Privacy Policy
Privacy Policy
1. Information on the collection of personal data and contact details of the data controller
2. Data collection when visiting our website
3. Contacting us
4. Cookies
5. Data processing for order fulfillment
6. Data processing when opening a customer account and for contract fulfillment
7. Use of your data for direct marketing
8. Use of social media: Social plugins
9. Web analytics services
10. Tools and Miscellaneous
11. Rights of the Data Subject
12. Duration of Storage of Personal Data
1. Information on the Collection of Personal Data and Contact Information of the Data Controller
1.1. Thank you for visiting our website. Below, we would like to inform you about how we handle your personal data when you use our website. Personal data is generally any data that can be used to personally identify you.
1.2. The controller responsible for data processing on our website within the meaning of the General Data Protection Regulation (GDPR) is:
Markus Paulke
BreiteStr. 15
13187Berlin
Germany
Tel: +49 (0) 30 49 768 712
Email: info@sternzeit-design.de
1.3. To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL or TLS) via HTTPS.
2. Data Collection When Visiting Our Website
Every time you visit our website, our system automatically collects data and information that your browser transmits to our server (so-called "server log files"). The following data, which is technically necessary for us, is collected in the process:
- The website we visited
- Date and time of access
- Amount of data sent in bytes
- Source/link that brought you to this page
- Operating system used
- Browser used
- IP address used (if applicable: in anonymized form)
We reserve the right to review server log files retrospectively if there are specific indications of unlawful use. The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected for the purpose of providing the website, this occurs when the respective session ends.
If data is stored in log files, this occurs no later than seven days after collection. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or anonymized so that the calling client can no longer be identified. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no right to object.
3. Initial Contact
If you contact us via the contact form, the data you enter in the form will be transmitted to us and stored. The data collected is listed in the respective form. If you contact us via email, only the data you enter in the email will be transmitted to us.
The data will be used exclusively for the purpose of handling the conversation and your inquiry. The legal basis for processing the data is Article 6(1)(a) of the GDPR, provided the user has given consent. The legal basis for processing data transmitted when sending an email is Article 6(1)(f) of the GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected and provided that no statutory retention obligations preclude this. For personal data from the contact form input field and data sent via email, this is the case when the respective conversation with the user has ended. The conversation is considered concluded when it can be inferred from the circumstances that the matter in question has been definitively resolved. The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
4. Cookies
Our website uses cookies.
Cookies are text files that are stored on the user’s device. When a user visits a website, a cookie may be stored on the user’s operating system. Some features of our website cannot be provided without the use of cookies. This requires that the browser be recognized even after the user navigates to another page. The user data collected through technically necessary cookies is not used to create user profiles. Our legitimate interest in processing personal data pursuant to Article 6(1)(f) of the GDPR is also based on the aforementioned purposes.
In addition, our website may use cookies that enable the analysis of users’ browsing behavior (so-called third-party cookies). For more information on the scope, purpose, legal basis, and options for objecting, please refer to the relevant sections of the respective chapter in this Privacy Policy.
As a user, you have full control over the use of cookies. By changing the settings in your web browser, you can disable, restrict, or delete cookies. If you disable cookies for our website, you may no longer be able to use all of the website’s features to their full extent. You can prevent the transmission of Flash cookies by changing the settings in your Flash Player.
For help with the settings, see your browser's help menu or click the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted when you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they collect and process certain user information to a specific extent, such as browser and location data as well as IP addresses. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
5. Data Processing for Order Fulfillment
5.1. If you wish to place an order in our online store, you must provide the personal information we need to process your order in order to conclude the contract. We process the information you provide to process your order.
In some cases, we work with external service providers to process your order. To do so, we must share the necessary personal data with them.
If we engage a shipping company to deliver your goods, we will share the information necessary for delivery with that shipping company. To process payments, we will share your information with the designated financial institution to the extent necessary. If we use payment service providers, you will also be informed of this below.
The legal basis for the disclosure of your data is Article 6(1)(b) of the GDPR.
5.2. Use of Payment Service Providers
5.3. Apple Pay
If you select "Apple Pay" as your payment method (a service provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), payment will be processed via the "Apple Pay" feature on your iOS, watchOS, or macOS device by charging the payment card you have on file with "Apple Pay."
Your transaction is protected by the security features of your device's hardware and software. To authorize a payment, you must enter a code and verify your identity using your device's "Face ID" or "Touch ID" feature.
The information you provide during the ordering process, along with the details of your order, will be transmitted to Apple in encrypted form for the purpose of processing your payment. Apple will then re-encrypt this data and transmit it to the payment service provider associated with the payment card stored in Apple Pay in order to complete the transaction. Encryption ensures that only the website where the order was placed can access the payment data.
After payment is made, Apple sends the device account number and a transaction-specific, dynamic security code to the store's website to confirm the payment.
The aforementioned services may involve the processing of personal data. In such cases, this is done for the purpose of payment processing in accordance with Article 6(1)(b) of the GDPR.
When you use Apple Pay on your iPhone or Apple Watch to complete a purchase that you initiated via Safari on your Mac, your Mac and the authorizing device communicate with Apple’s servers via an encrypted channel. Apple may process or store data during this process. However, this is done in a format that does not allow for your personal identification.
Information about Apple Pay's privacy policy is available here: https://support.apple.com/de-de/HT203027
5.4. Bancontact
When paying via "Bancontact" through the PayPal checkout, payment processing is handled by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").
For more information about PayPal Checkout, please see the relevant section below.
5.5. blik
When paying via "blik" through PayPal Checkout, payment processing is handled by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").
For more information about PayPal Checkout, please see the relevant section below.
5.6. Google Pay
When you select the "Google Pay" payment method (a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google")), the payment transaction is processed via the "Google Pay" app on your Android mobile device (running at least version 4.4 "KitKat") that supports NFC. Payment is made using one of the payment cards stored in Google Pay or a payment system verified there (e.g., PayPal). To authorize a payment via Google Pay exceeding 25.00 EUR, you must first unlock your mobile device. The information you provided during the order process is shared with Google for the purpose of payment processing. Google generates a one-time transaction number that is transmitted to the order website to verify the payment. This transaction number is merely a numerical token that does not contain any information about your personal data. The actual transaction is carried out between the user and the order website by debiting the payment method stored in Google Pay. Personal data may be processed during the described processes. In this case, the processing is carried out for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.
The Google Pay Terms of Service can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=deWeitere Information about Google Pay's privacy policy can be found at the following web address:https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
5.7. mybank
When paying via "mybank" through the PayPal checkout, payment processing is handled by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").
For more information about PayPal Checkout, please see the relevant section below.
- PayPal
If you select PayPal, credit card via PayPal, direct debit via PayPal, or—if available—“purchase on account” or “installment payment” via PayPal as your payment method, payment processing will be handled by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
We share your personal data with PayPal to the extent necessary, in accordance with Article 6(1)(b) of the GDPR. PayPal reserves the right to perform a credit check for the following payment methods: credit card via PayPal, direct debit via PayPal, or—if offered—“purchase on account” or “installment payment” via PayPal.
For this purpose, your payment information may be shared with credit reporting agencies in accordance with Article 6(1)(f) of the GDPR, based on PayPal’s legitimate interest in assessing your creditworthiness. PayPal uses the results of the credit check—specifically, the statistical probability of default—to determine whether to offer the respective payment method.
The credit report may contain probability values (so-called "scores"). To the extent that scores are included in the credit report, they are based on a scientifically recognized mathematical and statistical method. The calculation of these scores takes into account, among other things, but not limited to, address data.
For information on what other data PayPal collects, please refer to PayPal’s privacy policy. It can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You may object to this processing of your data at any time by contacting PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
5.8. PayPal Checkout
We use PayPal Checkout on this website (PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
PayPal Checkout is an online payment solution from PayPal that supports both PayPal payment methods and local third-party payment methods.
If you select the payment methods PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal (where available), we will share your necessary payment information with PayPal for the purpose of processing the payment. This sharing is permitted under Article 6(1)(b) of the GDPR.
For payment methods such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to perform a credit check in each case. For this purpose, PayPal may share your necessary payment information with credit reporting agencies. This processing is based on the legal basis of Article 6(1)(f) of the GDPR. PayPal has a legitimate interest in determining your creditworthiness. You may object to this processing of your data at any time by sending a message to PayPal; however, further processing of your personal data by PayPal may still be permitted if it is necessary for the contractual processing of payments.
'
If you select the "PayPal Invoice" payment method, we will first transmit your payment data to PayPal in accordance with Article 6(1)(b) of the GDPR. PayPal will then forward your data to RatePay GmbH, Ritterstr. 12-14, 10969 Berlin, for the purpose of processing the payment. RatePay will then conduct an identity and credit check on its own behalf. The legal basis for this is Article 6(1)(f) of the GDPR, which covers the legitimate interest in determining creditworthiness. For this purpose, RatePay forwards your payment data to credit bureaus in accordance with Article 6(1)(f) of the GDPR.
Ratepay has access to the following credit bureaus: https://www.ratepay.com/legal-payment-creditagencies/
If you select a local third-party payment method, we will first share your payment information with PayPal in accordance with Article 6(1)(b) of the GDPR. PayPal will then forward your payment information to the provider you have selected in order to process the payment (Article 6(1)(b) of the GDPR):
- iDeal (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- Bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- blik (Polski Standard Płatności sp. z o.o., 87A Czerniakowska St., 00-718 Warsaw, Poland)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
- MyBank (PRETA S.A.S., 40 Rue de Courcelles, F-75008 Paris, France)
For more information, please see PayPal's Privacy Policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Stripe
If you select a payment method offered by the payment service provider Stripe, payment processing is handled by Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (hereinafter referred to as "Stripe").
We transfer your personal data, along with the information regarding your order (name, address, account number, bank routing number, credit card number if applicable, invoice amount, currency, and transaction number), to Stripe in accordance with Article 6(1)(b) of the GDPR, solely for the purpose of processing your payment and only to the extent necessary.
- IMMEDIATELY
If you select the "SOFORT" payment method, the payment transaction will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as "SOFORT").
We will share your personal data, along with the information regarding your order, with SOFORT in accordance with Article 6(1)(b) of the GDPR, solely for the purpose of processing your payment and only to the extent necessary.
Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden).
SOFORT's privacy policy can be viewed here: https://www.klarna.com/sofort/datenschutz
- IMMEDIATELY
When paying via "SOFORT" through the PayPal checkout, payment processing is handled by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").
To this end, PayPal uses the services of SOFORT GmbH, Theresienhöhe 12, 80339 Munich (hereinafter "SOFORT").
For more information on data protection for PayPal Checkout, please see the relevant section below
6. Data Processing When Opening a Customer Account and for Contract Fulfilment
When you open a customer account with us, personal data is collected and processed in accordance with Article 6(1)(b) of the GDPR. The scope of the data is specified in the registration form. We store and use the data you provide for the purpose of fulfilling the contract.
You can delete your customer account at any time. You can do this by sending a message to the data controller’s address or, if available, directly through your customer account. In that case, we will also block your data in accordance with tax and commercial law retention periods and delete it once those periods have expired. This can only be prevented by your consent to permanent storage or by a legally permitted further use of your data on our part.
7. Use of Your Data for Direct Marketing
Newsletter
You can subscribe to a free newsletter on our website. When you sign up for the newsletter, the information you enter in the form is transmitted to us. The only required field is your email address. If you provide any additional voluntary information, it will be used solely to address you personally.
The legal basis for processing your data after you subscribe to the newsletter is Article 6(1)(a) of the GDPR, provided that you have given your consent. We obtain this consent by sending you a confirmation email containing a confirmation link after you subscribe to the newsletter. By clicking this link, you consent to receiving the newsletter.
When you submit your newsletter subscription request, we store your IP address as well as the date and time of your subscription. This information is stored so that we can investigate any potential misuse of your email address.
We use the data we collect when you sign up for the newsletter solely for the purpose of sending the newsletter.
You may unsubscribe from the newsletter at any time. A link for this purpose is included in every newsletter. This also allows you to withdraw your consent to the storage of the personal data collected during the registration process.
8. Use of Social Media: Social Plugins
Facebook Plugins with a 2-Click Solution
We use social plugins ("plugins") from the social network Facebook on our website
(Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) (hereinafter referred to as "Facebook").
To enhance the protection of your data when you visit our website, the plugins are integrated into our website using a so-called "2-click solution." This ensures that when you visit a page on our website that contains these plugins, no connection is established with Facebook's servers and, therefore, no data is sent. Only when you click on a plugin and thereby give your consent to the data transfer does your browser establish a direct connection to Facebook’s servers. The content of the respective plugin is then transmitted directly to your browser and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective provider or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a Facebook server. If you are logged into Facebook, the providers can immediately associate your visit to our website with your Facebook profile. If you interact with the plugins, for example by clicking the “Like” button, the corresponding information is also transmitted directly to a Facebook server and stored there. A transfer to the United States cannot be ruled out. The information is also published on the social network and displayed there to your contacts.
Data processing is based on your consent pursuant to Article 6(a) of the GDPR. You may withdraw your consent by clicking on the activated plugin again to deactivate it. Data that has already been transmitted is excluded from this.
Meta Platforms, Inc., headquartered in the United States, is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the data protection standards in effect in the EU.
For more information, please refer to Facebook's privacy policy: http://www.facebook.com/policy.phphttps://www.facebook.com/legal/EU_data_transfer_addendum
If you do not want Facebook to directly associate the data collected through our website with your profile, you must log out of Facebook before activating the plugin.
9. Web analytics services
Google Analytics 4
We use Google Analytics 4, a web analytics service provided by Google Ireland Limited Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) (hereinafter referred to as "GA4"), on our website.
Google Analytics uses "cookies." These are small text files that are stored on your device and enable an analysis of your use of the website. The information generated in this way regarding your use of this website (including the truncated IP address) is transmitted to a Google server, where it is stored and processed; this may involve a transfer to the United States. IP addresses are anonymized by default. For IPv4 addresses, the last octet is set to zero in memory, and for IPv6 addresses, the last 80 bits are set to zero, thereby “anonymizing” them. Any personal identification is excluded. A transfer to servers operated by Google LLC, headquartered in the United States, cannot be ruled out.
During your visit to the website, GA4 tracks your user behavior in the form of "events," such as: page views, first-time visits to the website, session start, your "click path," interaction with the website, scrolling, clicks on external links, internal search queries, interaction with videos, file downloads, ads viewed or clicked, and language settings. In addition, GA4 collects your approximate location (region), your IP address (in anonymized form), technical information about your browser and the devices you use (e.g., language settings, screen resolution), your internet service provider, and the referrer URL (the website or advertising channel through which you arrived at this website).
On our behalf, Google uses this information to evaluate your use of the website, compile reports on website activity, and provide us with other services related to website and internet usage. Google does not combine your anonymized IP address, collected in this context, with any other data it holds.
The data collected in this context is stored for two months.
The legal basis for the data processing described here and the use of cookies is your
Explicit consent pursuant to Article 6(1)(a) of the GDPR. This consent may be withdrawn at any time with future effect, for example by disabling this Google service via the cookie consent tool where you have already provided your consent.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You may withdraw your consent at any time with future effect. To exercise your right to withdraw consent, please disable this service using the "Cookie Consent Tool" provided on the website.
Google LLC, headquartered in the United States, is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the data protection standards applicable in the EU.
We have also entered into a data processing agreement with Google.
Further information on data protection in Google Analytics 4 can be found on the following websites:
https://policies.google.com/technologies/partner-sites
and
https://policies.google.com/privacy?hl=de&gl=de
Demographic characteristics
The "demographic characteristics" feature in GA4 can generate statistics that provide insights into the age, gender, and interests of website visitors. To do this, it analyzes third-party advertising and information to identify target audiences for specific marketing activities. However, no personal data is linked to these statistics. The data is deleted after two months.
User IDs
If we use the "UserIDs" extension feature, your activities (including conversions) can be analyzed across devices. In this case, the analysis is not pseudonymous.
This is possible provided that you have given your consent to the use of Google Analytics 4 in accordance with Article 6(1)(a) of the GDPR, have created an account on this website, and log in to that account on various devices.
Google Signals
If we use the "Google Signals" extension, we can generate cross-device reports on your usage behavior. However, we only receive statistics and no personally identifiable information. This analysis is only possible if you have enabled personalized ads in your Google Account and linked your devices to a Google Account. We also require your consent to the use of Google Analytics in accordance with Article 6(1)(a) of the GDPR. Cross-device analysis can be prevented by disabling the "personalized ads" feature in your Google Account. Further information on Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=de
10. Tools and Miscellaneous
10.1. Google reCAPTCHA
We use the reCAPTCHA feature provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in preventing abuse and spam.
reCAPTCHA is a feature designed to ensure that an entry is made by a human.
The service sends your IP address and, if necessary, other data required by Google for the reCAPTCHA service to Google.
When using Google reCAPTCHA, your personal data may also be transferred to the servers of Google LLC in the United States.
Google LLC, headquartered in the United States, is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the data protection standards applicable in the EU. You can find more information about Google's privacy policy at the following web address: http://www.google.de/policies/privacy/
10.2. Google Tag Manager
We use Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
Using Google Tag Manager, we can integrate tracking or analytics tools and other technologies into our website via tags. Tags are not code snippets that record specific activities on the website. The tags usually come from other Google programs, but can also be integrated by other companies. The tags can, for example, collect browser data, integrate buttons, or set cookies.
However, Google Tag Manager itself does not create user profiles, store cookies, or perform its own analytics; rather, it is used solely to manage and deploy the tools integrated through it.
Your IP address is collected via Google Tag Manager and may also be transferred to Google's parent company in the United States.
The legal basis for the use of Google Tag Manager is Article 6(1)(a) of the GDPR, namely your consent.
Google LLC, headquartered in the United States, is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the data protection standards applicable in the EU. You can find more information about Google's privacy policy at the following web address: http://www.google.de/policies/privacy/
11. Rights of the Data Subject
11.1. Applicable data protection laws grant you comprehensive data subject rights (rights of access and rectification) vis-à-vis the controller with regard to the processing of your personal data, about which we provide information below:
- Right of access pursuant to Article 15 of the GDPR:
You may request confirmation from the controller as to whether personal data concerning you is being processed by the controller. In addition, you have the right to obtain information regarding the purpose, the categories of personal data, the recipients, the planned duration of storage, and the existence of further rights such as the right to rectification of the data or the right to lodge a complaint with a supervisory authority; the origin of your data if it was not collected by us; the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding the logic involved, the significance of such processing for you, and the intended effects of such processing, as well as your right to be informed of the safeguards provided under Article 46 of the GDPR when your data is transferred to third countries;
- Right to rectification under Article 16 of the GDPR:
You have the right to have any inaccurate personal data concerning you corrected without delay and/or to have any incomplete personal data we hold about you completed; such corrections or additions must be made without delay.
- Right to restriction of processing pursuant to Article 18 of the GDPR:
You have the right to request the restriction of the processing of your personal data while the accuracy of your data, which you have contested, is being verified; if you object to the erasure of your data on the grounds of unlawful processing and instead request the restriction of the processing of your data; if you need your data to assert, exercise, or defend legal claims, after we no longer need this data once the purpose has been fulfilled, or if you have objected on grounds relating to your particular situation, as long as it has not yet been determined whether our legitimate grounds override yours;
If the processing of your personal data has been restricted, such data may—apart from storage—be processed only with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State. If the restriction on processing has been lifted, you will be notified by the controller before the restriction is lifted.
- Right to erasure under Article 17 of the GDPR:
You have the right to have your personal data erased without undue delay if the conditions set forth in Article 17(1) of the GDPR are met. However, this right to erasure does not apply, in particular—but not exclusively—if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
- Right to be informed under Article 19 of the GDPR:
If you have exercised your right to rectification, erasure, or restriction of processing, the controller is required to notify all recipients to whom your personal data has been disclosed of such rectification, erasure, or restriction of processing, unless this is impossible or would involve disproportionate effort. You also have the right to be informed of these recipients.
- Right to data portability pursuant to Article 20 of the GDPR:
You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transferred to another controller, provided that this is technically feasible;
- Right to withdraw consent pursuant to Article 7(3) of the GDPR:
You have the right to object at any time to the processing of your personal data carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
You also have the right to withdraw your consent under data protection law at any time, with effect for the future. Withdrawing your consent does not affect the lawfulness of any processing carried out on the basis of your consent prior to its withdrawal.
- Right to lodge a complaint under Article 77 of the GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your workplace, or the place where the alleged infringement occurred, if you believe that the processing of your personal data violates the GDPR.
11.2. Right to object
You have the right to object to the processing of your data at any time with future effect if we process your data based on our legitimate interest following a balancing of interests.
If you exercise this right to object, we will cease processing your data unless there are demonstrably compelling legitimate grounds for continuing the processing that override your objection, or unless the continued processing is necessary for the establishment, exercise, or defense of legal claims.
12. Retention Period for Personal Data
The length of time personal data is stored depends on the applicable statutory retention periods. Once these periods have expired, we routinely delete the data if it is no longer necessary for the performance or initiation of a contract and/or if we no longer have a legitimate interest in continuing to store it.