Privacy Policy

State: 1 January 2021

1. Name and address of the responsible person

The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states of the European Union as well as other data protection regulations:

Matthias Fehring
Zum Südholz 8
34439 Willebadessen-Eissen
Germany

2. Scope of this privacy policy

This privacy policy applies to the websites and online services offered under the following domains:

  • Website: https://www.huessenbergnetz.de
  • Matomo: https://statistik.huessenbergnetz.de
  • Nextcloud: https://wolke.huessenbergnetz.de
  • Documentation: https://doc.huessenbergnetz.de
  • Email management: https://skaffari.huessenbergnetz.de
  • Web mail: https://post.huessenbergnetz.de
  • SMTP: smtp.huessenbergnetz.de
  • IMAP, POP3, Sieve: mail.huessenbergnetz.de

3. General information on data processing

3.1. Scope of processing of personal data

We only process personal data of our users if this is necessary to provide functional websites and online services as well as our contents and services. The processing of personal data of our users takes place regularly only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for effective reasons and processing of the data is permitted by law.

3.2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6(1)a GDPR serves as the legal basis.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6(1)b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

As far as a processing of personal data is necessary for the fulfilment of a legal obligation to which we are subject, Art. 6(1)c GDPR serves as legal basis.

If processing is necessary to maintain a legitimate interest on our part or that of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6(1)f GDPR serves as the legal basis for processing.

3.3. Data erasure and storage time

The personal data of the person affected will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

According to legal requirements in Germany, the storage takes place in particular for 10 years according to § 147(1) AO and for 6 years according to § 257(1) HGB.

3.4. Types of processed data

  • Personal data (e.g. names, addresses)
  • Content data (e.g. text input, pictures, videos)
  • Contact data(e.g. email, telephone number)
  • Meta/Communication data (e.g. device information, IP addresses)
  • Usage data (e.g. visited websites, interest in contents, access times)
  • Contract data (e.g. contract object, validity period, customer category)
  • Payment data (e.g. bank details, invoices, payment history)

3.5. Categories of persons affected

  • Business and contractual partners
  • Prospective customers
  • Communication partners
  • Customers
  • Visitors and users of the websites and online service listed at point 2 of this privacy policy
  • Visitors and users of websites and online services I operate for my customers (responsible for the data protection on these sites and services is the person named in the privacy policy of the respective website)

3.6. Purposes of processing

  • Office and organisational procedures
  • Provision of my websites and online services
  • Contact requests and communication
  • Usage analytics (e.g. access statistics)
  • Security measures
  • Contractual services and performances
  • Managing of and responding to inquiries

3.7. Safety precautions

In accordance with Art. 32 GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the current state of technology, the costs of implementation and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons.

As far as possible, IP addresses are only stored in shortened or masked form. A part of the IP address is removed or replaced by a 0. For example, 144.76.81.150 becomes 144.76.0.0, so that an assignment is no longer possible. An exception is in particular cases where the IP address is stored to protect our information technology systems, e.g. in the case of failed login attempts.

We also endeavour to offer all online services offered and used by us, if possible only via encrypted connections (TLS). You can recognise an encrypted connection to this website, for example, by a lock symbol in the address bar or by the address beginning with https://.

You will find our technical and operational data protection measures in this PDF file.

3.8. Cooperation with contract data processors and third parties

If, in the course of our data processing, we disclose personal data to other persons and companies (contract data processors or third parties), transfer them to them or otherwise grant them access to the personal data, this will only take place on the basis of a legal permission pursuant to Art. 6(1)b GDPR, your consent pursuant to Art. 6(1)a GDPR, a legal obligation pursuant to Art. 6(1)c GDPR or on the basis of our legitimate interest pursuant to Art. 6(1)f GDPR.

If third parties are commissioned by us with the processing of personal data, this is done on the basis of Art. 28 GDPR within the framework of a contract on data processing.

4. Providing our websites and online services

4.1. Description and scope of data processing

Every time you visit our websites and every time you use our online services, our systems automatically collect data and information from the computer system of the calling user.
The following data is collected:

Furthermore, we use the web analysis tool Matomo (formerly PIWIK) on some websites. You can find more information in the section about Matomo.

4.2. Legal basis for the data processing

The legal basis for the temporary storage of data is Art. 6(1)f GDPR.

4.3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the web pages and online services to the user’s computer. For this the IP address of the user must remain stored for the duration of the session. These purposes are also our legitimate interest in data processing according to Art. 6(1)f GDPR.

4.4. Storage duration

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of websites and online services, this is the case when the respective session has ended.

4.5. Possibility of objection and elimination

The collection of data for the provision of websites and online services is absolutely necessary for the operation of the websites and online services. Consequently, there is no possibility of objection on the part of the user.

5. Creation of log files

5.1. Description and scope of the data processing

Our systems do not create log files for every single access to web pages (so-called access logs), but there is an evaluation of the requests using Matomo, which you can contradict here.

For security reasons, to avert danger and to correct errors, certain actions triggered by the user are logged, including in particular failed login attempts at services and websites that allow a login.

5.1.1. Error logs

All websites and online services provided by me log any internal errors that occur in log files. These entries do not contain an IP address, but may contain user names of the user whose action caused the error in order to find errors.

5.1.2. www.huessenbergnetz.de

  • If the contact form classifies an input as spam, the IP address of the user is logged in order to be able to better ward off cases of repetition.

5.1.3. statistik.huessenbergnetz.de

  • In case of failed login attempts at the Matomo administration interface, the IP address and the entered user name of the requesting user are logged in order to prevent misuse.

5.1.4. wolke.huessenbergnetz.de

  • In case of failed login attempts at the Nextcloud interface, the IP address and the entered user name of the requesting user are logged in order to prevent misuse.

5.1.5. skaffari.huessenbergnetz.de

  • When logging on to the Skaffari administration interface, the IP address and the user name entered by the requesting user are logged in order to prevent misuse.
  • For security reasons, all administrative actions performed by administrators are logged. The user name of the executing administrator is logged, but no IP address.

5.1.6. post.huessenbergnetz.de

also post.tc-eissen.de und post.die-friseurin.net

  • With each login to the web mail interface, the entered user name and the IP address of the requesting user are logged in order to prevent misuse.

5.1.7. SMTP, IMAP, POP3 and Sieve email server huessenbergnetz.de

  • During every communication with the e-mail system at huessenbergnetz.de via the protocols SMTP, IMAP, POP3 and Sieve, the user name and IP address of the requesting user are logged.
  • When e-mails are sent or received, the e-mail addresses of the sender and recipient are logged.
  • When logging on to the server via IMAP or POP3, the client ID sent by the e-mail program is logged. Depending on the program, this contains various information about the program itself, such as its name, version, etc.

5.2. Legal basis for the data processing

The legal basis for the temporary storage of data and log files is our legitimate interest in the secure operation of our information technology systems in accordance with Art. 6(1)f GDPR.

5.3. Purpose of the data processing

The storage of login information, fraud attempts and security-critical actions in log files ensures the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in data processing in accordance with Art. 6(1)f GDPR also lies in these purposes.

5.4. Storage duration

Data in log files will be deleted after seven days at the latest.

5.5. Possibility of objection and elimination

Logging of security-critical actions in log files is absolutely necessary for a secure operation of our systems. Consequently, the user has no right of objection.

6. Usage of cookies

6.1. Description and scope of the data processing

Our websites and online services use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie may contain a characteristic string of characters that enables a unique identification of the browser when the website is called up again.

Some elements of our web pages (e.g. login forms) require that the calling browser can be identified even after a page change. These cookies are technically necessary for the operation of the respective service.

The following data is stored and transmitted in the cookies:

6.1.1. statistik.huessenbergnetz.de

Cookie name Required Expiration Purpose
piwik_ignore no two years stores whether you have objected to the collection by Matomo web analytics
MATOMO_SESSID yes to the end of the browser session stores the session ID required for logging in; this cookie is also set when the opt-out form is displayed to create a session to protect against CSRF attacks

6.1.2. wolke.huessenbergnetz.de

Cookie name Required Expiration Purpose
oc_sessionPassphrase yes to the end of the browser session stores a session password for login
5141acd750f1f yes to the end of the browser session stores an ID required for login
__Host-nc_sameSiteCookielax yes 2100/12/31 stores required security settings
__Host-nc_sameSiteCookiestrict yes 2100/12/31 stores required security settings
nc_session_id yes 15 days stores a session ID required for login
nc_token yes 15 days stores a session token required for login
nc_username yes 15 days stores your user name required for login

6.1.3. skaffari.huessenbergnetz.de

Cookie name Required Expiration Purpose
Skaffari_session no to the end of the browser session stores the session ID required for login
csrftoken no to the end of the browser session stores a token to avoid CSRF attacks
domains_sort_col no to the end of the browser session stores sorting order settings
domains_sort_dir no to the end of the browser session stores sorting order settings
domains_filter_term no to the end of the browser session stores filter settings
domain_filters no to the end of the browser session stores filter settings

6.1.4. post.huessenbergnetz.de

Cookie name Required Expiration Purpose
roundcube_sessid no to the end of the browser session stores the session ID required for login
roundcube_sessauth no to the end of the browser session stores the session authentification required for login

6.2. Legal basis for the data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6(1)f GDPR. If we use optional cookies on our website, the user’s prior consent will be obtained. In this case, Art. 6(1)a GDPR is the legal basis.

6.3. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our websites cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

The user data collected by technically necessary cookies are not used to create user profiles.

6.4. Storage duration, possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted to our pages. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our web pages, it is possible that not all functions of the web pages can be used to their full extent.

7. Contact forms and email contact

7.1. Description and scope of the data processing

On some of our websites (www.huessenbergnetz.de) contact forms are available, which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to me and saved. This data is:

  • name of the user
  • email address of the user
  • subject of the message
  • message text

At the time the message is sent, the following data is also stored:

  • date and time of sending

In the event of suspected misuse of the contact form (e.g. spam), the following data will also be stored:

  • IP address of the requesting system

Alternatively, it may be possible to contact us via an e-mail address provided. In this case, the user’s personal data transmitted by e-mail will be stored.

For the processing of data from contact forms, your consent is obtained within the scope of the sending process and reference is made to this privacy policy.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

7.2. Legal basis for the data processing

The legal basis for the processing of the data is Art. Art. 6(1)a GDPR, if the user has given his or her consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1)f GDPR.

If contact is aimed at the conclusion of a contract, then additional legal basis for the processing is Art. 6(1)b GDPR.

7.3. Purpose of the data processing

The processing of the personal data from the input mask serves us alone for the treatment of the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

7.4. Storage duration

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

7.5. Possibility of objection and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

To revoke your consent and/or to object to the storage, please simply send a corresponding request via the contact form to us or send an e-mail to .

All personal data stored in the course of contacting us will be deleted in this case.

8. Web analysis by Matomo (formerly PIWIK)

8.1. Description and scope of the data processing

On some of our websites we use the open source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of my users. The used Matomo installation is operated by ourself at statistik.huessenbergnetz.de. At the moment it is used on our following websites:

  • https://www.huessenbergnetz.de
  • https://doc.huessenbergnetz.de

Furthermore, we offer our customers the use of the Matomo installation at statistik.huessenbergnetz.de to analyze their own websites. With the customers who use this service, there is a contract in accordance with Art. 28 GDPR on order data processing. You will also find information on this in the privacy policy of the respective customer website.

If details of a website analysed by me are called up, the following data are stored:

  • anonymized IP address of the requesting system of the user
  • the requested website
  • the website from which the user has accessed the requested website (HTTP referer)
  • the subpages that are accessed from the accessed website
  • date and time of the request
  • duration of stay on the website
  • the frequency of visiting the website
  • the browser used, its version, language used and installed plugins
  • the operating system used and its version
  • the device used and its screen resolution
  • country and approximate city from which the request comes
  • average loading time of the accessed page

The software runs exclusively on our servers. The personal data of users is only stored there. A passing on to unauthorized third parties does not take place. Customers of our service only have access to the data of their own website(s).

The software is configured in such a way that the IP addresses are not completely stored but masked (e.g. 144.76.0.0 instead of 144.76.81.150). In this way it is no longer possible to assign the shortened IP address to the calling computer. In addition, no cookies are used for the recognition of users.

No data is merged across the boundaries of domains. In particular, no data from websites of different customers will be combined or passed on to other customers.

8.2. Legal basis for the data processing

The legal basis for processing the personal data of the users of our websites is Art. 6(1)f GDPR.

The legal basis for commissioned data processing for our customers is Art. 6(1)b GDPR together with a contract concluded with the respective customer pursuant to Art. 28 GDPR on commissioned data processing.

8.3. Purpose of the data processing

The processing of users’ personal data enables us, or our customer, to analyse the surfing behaviour of our users. We are able to compile information about the use of the individual components of our websites and online services by evaluating the data obtained. This helps us to constantly improve our online offer and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6(1)f GDPR. By anonymizing the IP address, users’ interest in protecting their personal data is sufficiently taken into account.

In the case of commissioned data processing for customers, the purpose is to fulfil our business activities and to enable the respective customer to safely analyse his websites. For this purpose there is a contract between us and the respective customer who uses the service of statistik.huessenbergnetz.de in accordance with Art. 28 GDPR on commissioned data processing.

8.4. Storage duration

The data will be deleted as soon as they are no longer needed for our recording purposes. This is always the case after 367 days.

8.5. Possibility of objection and elimination

Since the collected data is stored anonymized, no personal reference can be made from it. It is therefore not possible to delete specific data of individual users.

We also offer our users the possibility of an opt-out from the analysis procedure on all websites analysed by statistik.huessenbergnetz.de, including this one. To do this, simply click on the corresponding box in the next section. In this way, a cookie is set which signals the Matomo installation at statistik.huessenbergnetz.de not to store the user’s data in the future. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again. The opt-out applies to all websites and online services analyzed by statistik.huessenbergnetz.de.

Alternatively, you can tell us by setting your web browser that you object to Matomo’s collection. Your browser has to send the so called “Do Not Track (DNT)” HTTP header field. You will usually find the corresponding option in the data protection settings of your browser.

8.6. Matomo Opt Out

9. Hosting

9.1. Description and scope of the data processing

We use servers and infrastructure of Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen, Germany to provide our websites and online services. Between us and Hetzner Online GmbH there is a contract according to Art. 28 GDPR about commissioned data processing. We offer our websites and online services, as far as possible, generally via an encrypted connection. If you access our websites and online services via an encrypted connection, the systems of Hetzner Online GmbH can only record your IP address and the IP address and host name of the target system. If the call is still made the first time or for other technical reasons via an unencrypted connection, the systems of Hetzner Online GmbH can also recognize the data listed under point 4.1. of this privacy policy.

Information about the data protection of Hetzner Online GmbH can be found in the provider’s privacy policy. Information on the technical and operational measures carried out by Hetzner Online GmbH in accordance with Art. 32 GDPR can be found in this PDF document.

9.2. Legal basis for the data processing

The legal basis for the processing of personal data is our legitimate interest pursuant to Art. 6(1)f GDPR in an efficient and secure provision of my websites and online services.

9.3. Purpose of the data processing

The processing of personal data by Hetzner Online GmbH enables us to provide our own websites and online services and to provide our services to our customers. Only the purchase of infrastructure and server services makes our websites and online offers possible.

9.4. Storage duration

If Hetzner Online GmbH creates log files to protect its own infrastructure and information technology systems, these will be made anonymous after 7 days at the latest — which means that a personal reference can no longer be established.

9.5 Possibility of objection and elimination

The processing of data by Hetzner Online GmbH is absolutely necessary for the operation of the websites and online services. Consequently, there is no possibility of objection on the part of the user.

10. Hosting for thid parties and customers

10.1. Description and scope of the data processing

As part of our business activities, we offer third parties hosting and infrastructure services, including storage space and computing power. When providing websites and online services to third parties, the same data is collected as listed in point 4.1. of this privacy policy. For log files the same applies as under point 5. of this privacy policy.

10.2. Legal basis for the data processing

Legal basis for the processing of personal data are contractually offered services and preliminary work according to Art. 6(1)b GDPR.

10.3. Purpose of the data processing

The processing of personal data for third parties enables us to conduct our business and provide services to third parties.

10.4. Storage duration

As far as personal data are not stored anonymously, they will be deleted by us after 7 days at the latest.

10.5. Possibility of objection and elimination

The collection of data for third parties is mandatory for the provision of our services and for the maintenance of our business operations. Consequently, there is no possibility of objection on the part of the user.

11. E-mail server

11.1. Description and scope of the data processing

As part of our business activities, we offer our customers the use of our e-mail servers via the protocols SMTP, IMAP, POP3 and Sieve. We also use the same e-mail servers for our own communication. If you use our e-mail servers to receive and/or send messages or send an e-mail to us or one of our customers, the following data will be processed automatically:

  • E-mail address of sender and recipient
  • Complete content of the e-mail
  • IP address of the system connecting to our servers
  • When retrieving e-mails via IMAP or POP3, also the client ID of the retrieving program

To protect our information technology systems and the systems of our customers, all messages received and sent via our systems are automatically filtered and analyzed. This analysis serves to protect against spam and computer viruses and can result in our systems refusing to accept e-mails.

In addition, when communicating with our e-mail servers, certain data is automatically written to log files. Further information on this can be found under point 5.1.7 of this data protection declaration.

11.2. Legal basis for the data processing

The legal basis for the processing of personal data is our legitimate interest in the protection of our information technology systems and those of our customers pursuant to Art. 6(1)f GDPR. When processing e-mails for our customers, Art. 6(1)b GDPR is also the legal basis for contractually offered services and preliminary work.

11.3. Purpose of the data processing

The data is processed by us in order to be able to offer our services and at the same time to be able to protect our systems and those of our customers in the best possible way.

If you contact us directly, you will also find further information in point 7 (contact forms and e-mail contact) of this data protection declaration.

11.4. Storage duration

Emails you send to us will be stored according to point 7 (contact forms and email contact) of this privacy policy.

E-mails that you send to our customers are stored until they are deleted by our customers. Further information can be found in the respective privacy policy of our customers.

Data in log files will be deleted after 7 days at the latest.

11.5. Possibility of objection and elimination

The data processed when using our e-mail servers is technically required. Consequently, the user has no right of objection.

12. Rights of the data subjects

If your personal data is processed you are affected within the meaning of the GDPR and you have the following rights towards the person responsible:

12.1. Right to access

You have the right to request a confirmation from the person responsible as to whether personal data concerning you will be processed by us. If such processing has taken place, you can request the following information from the person responsible:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  5. the existence of a right to have your personal data concerning you corrected or deleted, a right to have processing restricted by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. any available information on the origin of the data if the personal data are not collected from the data subject;

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

12.2. Right to rectification

You have a right of rectification and/or completion towards the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.

12.3. Right to restriction of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

  1. if you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  3. the controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
  4. if you have filed an objection to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, these data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the European Union or a member state.

If processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

12.4. Right to erasure

12.4.1. Obligation to delete

You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent, on which the processing was based pursuant to Art. 6(1)a GDPR or Art. 9(2)a GDPR, and there is no other legal basis for the processing.
  3. You file an objection to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you file an objection to the processing pursuant to Art. 21(2) GDPR.
  4. The personal data concerning you have been processed unlawfully.
  5. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.

12.4.2. Exceptions

The right to erasure does not exist if the processing is necessary

  1. to exercise freedom of expression and information;
  2. for the fulfilment of a legal obligation required for processing under the law of the European Union or of the Member States to which the controller is subject or for the fulfilment of a task in the public interest or in the exercise of official authority conferred on the controller;
  3. to assert, exercise or defend legal claims.

12.5. Right to be notificated

If you have made use of your right of rectification, erasure or restriction of the processing towards the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort.

The person concerned has the right to be informed of these recipients.

12.6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, if

  1. the processing is based on consent pursuant to Art. 6(1)a GDPR or on a contract pursuant to Art. 6(1)b GDPR and
  2. the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

12.7. Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data in accordance with Art. 6(1)e or f GDPR.

The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

12.8. Right to revoke the consent to the privacy policy

You have the right to revoke your consent to the privacy policy at any time. The revocation of consent will not affect the legality of the processing carried out on the basis of the consent until revocation.

12.9. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged will inform the complainant of the status and results of the complaint, including the possibility of a legal remedy under Art. 78 GDPR.