The data protection policy of Sotheby’s International Realty complies with the requirements of the European Union’s General Data Protection Regulation (GDPR), which specifies the conditions under which personal data on this website is processed. You can use our website without providing any personal data. In order to do so, you may need to configure your browser in such a way that certain functions on our website may not be available. Insofar as you do use specific functions of our website, these may involve the transfer of personal data. Details of which data we collect and process, and why, can be found in the following data protection policy.

We use the following terms in this data protection statement:

  • Data controller: The legal representative of Sotheby’s International Realty name in the Legal Notice of this website
  • Personal data: Any information relating to an identified or identifiable natural person under the meaning of Article 4 of the GDPR
  • Processing: Any operation involving personal data and carried out with or without the aid of automated processes, including the collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, search, use, disclosure by transfer, dissemination, comparison or association, erasure or destruction.
  • Consent: Unambiguous expression by the data subject indicating consent to the processing of personal data.
  • Erasure: The complete and irreversible deletion of personal data
  • Restriction of processing: Limitation of the processing of personal data insofar as this does not violate statutory retention periods or potential legal claims prevent the data controller from erasing the personal data.
  • Recipient: The natural or legal person to whom personal data are transferred.

Name and address of the data controller

The data controller under the meaning of the General Data Protection Regulation is:
Sylt Sotheby´s International Realty
Immobilien Team Sylt GmbH & Co.KG
Alte Tenne, Keitumer Chaussee 10
25980 Sylt OT Westerland

Represented by the Managing Director: Susanne Zimmermann
+49 (0) 4651 886 12-0
office@sylt-sothebysrealty.com
www.sylt-sothebysrealty.com

Name and address of the data protection officer

The data protection officer appointed by the data controller is:
Sven R. Johns, Rechtsanwalt c/o Johns Datenschutz UG An der Kolonnade 11, 10117 Berlin
office@datenschutz.immobilien www.datenschutz.immobilien

General principles for data processing

Scope of processing of personal data

We process the personal data of our users only to the extent necessary to provide a functioning website, web content and services. We only process our users’ personal data with their consent. An exception to this general principle applies, for example, in cases in which it is not possible to obtain prior consent and the processing of the data is permitted by statutory provisions.

Legal basis for processing of personal data

We process personal data for specific purposes, providing that data subjects have given us their consent to do so in accordance with Article 6.1.a of the GDPR.

Insofar as the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, in the case of processing that is necessary for the delivery of goods or the provision of services or considerations, the legal basis for processing is based on Article 6.1.b of the GDPR. The same applies to processing required in order to take steps prior to entering into a contract.

Insofar as our company is subject to a legal obligation which requires the processing of personal data, the legal basis for processing is provided by Article 6.1.c of the GDPR.

Insofar as the processing of personal data may become necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis for data processing is provided by Article 6.1.d of the GDPR.

We may also process data for the purposes of a legitimate interest pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. The legal basis for such processing is provided by Article 6.1.f of the GDPR.

Partnerships with third-parties

For the processing of personal data, it may be necessary to transfer data to third parties. These third parties may also include our contract processors. In such cases, data will only ever be transferred on the basis of statutory approval, consent granted by a data subject, a legal obligation to do so, or our legitimate interests pursuant to Article 6.1.f of the GDPR. Insofar as third parties receive personal data from us on the basis of an order processing contract, this transfer is carried out in accordance with Article 28 of the GDPR.

Processing in third countries

Personal data may potentially be transferred to third countries, including outside the EU, in the course of processing. Should this be the case, this will be done on the basis of our legitimate interests, your consent as a data subject, or in fulfilment of existing (pre)contractual obligations or legal requirements. Insofar as processing takes place in third countries, it is done so in accordance with Article 44 of the GDPR, i.e. on the basis of special guarantees of compliance with the level of data protection applicable in the EU, which is the case in the United States, for example, through the Privacy Shield, or by observing special contractual obligations.

Data erasure and storage periods

Your personal data will be erased or blocked as soon as the purpose for storage no longer applies. Beyond this, data may be stored insofar as European or national legislators have provided for this in Union regulations, laws or other provisions to which the data controller is subject. Data shall also be erased or blocked insofar as a statutory or legally proscribed storage period expires, unless further storage is necessary for the conclusion of a contract, the fulfilment of a contract, or for the fulfilment of another legal obligation.

Provision of the website and creation of log files

Description and scope of data processing

Each time you access our website, our system automatically collects data and information from the computer system you are using to access our website.

The following data is collected:

  1. Information about your browser and browser version
  2. Details of your operating system
  3. Details of your internet service provider
  4. Your IP address, and possible previously visited web pages
  5. The date and time you accessed our website
  6. Referring websites from which your system accessed our website
  7. Linked websites you access through our website

These data are also stored in the log files of our system. These data are not stored with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6.1.f of the GDPR.

Purpose of data processing

The temporary storage of your IP address is necessary as it enables us to provide our website on your computer. For this reason, we need to be able to store your IP address for the duration of your session.

These data are stored in temporary log files to ensure the functionality of our website. These data are also used to optimise our website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. In this case, we process personal data for the purpose of pursuing a legitimate interest pursuant to Article 6.1.f of the GDPR.

Data storage periods

Personal data is deleted as soon as the data are no longer required to achieve the purpose for which they were collected. In the case of the collection of data to provide our website, this is the case when the user’s website session has ended.

Insofar as the data are stored in log files, this data is deleted after seven days at the latest. In exceptional cases, longer storage periods are possible. In such a case, the user’s IP addresses will be deleted or anonymised, thereby making it impossible for us to associate this data with an individual website user.

Your rights to object and erasure

The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

Hosting services

In order to provide this website and related services, we use hosting services provided by a partner (third party and data recipient). During hosting, personal data are processed, in particular data from log files and cookies, but also communication data provided by data subjects via contact forms, etc. Such data are processed in order to provide the online service. This also constitutes our legitimate interest in the processing of personal data pursuant to Article 6.1.f of the GDPR. These data are deleted as soon as they are no longer required for the provision of the offer.

In this case, data subjects do not have the possibility to object to the processing of their data. We have an agreement with the partner pursuant to Article 28 of the GDPR.

Cookies

Description and scope of data processing

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user visits our website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified whenever the user accesses our website from the same computer system.

We use cookies to offer users the best possible experience on our site. Some elements of our website require that the user’s browser/computer system can be identified even after a page change.

If you do not want cookies to be stored, you can deactivate cookies by selecting the appropriate setting in your own internet browser. Please note that if you choose to deactivate cookies, you may not be able to use all of the functions of our website to their full extent.

The data stored and transmitted in cookies includes, but are not limited to:

  1. Language settings
  2. Items in the shopping basket
  3. Log-in information

Insofar as non-technical cookies are used:
We also use analytical cookies on our website to analyse the surfing behaviour of our users.

The following are examples of the types of data collected by analytical cookies:

  1. Search terms
  2. Frequency of page views
  3. Use of website functions

We use technical measures to pseudonymise the user data collected by analytical cookies. This means that the data do not allow identification of particular individuals. The data are not stored together with other personal data.

When accessing our website, users are informed via an information banner about the use of analytical cookies and referred to this data protection policy. Thus, users are also informed of their options to refuse the storage of cookies via their browser’s settings.

When accessing our website, users are informed about the use of analytical cookies and asked to grant consent to the processing of the personal data for analytical purposes. At the same time, users are also referred to this data protection policy.

Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6.1.f of the GDPR.

The legal basis for the processing of personal data using technically necessary cookies is Article 6.1.f of the GDPR.

The legal basis for the processing of personal data using analytical cookies is Article 6.1.a of the GDPR, provided the user has consented.

Purpose of data processing

We use technically necessary cookies to simplify the use of our website for users. Some functions of our website require the use of technical cookies. Such functions can only be provided if the user’s browser can be recognised even after a page change.

Cookies are necessary for a number of website’s functions and applications, including:

  1. Shopping Cart
  2. Acceptance of language settings
  3. Storage of search terms

User data collected by technical cookies are not used to create user profiles.

Analytical cookies are used to improve the quality of our website and its content. Analytical cookies allow us to better understand how our website is used and enable us to continually optimise our services.

This represents a legitimate interest in the processing of personal data pursuant to Article 6.1.f of the GDPR.

e) Storage periods, rights to object and erasure

Cookies are stored on your computer and transmitted to our site by your computer system. Therefore, you as a user have full control over the creation, storage and deletion of cookies. You can block or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. Please note that if you choose to deactivate cookies, you may not be able to use all of the functions of our website to their full extent.

You cannot prevent the transfer of data via Flash cookies via your internet browser’s settings. In order to do this, you will have to change the settings in your computer system’s Flash Player.

Contact form, email contact, frames and links

Description and scope of data processing

Various pages of our website feature a contact form, which can be used to contact us electronically. If you use our contact form, the data entered in the input mask will be transferred to us and stored. These data include your first name and last name, your email address, IP address and the date and time of your enquiry.

Your consent for the processing of these data is obtained during the sending process and reference is made to this data protection policy.

You can also contact us via our specified email address. In this case, we will store the personal data you send us in/with your email.

These data may be processed using a customer relationship management system or a comparable digital system.

Legal basis for data processing

The legal basis for the processing of the data is Article 6.1.a of the GDPR, provided the user has given consent.

The legal basis for the processing of data transferred in the course of sending an email is Article 6.1.f of the GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Article 6.1.b of the GDPR.

Purpose of data processing

The processing of the personal data from the integrated contact form serves us exclusively for the processing of the creation of contact. If you contact us by email, this also serves as the necessary legitimate interest in the processing of the data.

Any other personal data processed during the sending process are processed in order to prevent abuse/misuse of the contact form and to ensure the security of our information technology systems.

Storage periods

These data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data transferred and processed via the contact form and those sent by email, this is the case when the respective enquiry has been dealt with or when the contact resulted in pre-contractual measures or a contract but these have expired and there are no longer any statutory storage requirements that require further storage. The enquiry is deemed to have been dealt with insofar as it can be inferred from the circumstances that the user’s question has been conclusively clarified. We check the necessity of further processing of data routinely every two years and comply with statutory retention periods.

Any other personal data collected during the sending process is deleted after a period of seven days at the latest.

Rights to object and erasure

You have the right to revoke your consent to the processing of personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. In in such a case, we will be unable to continue dealing with your enquiry.

Please you’re your revocation request by email to sylt@sothebysrealty.com

Once we receive your revocation instruction, we will delete all personal data stored in the course of establishing contact.

We would like to point out that our website also includes contact forms/iframes/links from external providers:

  • Google Play Store
  • Apple App Store
  • Mobile Version of SIR Mobile
  • Website of Sotheby´s International at www.sothebysrealty.com
  • Where applicable, external links from partners with whom we cooperate, e.g. for selected new development projects presented on our own website.

We would like to point out that these providers also collect and process personal data on their websites. In such cases, we have no influence over the revocation of consent or the erasure of personal data. When you visit external websites via a link on our website, data is transferred for the purpose of satisfying your legitimate interest in visiting the requested website. The legal basis for the processing of users’ personal data is Article 6.1.f of the GDPR.

Google Analytics

Description and scope of data processing

Our website uses services provided by Google Analytics, a service from Google Inc., 1600 Amphitheatre Parkway Mountain View, CA, 94043, USA. Google uses cookies (see above). The information generated by the collection of cookies is transferred to a Google server in the United States and stored there. Google complies with EU data protection regulations and is certified under the Privacy Shield Agreement. We use Google Analytics with activated IP anonymisation, which means that your IP address is shortened before it is transferred and stored. Only in exceptional cases is the full IP address transmitted to the United States and shortened there.

Legal basis for data processing

The legal basis for the processing of the data is Article 6.1.f of the GDPR.

Purpose of data processing

The processing of personal data helps us to improve our online presence and evaluate user behaviour on our website. Google uses this information to evaluate your use of the website and to provide other related services to the website operator. At no point is your IP address associated with other data stored by Google.

Storage periods

These data are deleted as soon as they are no longer necessary for the purpose for which they were collected. For personal data transferred and processed via the contact form and those sent by email, this is the case when the respective enquiry has been dealt with or when the contact resulted in pre-contractual measures or a contract but these have expired and there are no longer any statutory storage requirements that require further storage. The enquiry is deemed to have been dealt with insofar as it can be inferred from the circumstances that the user’s question has been conclusively clarified. We check the necessity of further processing of data routinely every two years and comply with statutory retention periods.

Any other personal data collected during the sending process is deleted after a period of seven days at the latest.

Rights to object and erasure

You can deactivate the creation and storage of cookies in their browser. Doing so may restrict the functionality of our website. You can prevent Google from collecting and processing data generated by the cookie and related to your use of our website by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Further information on Google’s use of data for advertising purposes, for configuring your browser to block cookies and on your rights to object is provided by Google under the following links: https://www.google.com/intl/de/policies/privacy/partners/

(“HOW GOOGLE USES INFORMATION FROM SITES OR APPS THAT USE OUR SERVICES”), http://www.google.com/policies/technologies/ads

(“How your ads are personalized”), http://www.google.de/settings/ads

(“Information Google uses to display advertisements”) and http://www.google.com/ads/preferences/

(“Ad settings”).

Additional opt-out solution for mobile websites:

Embed opt-out code for all browsers

According to Google, the opt-out solution must be implemented as follows:

Embed this Javascript code before
the actual Google Analytics code in the source code of your website (source: Google).
You have to enter the value “UA-XXXX-Y” with your
your own Google Analytics code. *Update* Daniel shows how
to combine this code with the regular Google Analytics code.[code language=”javascript” gutter=”false”]

// Set to the same value as the web property used on the site

var gaProperty = ‚UA-XXXXXXXX-Y‘;

var disableStr = ‚ga-disable-‚ + gaProperty;

// Disable tracking if the opt-out cookie exists.

if (document.cookie.indexOf(disableStr + ‚=true‘) > -1) {

window[disableStr] = true;

}

// Opt-out function

function gaOptout() {

document.cookie = disableStr + ‚=true; expires=Thu, 31 Dec 2099 23:59:59 UTC; path=/‘;

window[disableStr] = true;

}

[/code]

In order for this code to run, you must have the Google Analytics section in
Add this HTML code to your privacy statement:[code language=”html” gutter=”false”]

As an alternative to the browser plug-in or within browsers on mobile devices, this link to the capture by Google Analytics within this site in the future (the opt-out works only in the browser and only for this domain). An opt-out cookie is stored on your device. If you delete your cookies in this browser, you must click this link again.

[/code]

Google Fonts

We embed fonts from Google (Google FONTS). The address of the provider is the same as the address in the Google Analytics section above. The provision of this service may require the transfer of personal data, see also the section on Google Analytics. Further information can be found in the data protection policy at https://policies.google.com/privacy?hl=de. You can opt-out under the following link: https://adssettings.google.com/authenticated

Google Maps

We integrate maps from Google (Google Maps). The address of the provider is the same as the address in the Google Analytics section above. The provision of this service may require the transfer of personal data, see also the section on Google Analytics. Further information can be found in the data protection policy at https://policies.google.com/privacy?hl=de.

You can opt-out under the following link: https://adssettings.google.com/authenticated

Adobe Typekit

We integrate Adobe Typekit fonts and services on our website. These are provided by Adobe Systems Software Ireland, 4-6 Riverwalk, Citywest Business Campus, Dublin 24 Republic of Ireland. The provision of this service may require the transfer of personal data. You can find out what information is collected, along with other information, on the Adobe Typekit Privacy Policy page at: https://www.adobe.com/de/privacy/policies/typekit.html

Youtube

We integrate the videos of the platform YouTube, a video hosting service provided by Google, on our website. The address of the provider is the same as the address in the Google Analytics section above. The provision of this service may require the transfer of personal data, see also the section on Google Analytics. Further information can be found in the data protection policy at https://policies.google.com/privacy?hl=de.

Additional cookies are created and stored whenever you play a YouTube video on our site. The provision of this service may require the transfer of personal data to YouTube and linked to an existing Google profile if you are logged into your YouTube or Googls account at the time. If you want to prevent these data from being transferred, please log out of your account before using the service.

You can opt-out under the following link: https://adssettings.google.com/authenticated

Jetpack and WordPress statistics

Our website uses Jetpack for WordPress in order to statistically evaluate visitors’ access and use of our website. This service is provided by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses its own cookies.

Automattic is certified under the EU-US Privacy Shield Agreement, which guarantees compliance with European Union data protection laws. Further information can be found at: https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active

Data collected through the use of this service is transferred to and processed in a third country (United States). Automated usage profiles can be created from the data for analysis purposes, but not for advertising purposes. Automattic’s privacy policy can be found at this link: https://automattic.com/privacy/Details of Jetpack can be found at this link: https://jetpack.com/support/cookies/.

Social Plug-Ins

We use a variety of social network plug-ins on our website. These plug-ins collect personal data and transfer it to the services’ providers.

We use the following social network plug-ins based on our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our website in accordance with Article 6.1.f of the GDPR.

Facebook Social Plug-Ins

Our website features plug-ins from the social network Facebook, a service provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA, 94025 USA. An overview of Facebook plug-ins can be found here: https://developers.facebook.com/docs/plugins/.

Facebook guarantees compliance with European Union data protection standards and is certified under the EU-US Privacy-Shield-Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When you run a Facebook plug-in, a direct connection is established to the Facebook servers, which may be located in Europe or the United States. The content of the plug-in is transferred directly from Facebook to your computer system and integrated into our website. These data may be used by Facebook to create user profiles. We have no influence on the extent of the data that Facebook collects via these plug-ins and can only provide you with information to the best of our knowledge. It is possible that other data stored by Facebook may be aggregated with this data, especially if you have a Facebook profile and are logged into your Facebook account when you visit our website. However, even if you do not have a Facebook account, your IP address and the time you access our website will probably be collected and stored by Facebook.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options to protect the privacy of users, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If you do not want Facebook to collect data about you via our online service and associate it with your Facebook data, you should log out of Facebook before you visit our website and delete your cookies. Further information on your rights to object to the use of your personal data for advertising purposes can be found on Facebook’s profile settings page: https://www.facebook.com/settings?tab=ads or via Facebook’s U.S. American page http://www.aboutads.info/choices/ or EU page http://www.youronlinechoices.com/.

The settings are platform-independent, i.e. they apply to all devices, including desktop computers and mobile devices.

We operate our own company page on Facebook, which we have also linked to and which you can subscribe to. This page will also collect personal data.

Our services may also include Facebook Messenger, which may also collect and process personal data.

Facebook Pixel

Our website features the integrated Facebook Pixel plug-in. This is a service provided by Facebook Inc, 1 Hacker Way, Menlo Park, CA, 94025 USA. You can read more about Facebook plug-ins here: https://developers.facebook.com/docs/plugins/.

Facebook guarantees compliance with European Union data protection standards and is certified under the EU-US Privacy-Shield-Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When you run Facebook Pixel plug-in, a direct connection is established to the Facebook servers, which may be located in Europe or the United States. The content of the plug-in is transferred directly from Facebook to your computer system and integrated into our website. These data may be used by Facebook to create user profiles. We have no influence on the extent of the data that Facebook collects via these plug-ins and can only provide you with information to the best of our knowledge. It is possible that other data stored by Facebook may be aggregated with this data, especially if you have a Facebook profile and are logged into your Facebook account when you visit our website. However, even if you do not have a Facebook account, your IP address and the time you access our website will probably be collected and stored by Facebook.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options to protect the privacy of users, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If you do not want Facebook to collect data about you via our online service and associate it with your Facebook data, you should log out of Facebook before you visit our website and delete your cookies. Further information on your rights to object to the use of your personal data for advertising purposes can be found on Facebook’s profile settings page: https://www.facebook.com/settings?tab=ads or via Facebook’s U.S. American page http://www.aboutads.info/choices/ or EU page http://www.youronlinechoices.com/

The settings are platform-independent, i.e. they apply to all devices, including desktop computers and mobile devices.

Twitter

Our website allows you to access the functions and content of the Twitter service provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The Twitter service may include content such as images, videos, text or buttons that you can interact with on the service or use to subscribe to our posts. If you are a member of Twitter, Twitter will be able to associate content and features you access on our website with your Twitter profile. Twitter complies with European Union data protection standards and is certified with the EU-US Privacy Shield Agreement. (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).

Twitter’s privacy policy can be found here: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization.

If you wish to prevent your personal date from being associated with your Twitter profile, you should log out of Twitter before you visit our website and delete your cookies.

Instagram

Our website uses services from Instagram provider by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. Whenever you interact with Instagram’s service via our website, personal data may be collected and transferred to Instagram, in particular your IP address and the date and time of your access. The data transfer may also involve content such as images, videos, text and buttons that users interact with or subscribe to. If you have an Instagram account, Instagram may be able to associate these data with your Instagram profile. You can find the Instagram Privacy Policy at: http://instagram.com/about/legal/privacy/.

If you wish to prevent data from being associated with your Instagram profile, you should log out of Instagram before you visit our website and delete your cookies.

Google Plus

Our website uses services from Google Plus provided by Google Inc. The address of the provider is the same as the address in the Google Analytics section above. The provision of this service may require the transfer of personal data, see also the section on Google Analytics. Further information can be found in the data protection policy at https://policies.google.com/privacy?hl=de.

You can opt-out under the following link: https://adssettings.google.com/authenticated

By interacting with this service, your personal data may be collected and transmitted, in particular your IP address and the date and time of your access. The data transfer may also involve content such as images, videos, text and buttons that users interact with or subscribe to. If you are a member of the Google Plus platform, Google Plus may be able to associate these data with your Google Plus profile.

If you wish to prevent data from being associated with your Google Plus profile, you should log out of Google Plus before you visit our website and delete your cookies.

Pinterest

Our website uses services from Pinterest provided by Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA. When you interact with a Pinterest plug-in, content such as pictures, videos, texts and buttons can be accessed with which you can interact or subscribe to our contributions. If you have a Pinterest account, may be able to associate these data with your Pinterest profile. You can find Pinterest’s Privacy Policy at: https://about.pinterest.com/de/privacy-policy.

If you wish to prevent data from being associated with your Pinterest profile, you should log out of Pinterest before you visit our website and delete your cookies.

Rights of the data subject

Whenever your personal data is processed, you are a data subject in the sense of the GDPR. This means you have the following rights vis-à-vis the data controller:

Right to information

You can request confirmation from us as to whether we process your personal data.

In the event of such processing, you may request the following information from us in our role as data controller:

  1. The purposes for which your personal data are processed;
  2. The categories of your personal data we process;
  3. The recipients or categories of recipients to whom we have or will disclose your personal data;
  4. The planned retention period of your personal data or, if it is not possible to provide specific information in this regard, criteria for determining the retention period;
  5. The existence of your right rectification or erasure of your personal data, your right to restrict the processing of your personal data and your right to object to such processing;
  6. The existence of your right to lodge a complaint with a supervisory authority;
  7. All available information on the origin of your personal data we store and process, insofar as we have not collected the personal data from you;
  8. The existence of automated decision-making, including profiling, in accordance with Article 22.1 and 22.4 of the GDPR and – at least in these cases – meaningful information on the reasoning, scope and intended effects of such processing.

You have the right to request information as to whether personal data related to you as a data subject are or will be transferred to a third country or to an international organisation.

In this context, you may request information on the appropriate guarantees pursuant to Article 46 of the GDPR.

Right to rectification

You have the right to have your personal data corrected and/or completed by the data controller if the personal data relating to you is inaccurate or incomplete. The data controller must rectify such incorrect or incomplete data immediately.

Right to restriction of processing

Under the following conditions, you may request the restriction of processing of your personal data:

  1. If you dispute the accuracy of the personal data and allow the data controller sufficient time to verify the accuracy of the personal data;
  2. The processing is unlawful and you refuse to have the personal data erased and instead request that the processing of the personal data be restricted;
  3. The data controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims; or
  4. If you have lodged a complaint against the processing pursuant to Article 21.1 of the GDPR with a supervisory authority and it has not yet been determined whether the legitimate purposes of the data controller override your legitimate purposes.

Where the processing of personal data concerning you has been restricted, such data may not be processed, with the exception of their storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or of a Member State.

If the processing restriction has been limited in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

Right to erasure

  1. 1. You may request the immediate erasure of your personal data by the data controller and the data controller is obligated to erase such data immediately if one of the following reasons applies:
    1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
    2. You revoke the consent on which the processing was based pursuant to Article 6.1.a or Article 9.2.a of the GDPR and there is no other legal basis for the processing;
    3. You object to the processing pursuant to Article 21.1 of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21.2 of the GDPR;
    4. The personal data concerning you have been collected or processed unlawfully;
    5. The erasure of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject; or
    6. 6. The personal data relating to you have been collected in relation to information society services offered pursuant to Article 8.1 of the GDPR.
  2. 2. Information to third parties
  3. Insofar as the data controller has made the personal data concerning you public and is obliged to erase them pursuant to Article 17.1 of the GDPR, the data controller shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the data controllers responsible for processing the personal data that you, as the data subject, have requested all links to this personal data or copies or replications of this personal data be erased.
  4. 3. Exceptions

The right to erasure does not exist if the processing is necessary:

  1. To exercise freedom of expression and information;
  2. To fulfil a legal obligation subject to the laws of the European Union or of the Member States to which the data controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. For reasons of public interest in the field of public health pursuant to Article 9.2.h, 9.2.i and Article 9.3 of the GDPR;
  4. For archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89.1 of the GDPR, insofar as the law referred to under section a) presumably makes it impossible or seriously impairs the attainment of the objectives of such processing; or
  5. To assert, exercise or defend legal claims.

Right to information

If you have exercised your right to rectify, erase or restrict the processing of your personal data against the data controller, the data controller shall be obliged to notify all recipients to whom the personal data have been transferred that they also need to rectify, erase or restrict the processing of the personal data, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of such recipients by the data controller.

Right to data transferability

You have the right to receive the personal data concerning you, which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit these data to another data controller without hindrance from the data controller to which the personal data have been provided, provided that

  1. the processing is based on consent pursuant to Article 6.1.a or 9.2.a of the GDPR or on a contract pursuant to Article 6.1.b of the GDPR; and
  2. processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data transmitted directly from one data controller to another, where technically feasible and without adversely affecting the rights and freedoms of others.

The right to data transfer does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data which is based on Article 6.1.e or Article 6.1.f of the GDPR, including profiling based on those provisions.

The data controller shall no longer process the personal data unless the data controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Right to revoke your consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. Where you have revoked your consent, this shall not affect the legality of the processing carried out on the basis of your consent prior to your revocation.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision

is necessary for entering into, or performance of, a contract between you and the data controller,

  1. is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests as a data subject; or
  2. is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Article 9.1 of the GDPR, unless Article 9.2.a or 9.2.g of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests as a data subject, at least the right to obtain human intervention on the part of the data controller, to express your point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Von der Fachpresse empfohlen: