addition, the data enables us to optimise the website and to ensure the security of our technical information systems. No evaluation of the data for marketing purposes takes place during this process.

These purposes are also covered by our legitimate interest in data processing in accordance with Article 6 Paragraph 1 Letter f) GDPR.

4. Duration of the saving

The data will be deleted when it is no longer necessary in order to attain the purpose for which it was gathered. In case of the recording of the data in order to provide the website, this is the case once the respective session has ended.

In case of saving of the data in logfiles, this is the case after a maximum of seven days. It is possible for saving to take place beyond the above. In this case, the IP addresses of the user will be deleted or disguised, so that it is no longer to identify the accessing client.

5. Option to raise an objection and correction

The recording of the data in order to provide the website and the saving of the data in logfiles are absolutely necessary in order to operate the website. As a result, the user does not have the option to raise an objection.

V. Use of cookies

In the cookies of the Pharmaserv shop at www.pharmaserv-shop.de, the following data is saved and transferred:

We also use cookies on our website which enable an analysis of the surfing behaviour of the users. (See section VIII web analysis by means of Matomo, previously Piwik).The user data gathered in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the accessing user. The data is not saved together with other personal data of the users.When accessing our website, the users are informed of the use of cookies for analysis purposes via an info banner and are referred to this data protection declaration. During this process, a notice as to how the saving of cookies can be prevented in the browser settings is provided.When accessing our website, the user is informed of the use of cookies for analysis purposes and his or her consent to the processing of the personal data used in this process is obtained. During this process, a reference is also made to this data protection declaration.

a) Legal basis for the data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 Paragraph 1 Letter f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is Article 6 Paragraph 1 Letter a) GDPR, provided that the consent of the user is present in this respect.

b) Purpose of the data processing

The purpose of the use of technically necessary cookies is to simplify the use of websites for the users. Certain functions of our Internet site cannot be provided without the use of cookies. For these functions, it is necessary for the browser to be recognised again after a change to the pages visited.

The user data which is gathered by the technically necessary cookies will not be used in order to create user profiles. We use cookies as stated in Point V a.

The use of analysis cookies takes place in order to improve the quality of our website and its contents. By means of the analysis cookies, we are informed as to how the website is being used and as a result, we are able to constantly optimise our services.

These purposes are also underlined by our legitimate interest in processing the personal data in accordance with Article 6 Paragraph 1 Letter f GDPR.

c) Duration of the saving, option to object and correction

Cookies are saved on the computer of the user and transferred to our website from this. Therefore as the user, you also have full control concerning the use of cookies. By means of changing the settings in your Internet browser, you can deactivate or restrict the transfer of cookies. Any cookies which have already been saved can be deleted at any time. This can also take place automatically. Should cookies be deactivated for our website, it may be the case that certain functions of the website may no longer be able to be fully used.

VI Registration with the PHARMASERV shop at www.pharmaserv-shop.de/

1. Description and scope of the data processing

It is possible to register with the Pharmaserv shop via our website. Should a user make use of this option, the data inputted into the entry mask will be transferred to us in encrypted form. Following the transfer, the data will be sent to the relevant department by email and saved in the backend of the shop software. For example, this data includes:

• Title
• Company
• Tax number (is not saved by the shop)
• Commercial register number (is not saved by the shop)
• First name
• Surname
• Road, number
• Postcode
• Town or city
• Email address
• Telephone number

Alternatively, it is possible to make contact via the email address which has been provided. In such a case, the personal data which is transferred by email will be saved.
No data is passed on to third parties during this process. The data is only used in order to process the registration. Persons under 18 should not send any personal data to us without the agreement of their parents or guardians.

2. Legal basis for the data processing

The legal basis for the processing of the data is Article 6 Paragraph 1 Letter a) GDPR, provided that the consent of the user is present. The legal basis for the processing of the data which is transferred by email is Article 6 Paragraph 1 Letter f) GDPR. Should the purpose of the email contact be the conclusion of a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Letter b) GDPR.

3. Purpose of the data processing

The processing of the personal data from the entry mask enables us to process the registration. A registration of the user is necessary for certain contents and services to be displayed on our website. In case of making contact by email, the necessary legitimate interest is also the processing of the data here. The purpose of the other personal data which is processed during the sending process is the prevention of misuse of the registration function and ensuring the security of our technical information systems.

4. Duration of the saving

The data will be deleted once it is no longer required in order to attain the purpose for which it was gathered. For the personal data from the registration process, this will be the case when the conversation with the user has come to an end. The conversation is at an end when it can be determined from the circumstances that the customer is fully and finally no longer using the shop. Following the conclusion of a contract, it may be necessary to save personal data of the contracting partner, in order to comply with contractual or statutory obligations. The additional personal data which is gathered during the sending process will be deleted after a maximum of seven days.

5. Option to raise an objection and correction

At all times, the user has the option of revoking his or her consent to the processing of the personal data. Should the user get in touch with us by means of registration, he or she can object to the saving of his or her personal data at any time. In such a case, the conversation cannot be continued. Please send this information to info(at)pharmaserv.de. In such a case, all personal data which was saved during the registration process will be deleted.

VII Contact form and email contact

1. Description and scope of the data processing

Out Internet site contains a contact form and/or a "telephone service" form, which can both be used in order to get in touch with us electronically. Should a user make use of this facility, the data inputted in the entry mask will be transferred to us in encrypted form. Following the transfer to the responsible body by email, the data will no longer be saved on the website. For example, this data includes:

• Topic
• Company
• Function
• First name
• Surname
• Road, number
• Postcode
• Town or city
• Email address
• Telephone number
• Message

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this data protection declaration.
Alternatively, it is possible to get in touch via the provided email address. In such a case, the personal data of the user which has been transferred with the email will be saved.
No forwarding of the data to third parties takes place during this process. The data will only be used in order to process the conversation. Persons under 18 should not send us any personal data without the consent of their parents or guardians.

2. Legal basis for the data processing

The legal basis for the processing of the data is Article 6 Paragraph 1 Letter a) GDPR, provided that the consent of the user is present. The legal basis for the processing of the data which is transferred during the sending of an email is Article 6 Paragraph 1 Letter f) GDPR. Should the purpose of the email contact be the conclusion of a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Letter b) GDPR.

3. Purpose of the data processing

The processing of the personal data from the entry mask merely enables us to process the contact initiation. In case of contact initiation by email, this also represents the necessary legitimate interest in the processing of the data. The purpose of the other personal data processed during the sending process is to prevent misuse of the contact form and to ensure the security of our technical information systems.

4. Duration of the saving

The data will be deleted, once it is no longer necessary in order to attain the purpose for which it was gathered. For the personal data from the entry mask of the contact form and for the personal data which was sent by email, this is the case if the respective conversation with the user has come to an end. The conversation is at any end if it is clear from the circumstances that the matter at hand has been fully and finally clarified. The additional personal data which is gathered during the sending process will be deleted after a maximum of seven days.

5. Option to raise an objection and correction

At all times, the user has the option to revoke his or her consent to the processing of the personal data. Should the user get in touch with us by email, he or she can object to the saving of his or her personal data at any time. In such a case, the conversation cannot be continued. Please send this information to info(at)pharmaserv.de. All personal data which was saved in the course of the contact initiation will be deleted in such a case.

VIII Web analysis by Matomo (formerly Piwik)

1. Scope of the processing of personal data

We use the open software tool Matomo (formerly Piwik) on our website in order to analyse the surfing behaviour of our users. The software sets a cookie on the computer of the user (see point V above in relation to cookies). Should individual pages of our website be accessed, the following data will be saved:

Two bytes of the IP address of the accessing system of the user:

• The website accessed
• The website from which the user was directed to the website (referrer)
• The sub pages which were accessed from the website
• The duration of the visit to the website
• The frequency of the accessing of the website
• Thereby the software runs exclusively on the servers of our website. Personal data of the users is only saved there. No passing on of the data to third parties takes place.
• The software is set in such a way that the IP addresses are not saved in full, rather 2 bytes of the IP address are masked (for example 192.168.xxx.xxx). In this way, it is not possible to assign the shortened IP address to the accessing computer.

2. Legal basis for the processing of personal data

The legal basis for the processing of the personal data of the users is Article 6 Paragraph 1 Letter f) GDPR.

3. Purpose of the data processing

The processing of the personal data of the users enables us to analyse the surfing behaviour of our users. By means of the evaluation of the data which is acquired, we are in the position of being able to compile information concerning the use of the individual components of our website. This helps us to constantly improve our website and its user friendliness. These purposes also represent our legitimate interest in the processing of the data in accordance with Article 6 Paragraph 1 Letter f) GDPR. By means of the anonymisation of the IP address, the interest of the user in the protection of his or her personal data is sufficiently safeguarded.

4. Duration of the saving

The data will be deleted, once it is no longer required for our recording purposes.
In our case, this is so after 6 months.

5. Option to raise an objection and correction

Cookies are saved on the computer of the user and transferred from this to our website. Therefore, as the user you have full control concerning the use of cookies. By means of altering the settings in your Internet browser, you can deactivate or restrict the transfer of cookies. Cookies which have already been saved can be deleted at any time. This can also take place automatically. Should cookies be deactivated for our website, it is possible that some functions of the website may not be able to be used in full.

On our website, we offer our users the option of opting out of the analysis procedure. In order to do this, you need to follow the corresponding link in the legal notice. In this way, an additional cookie is set in your system, which instructs our system not to save the data of the user. Should the user delete the corresponding cookie from his or her own system in the meantime, he or she needs to reset the opt out cookie.

You can find further information concerning the private sphere settings of the Matomo software via the following link: matomo.org/docs/privacy/.

IX. Use of Google Analytics with anonymisation function

Our website uses the web analysis service Google Analytics. This is provided by Google Ireland (‘Google’) Gordon House, Barrow Street, Dublin 4, Ireland. (https://about.google/intl/en/)

Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and make it possible to analyse your website use. The information generated by the cookies regarding your use of our website (e.g. your IP address and when, where and how often you access our websites) is usually transmitted to a Google server in the USA and stored there.

In order to ensure that your IP address cannot be used to identify you personally, it is shortened immediately after capture (e.g. by erasing the last 8 bits) and thus anonymised. IP anonymisation is used in all European Union member states and all other signatory states to the European Economic Area. You will find further information about IP anonymisation and Google’s use of data at https://support.google.com/analytics/answer/2763052

Browser add-on

You can prevent cookies from being stored by adjusting your browser software settings accordingly. However, please note that if you do so, you may not be able to use all the functions on this website in full. You can also prevent the data generated by the cookies regarding your website use (including your IP address) from being collected and processed by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the link above. This will install an opt-out cookie which will prevent your data from being collected on future visits to this website. Further information about data privacy and security in connection with Google Analytics is available at the following link on the Google Analytics help page: https://support.google.com/analytics/answer/6004245?hl=en

X. Google Adwords conversion tracking

We also use Google conversion tracking to collect statistics relating to the use of our website and to evaluate these for the purpose of optimising our website. If you access our website by clicking on a Google ad, Google Adwords will store a cookie on your computer. These cookies expire after 30 days and are not used to identify you personally. If the user visits certain pages on the Adwords client's website and the cookie has not yet expired, Google and the client can see that the user has clicked on the ad and was forwarded to the page.

Each Adwords client receives a different cookie. This means that cookies cannot be tracked through the websites of Adwords clients. The information obtained with the help of conversion cookies is used to generate conversion statistics for Adwords clients who have decided to use conversion tracking. The Adwords clients receive information regarding the total number of users who clicked on their ad and were forwarded to a page furnished with a conversion tracking tag. However, they do not receive information which would enable them to identify users personally.

If you do not wish to participate in the tracking procedure, you can refuse the cookie which has to be installed for this purpose, e.g. by setting your browser to deactivate automatic cookie installation. You can also deactivate conversion tracking cookies by adjusting your browser to block cookies sent from the domain “www.googleadservices.com”. Google’s data protection declaration for conversion tracking is available at the following link: https://services.google.com/sitestats/en.html

XI. Integration of YouTube videos

We have integrated YouTube videos into our website which are stored on www.YouTube.com and can be played directly from our website. These are all integrated in “enhanced data protection mode” so that none of your data is transmitted to YouTube if you refrain from playing the videos. Only when you play the videos is the data mentioned in the next paragraph transmitted. We have no influence over this data transmission.

When you visit the website, YouTube receives the information that you have accessed the corresponding subpage on our website. Moreover, the data specified in section III of this declaration is transmitted. This happens regardless of whether you are logged into a YouTube account or whether you have no user account. If you are logged in to Google, your data is assigned directly to your account. If you do not wish it to be assigned to your YouTube profile, you must log out before clicking the button. YouTube stores your data in the form of usage profiles and uses it for purposes of advertising, market research and/or to display the website as required. In particular, the data is evaluated (even for users who are not logged in) to provide demand-oriented advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these usage profiles and must contact YouTube if you wish to exercise it.

You will find further information about the scope and purpose for which your data is collected and processed by YouTube in the data protection declaration. This also contains additional information on your rights and the ways in which you can adjust your settings to protect your privacy:

www.google.de/intl/en/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

XII Google Maps

This website uses the product Google Maps, which is provided by Google Inc. By means of your use of this website, you are declaring your agreement to the recording, processing and use of automatically gathered data by Google Inc., its representatives and also third parties. The terms and conditions of use of Google Maps can be found under "terms and conditions of use of Google Maps".

XIII Google Web Font

This site uses so-called web fonts provided by Google in order to display fonts in a unified manner. When accessing a page, your browser loads the required web fonts into its browser cache, in order to correctly display texts and fonts. Should your browser not support Web Fonts, a standard font will be used by your computer. You can find further information relating to Google Web Fonts at https://developers.google.com/fonts/faq and in the data protection declaration of Google: https://www.google.com/policies/privacy/

XIV LinkedIn Insight Tag

This website uses the Insight tag from LinkedIn. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data processing by LinkedIn Insight tag

We use the LinkedIn Insight tag to obtain information about visitors to our website. Once a website visitor is registered with LinkedIn, we can analyze the key occupational data (e.g., career level, company size, country, location, industry, job title) of our website visitors to help us better target our site to the relevant audience. We can also use LinkedIn Insight tags to measure whether visitors to our websites make a purchase or perform other actions (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also features a retargeting function that allows us to display targeted advertising to visitors to our website outside of the website. According to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser characteristics and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data will then be deleted within 180 days.

The data collected by LinkedIn cannot be assigned by us as a website operator to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own promotional activities. For details, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis

The use of LinkedIn Insight is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs.

Objection to the use of LinkedIn Insight Tag

You can object to LinkedIn’s analysis of user behavior and targeted advertising at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. In addition, LinkedIn members can control the use of their personal information for promotional purposes in the account settings. To prevent LinkedIn from linking information collected on our site to your LinkedIn account, you must log out of your LinkedIn account before you visit our site.

XV Rights of the affected person

Should personal data relating to you be processed, you are an affected person as defined under the GDPR and you have the following rights in relation to the responsible body:

1. Right of information

You can request confirmation from the responsible body whether personal data which relates to you is processed by us.

Should such processing be taking place, you can request the following information from the responsible body:

• The purposes for which the personal data is being processed;
• The categories of personal data which are being processed;
• The recipients and/or categories of recipients in relation to whom the personal data concerned was disclosed or will be disclosed in the future;
• The planned duration of the saving of the personal data relating to you or, should it not be possible to provide concrete information in this respect, criteria for determining the duration of the saving of the personal data;
• The existence of the right to correction or deletion of the personal data relating to you, the right to restriction of processing by the responsible body or the right to object to this processing;
• The existence of the right to complain to a supervisory authority;
• All available information concerning the origin of the data, should the personal data not be gathered from the affected person;

The existence of automated decision making, including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and, at least in these cases, comprehensive information concerning the involved logic and the breadth and intended effects of such processing for the affected person.

You have the right to request information as to whether personal data relating to you is being transferred to a third country or to an international organisation. In this respect, you can request to be informed of the suitable guarantees in connection with the transfer as prescribed under Article 46 GDPR.

2. Right to correction

You have the right to correction and/or completion in relation to the responsible body, should the personal data relating to you which is being processed be incorrect or incomplete. The responsible body must carry out the correction immediately.

3. Right to restriction of the processing

Under the requirements below, you can request the restriction to the processing of the personal data relating to you:

• Should you dispute the correctness of the personal data relating to you for a period of time which enables the responsible body to check the correctness of the personal data;
• Should the processing be unlawful and should you reject the deletion of the personal data and instead request that the use of the personal data be restricted;
• The responsible body no longer requires the personal data for the purpose of the processing, however you require the data in order to assert, exercise or defend legal claims or
• If you have raised an objection to the processing in accordance with Article 21 Paragraph 1 GDPR and it is not yet clear whether legitimate reasons on the part of the responsible body outweigh your reasons.
• Should the processing of the personal data relating to you be restricted, then apart from its saving, this data may only be processed with your consent or in order to bring, exercise or defend legal claims, to protect the rights of another natural or legal person, or for reasons connected to an important public interest of the EU or a Member State.
• Should the restriction of the processing in accordance with the requirements above be limited, you will be notified by the responsible body before the restriction is lifted.

4. Right to deletion

a) Deletion obligation

You can request that the responsible body immediately deletes the personal data relating to you and the responsible body is obliged to immediately delete this data if one of the following reasons is present:

• The personal data relating to you is no longer required for the purposes for which it was gathered or otherwise processed.
• You revoke you consent on which the processing in accordance with Article 6 Paragraph 1 Letter a) or Article 9 Paragraph 2 Letter a) GDPR was based and no other legal basis for the processing is present.
• You raise an objection to the processing in accordance with Article 21 Paragraph 1 GDPR and there are no legitimate reasons for the processing which take priority or you raise an objection to the processing in accordance with Article 21 paragraph 2 GDPR.
• The personal data relating to you has been processed unlawfully.
• The deletion of the personal data relating to you is necessary in order to fulfil a legal obligation under EU law or the law of the Member States to which the responsible body is subject.
• The personal data relating to you was gathered in relation to the services of the information company which are offered in accordance with Article 8 Paragraph 1 GDPR.

b) Information to third parties

Should the responsible body have made the personal data relating to you public and should it be obliged to delete this in accordance with Article 17 Paragraph 1 GDPR, taking the available technology and implementation costs into account, it shall take reasonable measures, also of a technical nature in order to inform the responsible bodies who process the personal data that you as an affected person have requested from them the deletion of all links to the said personal data or the deletion of copies or reproductions of the said personal data.

c) Exceptions

The right of deletion does not exist, should the processing be necessary

• In order to exercise the right of freedom of opinion and information;
• In order to fulfil a legal obligation which requires the processing in accordance with EU law or of the Member States to which the responsible body is subject or in order to fulfil a task which is in the public interest or takes place in the exercising of public power which has been assigned to the responsible body;
• For reasons connected to the public interest in the area of public health in accordance with Article 9 Paragraph 2 Letter h) and Article 9 Paragraph 3 GDPR;
• In order to assert, exercise or defend legal claims.

5. Right to be informed

Should you have claimed the right of correction, deletion or restriction to the processing against the responsible body, it is obliged to inform all recipients to whom the personal data relating to you was disclosed of this correction or deletion of the data or restriction of the processing, unless this is shown to be impossible or would lead to disproportionately high expense. In relation to the responsible body, you have the right to be informed of these recipients.

6. Right of data transferability

You have the right to receive the personal data which you have provided to the responsible body in a structured, current and machine-readable format. In addition, you have the right to transfer this data to another responsible body without hindrance by the responsible body to whom the personal data was provided, should:

• The processing be based on consent in accordance with Article 6 Paragraph 1 Letter a) GDPR or Article 9 Paragraph 2 Letter a) GDPR or based on a contract in accordance with Article 6 Paragraph 1 Letter b) GDPR and
• The processing takes place with the assistance of automated procedures.
• Furthermore, when exercising this right you have the right to make sure that the personal data relating to you is transferred directly to another responsible body by a responsible body, should this be technically possible. Freedoms and rights of other persons may not be impaired as a result.
• The right of data transferability does not apply to processing of personal data which is necessary in order to carry out a task which is in the public interest or takes place in the course of exercising of official powers which have been assigned to the responsible body.

7. Right of objection

For reasons connected to your specific situation, you have the right to submit an objection at any time to the processing of the personal data relating to you which takes place under Article 6 Paragraph 1 Letter e) or f) GDPR; this also applies to profiling based on these provisions.

The responsible body will no longer process the personal data relating to you, unless it can provide proof of mandatory protectable reasons for the processing which outweigh your interests, rights and freedoms or the processing serves the purpose of asserting, exercising or defending legal claims.

Should the personal data relating to you be processed in order to carry out direct advertising, you have the right to raise an objection to the processing of the personal data relating to you for the purpose of such advertising at any time; this also applies to the processing, should it be connected to the direct advertising.

Should you object to the processing for the purpose of direct advertising, the personal data relating to you will no longer be processed for these purposes.

You have the option of exercising your right of objection by means of automated procedures in relation to the use of services of the information company where technical specifications are used, regardless of Directive 2002/58/EC.

8. Right to revoke the declaration of consent under data protection laws

You have the right to revoke your declaration of consent under data protection laws at any time. By means of the revocation of the consent, the lawfulness of the processing which took place prior to the issuing of the revocation will not be affected.

9. Automated decision making in individual cases, including profiling

You have the right not to be subject to a decision which is based solely on automated processing, including profiling, which has a legal effect on you or significantly impacts you in similar ways. This does not apply if the decision:

• Is necessary in order to conclude or fulfil a contract between yourself and the responsible body;
• Is permitted under legal regulations of the EU or the Member States to which the responsible body is subject and these legal regulations contain reasonable measures for safeguarding your rights and freedoms, as well as your legitimate interests or
• Takes place with your express consent.
• However, these decisions may not relate to special categories of personal data in accordance with Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 Letter a) or Letter g) applies and reasonable measures for the protection of the rights and freedoms, as well as your legitimate interests were taken.
• In relation to the cases named in (1) and (3), the responsible body will take reasonable measures in order to safeguard the rights and freedoms, as well as your legitimate interests, whereby as a minimum this includes the right to have a person of the responsible body intervene, to set out one's own opinion and to contest the decision.

10. Right to complain to a supervisory authority

Regardless of other legal remedies under administrative law or before a court, you have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, place of work or location of the alleged breach, should you be of the opinion that the processing of the personal data relating to you breaches the GDPR.

The supervisory authority to whom the complaint was filed will inform the complainant of the status and results of the complaint, including the possibility of recourse to the courts in accordance with Article 78 GDPR.