Privacy Policy

A         General

B         Definitions

C         Scope of Application

D         Data Collection and Purpose Limitation (Scope of Use)

E         Transfer of Data

F         Data Processing on Behalf of the Controller

G         Retention of Data

H         Your Rights as a Data Subject

I         Data Protection Officer

J         Changes to this Privacy Policy

K         Consideration of National Particularities

A. General

I. General Information on this Privacy Policy; Our Contact Details

The purpose of this privacy policy ("PP") of our company, Sportsbar West, Owner: Frank Laurini (also the "Controller" within the meaning of the General Data Protection Regulation, i.e. EU Regulation 2016/679 of 27 April 2016 – "GDPR"), is in particular to inform you as a data subject of data processing measures in a transparent, simple and understandable manner, among other things, about:

-           what data we collect, how and why this happens;

-           how we handle your data, where applicable also involving third parties;

-           what matters the GDPR covers;

-           what rights and options for participation you have with regard to your data and its use;

-           what rights exist on our part and how these may affect your rights.

Our contact details are as follows:

Sportsbar West

Owner: Frank Laurini

Schorlemerstr. 63

40547 Düsseldorf

Germany

Telephone: 0211 - 55 91 968

Email: kontakt@sportsbar-west.de

II. Terminology of Data Protection Law

In data protection law as well as in data protection-relevant applications, terminology is sometimes used that is not self-explanatory per se and/or has not yet entered everyday language to such an extent that knowledge of the corresponding word meaning could be expected of everyone without further ado. For this reason, we have explained some of the particularly frequently occurring terms in more detail under Section B (Definitions).

III. Our Understanding of Data Protection

Data protection is an important concern for us, and we ensure through various measures that your data is in good hands with us. The principles prescribed by the GDPR are also our own principles in dealing with your data. This includes, not least, the requirement of purpose limitation and data minimization. In this context, we regularly only request from you (or, where applicable, from third parties) that minimum amount of data which we require in order to conduct the business/customer relationship with you in accordance with recognized principles of commercial diligence/usual commercial practice and to be able to offer you excellent service. This necessity principle continues at employee level with us, i.e. in principle only those employees have access to personal data who absolutely need it for the performance of the tasks assigned to them. At the same time, we only store data for as long as this is necessary for the aforementioned purposes, unless longer retention obligations arise from statutory provisions. Another building block of our data protection system is that of technical design and organization. Through up-to-date data processing systems, other technical precautions and, where applicable, the involvement of external specialist companies, we ensure that a high level of data security is guaranteed within the company (among other things through the use of data encryption technology) and that the risk of unauthorized external access is excluded as far as possible. At the same time, data is stored in such a way that it can be easily found at any time and, if necessary, restored. In addition to the lawfulness of acquisition, it is our endeavor to make only correct data the subject of our data processing, so that we are happy to take up update notices from your side.

IV. Legal Bases

Data processing by us takes place in particular on the basis of the GDPR as well as the Federal Data Protection Act ("BDSG") and other possibly applicable provisions of Union law as well as national law in the field of data protection law, which may also include professional and other special statutory regulations. To give an example: a concrete legal basis for the collection of your data for certain purposes may, in the case of your corresponding effective consent, be Art. 6 (1) a) GDPR.

B. Definitions

Processor: an entity that processes personal data on behalf of another (namely the controller of such data), for example a data center.

BDSG: a federal law in the field of data protection, enacted on 30.06.2017 and entering into force on 25.05.2018 like the GDPR.

Legitimate interest: a legitimate interest may exist both with regard to enabling and avoiding data processing, depending on the perspective of the acting party (company) or data subject (natural person). In practice, it usually depends on whose interest prevails in the concrete situation, whereby a variety of factors (type of data, situation of its collection, purpose of use, etc.) must be taken into account in the corresponding balancing of interests, observing the fundamental rights and freedoms of the data subject.

Data subject: the person whose data are the subject of a data processing operation, here specifically: you.

Browser: a computer program for displaying websites on the World Wide Web, i.e. a kind of user interface for internet applications. Well-known examples are Microsoft Edge, Mozilla Firefox or Google Chrome.

Cookie: text information in a smaller file format which is sent via the web browser of a visited internet page to your computer (or other end device used for internet use) and stored there. If you visit the page again, this is recognized there on the basis of the cookie set, whereby, for example, certain usage preferences (such as the language setting) or interim states of previous use (such as the shopping cart of an online shop) can be activated directly.

Data processing: the use or collection of data in the broadest sense, whether automated or not, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or another form of provision, alignment or combination, restriction, erasure or destruction of data.

GDPR: a regulation of the European Union (EU 2016/679) in the field of data protection, enacted on 27.04.2016 and in effect from 25.05.2018 (with direct effect also for Germany).

Last contact: by last contact with you we mean a situation in which no contractual relationship has come about between you and us and we have not "heard" anything from you for more than 3 (three) months, whereby it does not depend on the acoustic type of contact, but any type of contact perceptible to us between you and us (for example also via email, letter or short message) is sufficient to restart the aforementioned 3-month period.

Personal data: all information relating to an identified or identifiable natural person; the latter is the case if a person can be determined, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features expressing the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of personal data: such personal data from which racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership of a natural person are revealed, as well as genetic or biometric data (with identification function), health data or data concerning the sex life or sexual orientation of the same.

Profiling: any type of automated processing of personal data for the purpose of evaluating certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of the same.

Controller: a (also non-public) entity which alone or jointly with others determines the purposes and means of the processing of personal data, here specifically: we.

Where data is referred to below, personal data is meant. The terms European Union, EU and Union are used synonymously.

C. Scope of Application

Applicability Regardless of the Nationality of the Data Subject

Data protection regulations usually have as their subject the protection of natural persons and their personal data. This is also the case with the central legislative works relevant in this context, the GDPR and the Federal Data Protection Act ("BDSG"), to which we as an international company (regularly referred to in data protection law as "controller" or "controlling entity") are subject without further ado. To date, the question of the extent to which legal persons can also claim data protection against data-processing companies has not been fully clarified. As a precaution and in the sense of a data protection-friendly stance, which also includes granting options in connection with information disclosures on your part, we in any case treat legal persons like natural persons when their personal content is affected. This is the case, for example, when it concerns the natural persons behind the legal person, i.e. when these also emerge in a recognizable manner as natural persons in company-related actions. We owe the (and other) statutory data protection requirements described here not only to German data subjects or nationals of member states of the EU, but to all persons regardless of (or whether they have any) nationality, with regard to whom we carry out (or have carried out) data processing-relevant actions in the EU, and this even if the actual processing takes place outside the EU.

D. Data Collection and Purpose Limitation (Scope of Use)

I. Type of Data Collection

Data collection is the first step and at the same time a partial aspect of data processing. It is only permissible (lawful) if the statutory requirements (in particular those of the GDPR and the BDSG) placed on measures of this type are fulfilled. In the practice of our company, the following four situations in particular may legitimize the collection of data (as well as its further processing):

(a)        there is (where applicable express) consent;

(b)        the measure is necessary either for the performance of a contract with you, or for the implementation of pre-contractual measures that take place at your request;

(c)        the measure is necessary to fulfill a legal obligation incumbent on us (e.g. a statutory retention obligation);

(d)        there is a legitimate interest in our favor which in the individual case outweighs your interests, rights, etc. of a data protection nature.

In our practice, the collection types described in more detail below occur in particular:

1. Collection from You (the "Data Subject")

We generally collect the data relevant for the purposes of our company directly from you, which can happen in different ways:

-           you contact us via the contact form on our website, in which certain basic data must be provided;

-           you contact us in another way, e.g. with an inquiry about a product, and wish to receive further information on this, which we are to send to your address;

-           you provide data to us on your own initiative – by whatever means of communication – for example in order to receive an individual offer from us based on this or to already propose a contract conclusion to us;

-           we contact you – within what is permissible under competition law – (e.g. at an information event), from which a business transaction arises for whose completion/further handling we ask you to provide us with certain data.

We generally regard the aforementioned processes as those in which either (at least tacit) consent on your part exists or the data processing is a consequence of a request originating from you involving data. Your consent is not tied to a particular form. However, since we have a duty of proof that in the case of processing of data on a consent basis consent on your part actually existed, but this cannot be directly documented in every communication situation (example: telephone conversation), it may be that we contact you again afterwards in connection with such an event and ask for formal confirmation of your consent.

2. Collection from Third Parties

In exceptional cases we also collect data relating to you (also) from third parties, whereby this, if you have not given consent for this, is only permissible if there is a legitimate interest on our part or if a statutory exception constellation exists. Such an interest may (in our favor), for example, be given if it concerns a transaction with you in which an extensive obligation to perform in advance falls / would fall to us, and we would query the assessment of your creditworthiness from a corresponding provider (such as Creditreform) in order to assess the risk associated with this. If necessary, we would also inform ourselves by consulting public registers and by means of generally accessible (public) sources (e.g. www.Bundesanzeiger.de), which would likewise fall within the area of information collection from third parties and the corresponding permissibility requirements. However, the data obtained in this way in our company never leads to automated decision-making, but is merely intended to broaden the basis of our own decision-making. If we collect data about you from third parties, we will inform you afterwards about the type and scope in accordance with the statutory requirements, and at the latest within one month of obtaining the data collected in this way. Our aforementioned duty to inform may not apply in special exceptional cases, e.g. if fulfillment of the same would be connected with disproportionate effort.

 3. Automated Data Collection

Each time content on our website is accessed, data is temporarily stored that may allow identification. The following data is stored with each page call of www.sportsbar-west.de: date and time of retrieval, name of the internet service accessed, the resource accessed and the action/query made by the client, amount of data transferred, message as to whether the retrieval was successful, IP address of the accessing computer, the latter only if a contract is concluded over the network. The stored data is collected in addition to the documentation of contract keys for the purpose of statistical evaluation of the use of the website and summarized in anonymized form. They are also used to ward off or analyze attacks on the web offering. Where applicable, cookies are also used in connection with your use of our website, for which we provide a corresponding notice directly on the website and request your consent, regarding the granting of which you are (of course) completely free. Our website in particular uses cookies for the preferred language, the preferred currency and the preferred country. You can also set your browser (you can find more on this in its "Help" menu) so that all cookies (and thus automatically also those of our website) are blocked or alternatively a notice is given each time before one is set. In this case, however, it may be that you can no longer use our website to the full extent and/or only with considerable delay and user-specific default settings for the purpose of more comfortable use (e.g. correct language setting) are no longer available. Once set cookies can, by the way, be deleted by you yourself at any time with the help of your browser. Tracking and analysis tools also use cookies. We also use such cookies. In particular, we use the following tracking and analysis tools:

Google Analytics

Web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymized usage profiles are created and cookies (see under Section 4) are used. The information generated by the cookie about your use of this website such as browser type/version, operating system used, referrer URL (the previously visited page), hostname of the accessing computer (IP address), time of the server request, is transmitted to a Google server in the USA and stored there. This data is evaluated to determine how the website is used. The evaluation is output in reports on the activities, which then again form the basis for market research. This data is then passed on to third parties insofar as this is permissible or required. However, your IP address remains anonymized and is not merged with other data from Google. Furthermore, you can prevent the installation of cookies by a corresponding setting of the browser software; however, we point out that in this case not all functions of this website may be able to be used to their full extent. Finally, you can prevent the collection of the data generated by the cookie and related to your use of the website (incl. your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de). As an alternative to the browser add-on, in particular for browsers on mobile end devices, you can also prevent collection by Google Analytics by clicking on this link. An opt-out cookie is set that prevents the future collection of your data when visiting this website. The opt-out cookie only applies in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

Google Adwords Conversion Tracking

In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. Google Adwords sets a cookie on your computer if you have reached our website via a Google ad. After 30 days these cookies lose their validity and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was forwarded to this page. Each Adwords customer receives a different cookie. Cookies can thus not be tracked across the websites of Adwords customers. The information obtained with the help of the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. The Adwords customers learn the total number of users who clicked on their ad and were forwarded to a page provided with a conversion tracking tag. However, they do not receive information with which users can be personally identified. If you do not wish to participate in the tracking procedure, you can also reject the setting of a cookie required for this – for example via browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain "www.googleadservices.com" are blocked. Google's privacy information on conversion tracking can be found here (https://services.google.com/sitestats/de.html).

4. Non-Collection of Special Data

Special categories of personal data (see Section B above) are not collected by us, and we also do not obtain express consents from you (e.g. "in advance") for this.

II. Purpose Limitation (Scope of Use), Type of Data Collected

1. Main Purposes

When we collect data, this is generally done only for operational purposes of our company, in particular ensuring:

-           proper receipt as well as placement of orders (of whatever legal nature), including their processing;

-           the possibility of creating cost estimates, offers and the like for you;

-           the formulability and execution of contracts including their payment and shipping processing;

-           compliance with our possibly existing statutory warranty obligations and any existing contractual guarantees or also the assertion of the same against third parties (e.g. our suppliers);

-           the traceability and enforcement/enforceability of our claims against customers as well as the defense of claims asserted against us (possibly also in court);

-           ensuring customer service at a high level, which you can reach and support on various paths if necessary and which can meet your high expectations of our company.

2. Secondary Purposes

In addition, it may be that your data is used for secondary purposes of our company, e.g. for:

-           determining the satisfaction of our customers with our products/services (incl. website);

-           improving our products and services (incl. website);

-           enabling the development of customized offers for the customer;

-           providing support / (where applicable) goodwill for our products/services beyond the warranty periods;

With regard to data collection/use for such secondary purposes (especially when this involves direct advertising), you may have extended rights compared to those for operational main purposes, and this even if you have expressly agreed to the data collection. Details on this can be found (among other places) in Section H XI.

3. Change of Purpose

If we wish to process your data for purposes other than those which formed the basis of their collection, and we do not have your consent for this, we only do so if the current purpose is still compatible with the original purpose.

In doing so, we carry out a comprehensive balancing of interests, which takes into account, among other things: the context of the collection at that time, the degree of connection between the collection purposes at that time and the current processing purposes, the type (sensitivity) of the data and the consequences of further processing for you as well as the existence of processing-accompanying guarantees (e.g. encryption).

4. Type of Data Collected or Stored

As data (types) collected by us and then stored, the following in particular come into consideration: your name, your address, your (other) data for facilitated contact (e.g. email and/or telephone and/or fax).

E. Transfer of Data

A transfer of data from us to third parties generally does not take place, unless this is necessary for:

- the fulfillment of operational main as well as secondary purposes, whereby such forwarding is limited to companies connected with us (parent company, subsidiary and sister companies, i.e. companies that we control or that control us or are under common control of a third party) or other companies if we are contractually connected with these in order to be able to fulfill operational purposes vis-à-vis you (e.g. subcontractors, forwarding agents, shippers);

- coordination with our (external) advisors in tax, business management and legal respects, whereby these will as a rule be persons who are already subject to a statutory duty of confidentiality on account of their professional position;

- processing of payment transactions, whether we are the paying or the party to be paid;

- enabling the assessment of the (in particular) financial risk of a contemplated or already concluded but not yet fully processed legal transaction with regard to various characteristics of the (future) contractual partner, such as creditworthiness, liquidity, payment history, etc.;

- fulfillment of public law obligations, for example upon corresponding request of an authority on the basis of relevant statutory provision.

F. Data Processing on Behalf of the Controller

Cooperation with a processor takes place. The processors are bound to our company policy by guarantee contracts.

G. Retention of Data

In accordance with the principle of storage limitation, we in principle only store your data for as long as this is necessary for the purposes for which they are/were processed. If, for example, after a contractual initiation phase no business contact with you has come about, and there is also no prospect that this will subsequently still happen within a foreseeable period, there is in any case no operational retention interest any more after expiry of the limitation period to which possible claims – whichever side they may be owed to – from a possible pre-contractual obligation relationship were subject. In some situations such a retention interest may even lapse in an even shorter time. However, we may be forced on account of statutory provisions – over which we naturally have no influence – to retain data longer than we ourselves would consider necessary. Such retention obligations arise in particular from commercial and tax law provisions, partly also from professional or other special statutory provisions, according to which, for example, every commercial/business letter, whether received or sent, must be retained (from such date) for a period of 6 years. This can, among other things, affect your erasure claim, namely postpone it for a certain period or downgrade it to a restriction claim. For more details please refer to Section H VI (below).

H. Your Rights (Rights of the Data Subject)

I. General

    1. No Exhaustive List of Your Rights within this PP, Informality

For reasons of better readability, we have not set out below every right that may or actually be due to you down to the last detail, and have also looked at which cases can practically arise for our company or for you as the data subject of the data processing to be carried out by us. The presentation here therefore has no exhaustive character with regard to the rights due to you, but is (in particular in marginal areas) supplemented by the GDPR as well as other possibly applicable legislative works. For the assertion of your rights no particular form is required, so that this can, for example, also take place by telephone or by email.

    2. Deadlines for Our Response to the Exercise of Rights by You

If you assert rights of this Section H, we will inform you without undue delay, but at the latest – subject to the following sentence – within one month of receipt of your request, how this affects your concrete case (in particular which legal consequences are possibly triggered hereby). If your request is based on a complex matter and we are at the same time confronted with a large number of requests, we are entitled to respond substantively only within a period of 3 months, whereby we will notify you of such a delay and justify it still within the aforementioned one-month period. Within one month we must also respond to you in justified form if we do not wish to act upon your request.

    3. Costs

Notification of your rights, fulfillment of other information obligations by us as well as measures taken to implement your rights are free of charge for you. Only in the case of manifestly unfounded or (in particular numerically) excessive requests are we entitled to demand an appropriate fee corresponding to the administrative effort connected with this or to refuse to process the request.

    4. Contact Details for the Assertion of Your Rights

All rights described in this Section H – with the exception of the right to lodge a complaint – are to be asserted vis-à-vis us. Below you receive our contact details for this once again:

Sportsbar West

Owner: Frank Laurini

Schorlemerstr. 63

40547 Düsseldorf

Germany

Telephone: 0211 - 55 91 968

Email: kontakt@sportsbar-west.de

II. Right of Access

You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. If this is the case, the right of access extends, among other things, to:

(a)        what type of data are processed and for what purposes this happens;

(b)        to whom data have possibly been forwarded (and what possibly required guarantees, for example in the case of third country involvement, for data protection law-compliant handling of your data were given by the recipient side);

(c)        duration – or criteria for the duration – of the (planned) storage of this data;

(d)        where applicable the origin of data (in the case of collection from third parties);

(e)        where applicable meaningful information about the (system) logic used as well as the significance and the intended effects of a data processing for you, if this was the subject of automated decision-making.

You will receive a copy of this information from us, in electronic form in the case of an electronic request on your part (i.e. in a common electronic format). For further copies we can demand an appropriate fee corresponding to the administrative effort connected with this.

III. Right to Withdraw Consent

You have the right to withdraw consent once given at any time. Such a withdrawal does not affect the lawfulness of consent-based data processing before the time of withdrawal, but has the effect that we may no longer carry out any activities regarding your data in the future if the consent withdrawn in the meantime was the only legal basis for this. This is not the case, for example, if a retention obligation still applies to us with regard to the data. The withdrawal is informal and in any case also possible in the form in which consent was previously given.

IV. Right to Rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed — including by means of a supplementary statement. If your data have been disclosed to third parties, we inform them of the data rectification, if this is not impossible or connected with disproportionate effort. At your request we name the aforementioned third parties to you.

V. Right to Erasure (also the so-called "Right to be Forgotten")

1. Erasure Claim

You can – subject to the exceptions mentioned in subsection 3 below – demand from us that we erase your personal data without undue delay if:

(a)        these (in particular their further retention) are no longer necessary in relation to the collection purposes (are);

(b)        you have withdrawn your consent in the case of consent-based data processing;

(c)        you object to further processing;

(d)        the data processing was unlawful;

(e)        erasure is required to fulfill a legal obligation under Union law or national law;

(f)         the data were collected in relation to a child (age under 16 years) in connection with information society services, whereby in this context a service as a rule rendered for remuneration is understood which is provided electronically by way of distance selling (i.e. without immediate physical contact of the parties) and on individual demand.

In the case of erasure of your data, we generally assume that you agree that we enter your name in our directory of those persons who do not wish to be (any longer) contacted by us. Thereby we minimize the chance that you will be contacted in the future, for example if your data should be newly recorded in another context. Should you not wish this, we ask for corresponding notice.

2. Extended Rights in the Case of Publication of Your Data as well as Third Party Involvement

Should we have published the data to which your erasure claim relates, we will (taking into account the available technology and the implementation costs) take reasonable measures to ensure that the controllers with regard to this data are informed that you have demanded erasure of the data (including links to and copies of these). If your data have been disclosed to third parties (in another way), we inform them of the data erasure, if this is not impossible or connected with disproportionate effort. At your request we name the aforementioned third parties to you.

3. Exceptions to the Erasure Claim

An erasure claim is due to you – where applicable also only temporarily – in particular when data processing is necessary:

(i)         for exercising the right of freedom of expression and information;

(ii)        to fulfill a legal obligation incumbent on us under Union law or national law (this can, for example, be a statutory retention obligation [before its expiry]);

(iii)        for the establishment, exercise or defense of legal claims,

            or when

(iv)       in the case of your withdrawal within the meaning of above (Section III) no other legal basis for data processing is available;

(v)        in the case of your objection within the meaning of above (Section V. 1. c) firstly overriding legitimate grounds for data processing exist and secondly your objection is not directed merely against direct advertising and thus possibly related profiling (in the latter case – direct advertising, profiling related thereto – you always have an erasure claim).

4. Erasure-Like Rights

If (at least temporarily) no erasure claim is due to you, you may nevertheless have a claim to restriction of (further) data processing by us. For more details please refer to the immediately following Section VI.

VI. Right to Restriction of Processing

If data were unlawfully collected by us and you therefore (actually) have an erasure claim, you can demand from us restriction of data processing instead of such erasure. The same applies in the case of lawfully collected data if the purpose has been fulfilled on our side in the meantime, but you need the data for the establishment, exercise or defense of legal claims. If you have objected to data processing concerning you (and we do not already have to comply with this because it is directed against direct advertising/profiling related thereto) or disputed the accuracy of data, you can demand a restriction of use of your data from us during the corresponding review phase (balancing of interests in the case of objection, examination of data for actual inaccuracy). This means that we may process the data so restricted (apart from their storage and special cases of particular public interest) only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

Even without initiative on your part, we restrict the use of your data to the aforementioned extent if the last contact with you (see Section B) dates back longer than a period of 3 (three) years plus the remainder of that year in which the last contact took place. Restriction or erasure rights possibly already arising at an earlier point in time remain unaffected hereby.

If a data restriction within the aforementioned meaning has taken place and its lifting is pending (because, for example, it could be determined that the data are not inaccurate), we will inform you before this step. If your data have been disclosed to third parties, we inform them of the data restriction, if this is not impossible or connected with disproportionate effort. At your request we name the aforementioned third parties to you.

VII. Right to Data Portability

If we process your data on the basis of consent given by you or within the framework of a contractual relationship in automated form, you can demand from us to receive the corresponding data stock in structured form in a common, machine-readable format, for example in order to forward it yourself (and without any influence by us) to another data controller. Insofar as technically feasible and it does not affect the rights of other persons, you can also demand that we forward such a data stock directly to another data controller chosen by you (e.g. a company with which you wish to conclude a contract). An erasure claim possibly additionally existing in your favor is not affected by a data portability request.

VIII. Right to Notification in the Case of Data Breach

If a situation occurs in which a high risk for your personal rights and freedoms threatens you due to a breach of the protection of data (e.g. a so-called data breach), we will notify you of this without undue delay. Such a notification contains, among other things, the data of your contact person in this matter as well as notices on the threatening breach consequences as well as the measures already taken or intended to contain the same. Such a notification may be omitted if effective containment measures have subsequently already been arranged by us such that a high risk in the aforementioned sense can no longer be assumed, if the data – in particular through technical measures (e.g. through encryption) – were already secured to a considerable extent against unauthorized access beforehand or if notification would be connected with disproportionate effort (in which case we would arrange a public announcement or measure of similar breadth of effect).

IX. Your Right Not to be Subject to Decision-Making Based Solely on Automated Processing

You have in principle (i.e. apart from special exceptional cases) the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning you or similarly significantly affects you.

X. Right to Lodge a Complaint

You can lodge a complaint about our conduct with regard to the processing of data with the competent (mentioned above in Section C II) supervisory authority at any time. Of course you can also complain to us, so that we can try to solve a problem that may have arisen together.

XI. Right to Object

If we have processed your data to safeguard our legitimate interests (or to fulfill a task carried out in the public interest), you can object to this at any time. Further processing by us is then only (still) permissible if we demonstrate reasons for the processing that are so weighty that they outweigh your interests, rights and freedoms, or if it serves the establishment, exercise or defense of legal claims. If your objection is directed against the use of your data for purposes of direct advertising/profiling related thereto, no further use/processing of your data by us will (any longer) take place to that extent. You can send us your objection in any form.

I. Data Protection Officer

There is no data protection officer for our company. Within the company your contact person is Mr. Frank Laurini, whom you can contact separately with all questions on data protection law topics concerning you in connection with the activities of our company. The company also helps you, among other things, with the effective exercise of your rights listed here under Section H vis-à-vis us. In addition, you can also contact other bodies/departments of our company at any time, where you will also be helpfully assisted with questions on the topic of data protection all around. The contact details are:

Mr. Frank Laurini

c/o ePassage24 GmbH

Andreasstrasse 21

40213 Düsseldorf

J. Changes to this Privacy Policy

This privacy policy may be changed from time to time, for example in order to adapt it to respective/advanced decision-making positions in the case law on data protection law which were not yet known/foreseeable on 25.5.2018. Any changes will be announced on our website, whereby changes of particularly serious nature will be communicated in individual form (regularly by email) to all customers/users/suppliers/other affected persons in a relevant manner, for whose contact data we still have availability at the corresponding point in time.

K. Consideration of National Particularities

Our business activities extend to many countries in Europe. Should it be the case that we owe you in that country into which our data protection-relevant activities extend, in which you are domiciled and which is at the same time a member state of the Union or the EEA (except Switzerland), a higher data protection standard under the national law there in individual points than under the GDPR, we ask you to inform us about this without undue delay as to type and scope, since we also wish to comply with this, whereby we – this only for clarification – also carry out our own research in this respect.