Legal

Data protection

Privacy statement

Thank you for your interest in our website. Protecting your personal data is important to us. We comply with legal regulations on data protection and data security.

In particular, we are subject to the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act as amended on 25.05.2018 (BDSG) and the Digital Services Act (DDG) and the Telecommunications Digital Services Data Protection Act (TDDDG). According to this, we are in particular entitled to collect and use personal data insofar as this is necessary to enable you to use our website at www.ruhrdot.com, including all services and functions contained therein.

Below you will find information about what personal data we collect when you use our website and use the services and features it contains and how we use it for which purposes.

I. Name and address of the person responsible

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

ruhrdot GmbH
Bismarckstraße 5
45128 Essen

Phone: +49-201-85890990
Site: www.ruhrdot.com

II. Name and address of the data protection officer

The data protection officer of the person responsible is:

Johannes Schwiegk
Datenzeit GmbH
Friedrich-Engels-Allee 200
D-42285 Wuppertal

Phone: +49-202-94794940
email: datenschutz@datenzeit.de
Site: https://www.datenzeit.de/

III. General information about data processing

1. Scope of processing of personal data

In principle, we only process our users' personal data to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly carried out only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis for processing personal data

Insofar as we obtain consent from the data subject for processing personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) (f) GDPR serves as the legal basis for processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted when a storage period prescribed by the above standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected here:

• IP address

• Date and time of the request

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (specific page)

• Access status/HTTP status code

• Amount of data transferred in each case

• Website from which the request comes

• Browser

• Operating system and its interface

• Language and version of the browser software

We are unable to assign this data to specific persons. We do not combine this data with other data sources.

The legal basis for the temporary storage of data is Article 6 (1) (f) GDPR.

2. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do this, the user's IP address must be stored for the duration of the session. The storage is also carried out to ensure the functionality of the website. We also use the data to optimize the website and ensure the security of our information technology systems. There is no evaluation of the data for marketing purposes in this context.

These purposes also include our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR.

3. Storage period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended. In addition, the data will be deleted after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or distorted so that it is no longer possible to assign the calling client.

4. Objection and removal option

The collection of data to provide the website and the storage of data in log files is absolutely necessary for the operation of the website. There is therefore no option for the user to object.

V. Use of cookies

1. Description and scope of data processing

In addition to the data mentioned above, cookies are stored on your computer when you use this website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which certain information flows to us. Cookies cannot run programs or transfer viruses to your computer. They serve to make the website more user-friendly and effective overall. This website uses the following types of cookies, the scope and functionality of which are explained below:

Cookie & Cookie groups

essential

Essential cookies enable basic functions and are required for the website to function properly.

Finsweet Consent Pro Cookie

Namn: Finsweet Consent Pro

Provider: owner of this website

Purpose: Saves the settings of visitors who have been selected in the Finsweet Consent Pro cookie box.

Cookie name: finsweetconsentpro

Cookie duration: 1 year

stats

Statistics cookies collect information anonymously. This information helps us understand how our visitors use our website.

Google Analytics

Name: Google Analytics

Provider: Google LLC

Purpose: Cookie from Google for website analytics. Generates statistical data about how the visitor uses the website.

Privacy statement: https://policies.google.com/privacy

Cookie name: _ga, _gat, _gid

Cookie duration: 2 years

In addition to these persistent cookies, there are also transient cookies.

Transient cookies are automatically deleted when you close your browser. In particular, this includes session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the joint session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies, on the other hand, are automatically deleted after a specified period of time, which may differ depending on the cookie. You can configure these persistent cookies according to your wishes via our cookie banner, which is displayed to you the first time you visit our website after automated or manual deletion of cookies and also refers to this privacy policy, and, for example, refuse to accept third-party cookies. We would like to point out that in such cases, you may not be able to use all functions of this website. In addition to the configuration options via the cookie banner displayed when you visit our website, you can also set your preferences retrospectively via the cookie button at the bottom left of the website.

2. Legal basis for data processing

The legal basis for processing personal data using cookies is Art. 6 (1) (a), (c) and (f) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to make it easier for users to use websites. Some functions of our website cannot be offered without the use of cookies. We must also use cookies in order to comply with our legal obligations or accountability obligations under the GDPR. For this, it is necessary that the browser is recognized even after a page change. The user data collected through technically necessary cookies is not used to create user profiles. Analysis cookies are used for the purpose of improving the quality of our website and its content. They are only set with the user's consent (Art. 6 (1) (a) GDPR). Through the analysis cookies, we learn how the website is being used and can thus constantly optimize our offering. These purposes also include our legitimate interest in processing personal data in accordance with Article 6 (1) (f) GDPR.

4. Duration of storage, right of objection and removal

Cookies are stored on the user's computer and transmitted from it to our site. As a user, you therefore also have full control over the use of cookies. In addition, you also have the configuration options already mentioned above via the cookie banner displayed when you visit our website and via the button in this privacy policy, with which you as a user can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

VI. Newsletter

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input form is sent to us.

We verify your consent to receive our newsletter by email using the so-called double opt-in procedure. This means that we first ask you to actively confirm your consent to receive the newsletter by sending an e-mail to the email address you provided as part of your subscription, before we start sending it. We use the confirmation information to document and, if necessary, prove your consent.

In addition, we can also send you our newsletter without your consent, subject to special requirements. As part of existing customer relationships, we are legally permitted to advertise the sale of similar goods and services by e-mail without having obtained your consent. There is no transfer of data to third parties in connection with data processing for sending newsletters. The data is used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for processing the data after registration for the newsletter is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

3. Purpose of data processing

The purpose of collecting the user's email address is to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

4. Storage period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored as long as the subscription to the newsletter is active.

5. Objection and removal option

The subscription to the newsletter can be cancelled by the affected user at any time without incurring any costs other than the transmission costs at the basic rates. For this purpose, there is a corresponding link in every newsletter.

Withdrawal of consent does not affect the lawfulness of processing based on consent. If you withdraw your consent, we will delete this data and stop sending you newsletters.

VII. Contact form and email contact

1. Description and scope of data processing

There is a contact form on our website, which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored.

Your information about the processing of the data with reference to this privacy policy will be documented as part of the sending process.

Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively to process the conversation.

2. Legal basis for data processing

The legal basis for processing the data is your consent in accordance with Article 6 (1) (a) GDPR.

If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b DSGVO.

3. Purpose of data processing

The processing of personal data from the input form is for us solely to process the contact. If you contact us by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Storage period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has finally been clarified.

5. Objection and removal option

The user has the option to withdraw his consent to the processing of personal data at any time. If users contact us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

In this case, all personal data that was stored in the course of contacting us will be deleted.

VIII. Applications

1. Description and scope of data processing

Your applicant data will be reviewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to department managers for each open position. The rest of the process is then coordinated. In principle, only people in the company have access to your data who need it to properly complete our application process. The data is processed exclusively in data centers in the Federal Republic of Germany.

2. Legal basis for data processing

The legal basis for processing your personal data in the application process is primarily Section 26 BDSG in the version in force since 25.05.2018 and Art. 6 para. 1 lit. b GDPR. According to this, the processing of data necessary in connection with the decision to establish an employment relationship is permitted.

Should the data be required for legal prosecution after completion of the application process, data may be processed on the basis of the requirements of Article 6 GDPR, in particular to pursue legitimate interests in accordance with Article 6 (1) (f) GDPR. Our interest then lies in asserting or defending claims.

3. Purpose of data processing

We process the data that you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process.

4. Storage period

Applicants' data will be deleted after 6 months in the event of a rejection.

If you have agreed to the continued storage of your personal data, we will add your data to our pool of applicants. There, the data is usually deleted after two years.

If you have been accepted for a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system.

IX. Using Google Tag Manager

1. Scope of processing of personal data

Google Tag Manager is used on this page. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland or Google LLC, Mountain View 1600 Amphitheatre Parkway Mountain View, CA 94043 USA. The processed data only includes your IP address, which is necessary to run Google Tag Manager, but is not collected without your consent (e.g. through appropriate settings in your browser or our consent management tool). With Tag Manager itself, no user profiles are created or cookies saved.

The data can be processed in the USA. For cases in which personal data is transferred to the USA, Google has submitted to the EU-U.S. Data Privacy Framework and also uses the so-called standard contractual clauses of the EU Commission. More information is available at https://business.safety.google/adsprocessorterms/.

2. Legal basis for processing personal data

The legal basis for using Google Tag Manager is your consent in accordance with Article 6 (1) (a) GDPR.

3. Purpose of data processing

By using Google Tag Manager, we are able to manage so-called website tags via an interface and thus integrate other services into our online offering (reference is made to the further and specific information in this privacy policy).

4. Storage period

We would like to point out that we have no specific knowledge of the transmitted data and its use by Google. For more information about Google Tag Manager, visit https://marketingplatform.google.com/intl/en/about/tag-manager/. Google's current privacy policy can be found at https://www.google.com/policies/privacy/.

5. Objection and removal option

You can withdraw your consent at any time by changing the settings in our consent management tool. Please note that your objection has no effect on the lawfulness of data processing up to that point.

The processing of data by Google can also be changed and excluded at https://adssettings.google.com/authenticated.

X. Web analysis through Google Analytics

1. Scope of processing of personal data

We use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics can use cookies on users' computers (see above for cookies) and allows us to analyse your use of our website. For example, we take into account which content you have accessed during one or more usage processes, which search terms you have used and how you have interacted with our online offering overall. The time of use and duration are also stored, as well as technical aspects of the devices and browsers you use. For this purpose, pseudonymous user profiles are created with information from the use of various devices. By using Google Analytics, geographic location data is determined and provided. To do this, the following metadata is collected using the IP search: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and the ID-based equivalents). To ensure the protection of the personal data of European users in the EU, Google receives and processes all data via domains and servers within the EU. The IP address of users is not logged and is abbreviated by the last two digits as standard, with the abbreviation taking place on European servers for European users.

The information obtained through the use of Google Analytics is used by Google on our behalf to evaluate your use of our website, to compile reports for us on website activity and to provide other services related to the use of our website and the Internet. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Full or unabridged IP addresses are not transmitted to Google servers in the USA, so it should be ruled out that personal data will be transferred to the USA. However, in cases where personal data is also transferred to the USA, Google has submitted to the EU-US Data Privacy Framework.

2. Legal basis for processing personal data

The legal basis for the use of Google Analytics is Art. 6 (1) (a) GDPR, i.e. your consent, which you have given via our cookie banner or consent management tool for the described data processing.

3. Purpose of data processing

The processing of users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its usability. By anonymizing IP addresses, users' interest in protecting their personal data is sufficiently taken into account.

4. Storage period

The data is deleted as soon as it is no longer required for our recording purposes. In addition, we would like to point out that, as the provider of the pages, we have no further knowledge of the content of the transmitted data and its use by Google. For more information, please see Google's privacy policy at https://policies.google.com/privacy.

5. Objection and removal option

You can withdraw your consent at any time with effect for the future by changing the settings in our cookie banner or consent management tool.

In addition, you can prevent cookies from being saved on your computer by setting your browser software accordingly. In this case, you may not be able to fully use all functions of our websites. To prevent Google from collecting the data generated by cookies and related to your use of our website (including your IP address) and from processing this data by Google, a browser plug-in is available for download and subsequent installation under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can also object to the use of cookies for audience measurement and advertising purposes via the Network Advertising Initiative deactivation page (https://optout.networkadvertising.org/) and in addition the US website (https://www.aboutads.info/choices) or the European website (https://www.youronlinechoices.com/uk/your-ad-choices/).

XI. Use of LinkedIn

1. Scope of processing of personal data

We maintain an online presence within the social network LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland. Within this framework and for up-to-date marketing, we process user data in order to communicate with users active there or to offer information about us.

The processed data categories include contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times) and meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).

In addition to the use of data by us, user data is usually processed by the operator of the social network for market research and advertising purposes. For example, profiles can be created based on user behavior and the resulting interests of users. These user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably match the interests of users. For these purposes, cookies (see above for cookies) are usually stored on users' computers, in which user behavior and interests are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users (in particular if the users are members of the social network and are logged in with their user account).

User data may also be processed outside the area of the European Union and may result in risks for users, for example because, among other things, the enforcement of the so-called data subject rights (see below on the rights of the data subject) can be made more difficult for users.

For a detailed description of the respective forms of processing, we refer to LinkedIn's privacy policy at https://de.linkedin.com/legal/privacy-policy?.

For cases where personal data is transferred to the USA, LinkedIn has submitted to the EU-US Data Privacy Framework.

2. Legal basis for processing personal data

The legal basis for using LinkedIn is Art. 6 (1) (f) GDPR.

If LinkedIn asks you for consent to the described data processing, the legal basis for processing is Art. 6 (1) (a) GDPR.

In addition, on the basis of an agreement on joint processing of personal data in accordance with Art. 26 GDPR in conjunction with the statement provided under this link https://legal.linkedin.com/pages-joint-controller-addendum.

3. Purpose of data processing

Using LinkedIn makes sharing content easier.

When content is posted by users on LinkedIn, we reach more potential customers as a result. In addition, the use of LinkedIn helps us to further publicize and disseminate our company and the services offered.

4. Storage period

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and its use by LinkedIn and therefore cannot tell us to what extent, at what location and for how long the data is stored, to what extent LinkedIn complies with existing deletion obligations, what evaluations and links with the data are carried out and to whom the data is passed on. However, every user of the social network must carefully check for themselves which personal data they share with and via LinkedIn.

5. Objection and removal option

Options to restrict processing of your information and manage your account and privacy settings are described at https://www.linkedin.com/help/linkedin/answer/a1337839/verwalten-ihrer-konto-und-datenschutzeinstellungen-ubersicht?lang=de. In addition, on mobile devices (smartphones, tablet computers), you can restrict LinkedIn's access to contact and calendar data, photos, location data, etc. in the settings there, although this depends on the operating system used.

There is an opt-out option at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

XII. Use of Instagram

1. Scope of processing of personal data

We maintain an online presence within the social network Instagram, which is operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Within this framework and for up-to-date marketing, we process user data in order to communicate with users active there or to offer information about us.

User data can also be processed outside the area of the European Union and may result in risks for users, for example because, among other things, the enforcement of the so-called data subject rights (see below on the rights of the data subject) can be made more difficult.

For a detailed description of the respective forms of processing, we refer to Instagram's privacy policy at https://privacycenter.instagram.com/policy. For cases where personal data is transferred to the USA, Instagram has submitted to the EU-US Data Privacy Framework.

2. Legal basis for processing personal data

The legal basis for using Instagram is Art. 6 (1) (f) GDPR. If Instagram asks you for consent to the described data processing, the legal basis for processing is Art. 6 (1) (a) GDPR.

3. Purpose of data processing

Using Instagram makes it easier to share content.

When content is posted by users on Instagram, we reach more potential customers as a result. In addition, the use of Instagram helps us to further publicize and disseminate our company and the services offered.

4. Storage period

According to Instagram, it stores data until it is no longer needed to provide the services and features or until the user's account is deleted, whichever comes first. This depends on the circumstances of the individual case, in particular the type of data, why it is collected and processed, and the relevant legal or operational storage needs.

5. Objection and removal option

For objection options (opt-out), we refer to Instagram's privacy policy and privacy information and settings at https://help.instagram.com/196883487377501?ref=dp and for privacy-friendly profile settings for Instagram profiles at https://help.instagram.com/811572406418223/?helpref=hc_fnav.

Even in the case of requests for information and the assertion of data subject rights, we would like to point out that these can be asserted most effectively with the provider of the social network. Only the provider has access to the user's data and can directly take appropriate measures and provide information. Users can contact the social network's data protection officer themselves using the following link: https://www.facebook.com/help/contact/540977946302970. Should you still need help, you can also contact us.

XII. Use of TikTok

1. Scope of processing of personal data

We maintain an online presence within the social network or short video portal Stiktok, which is operated by TikTok Technology Limited, The Sorting Office, Ropemaker Place, Dublin 2, Dublin, D02 HD23, Ireland. Within this framework and for modern marketing, we process user data in order to communicate with users active there or to offer information about us.

The processed data categories include contact data (e.g. name, e-mail, telephone number); content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times) and meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).

In addition to the use of data by us, user data is usually processed by the operator of the social network for market research and advertising purposes. For example, user profiles can be created based on usage behavior and resulting interests. These user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably match the interests of users. For these purposes, cookies (see above for cookies) are usually stored on users' devices, in which user behavior and interests are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users (in particular if the users are members of the social network and are logged in with their user account).

User data may also be processed outside the area of the European Union (including Singapore and USA and possibly China) and may result in risks for users, for example because, among other things, the enforcement of the so-called data subject rights (see below on the rights of the data subject) may be made more difficult.

For a detailed description of the respective forms of processing, we refer to TikTok's privacy policy at https://www.tiktok.com/legal/page/global/privacy-policy-eea-archive/de.

2.Legal basis for processing personal data

The legal basis for using TikTok is Art. 6 (1) (f) GDPR.

If TikTok asks you for consent to the described data processing, the legal basis for processing is Art. 6 (1) (a) GDPR.

3. Purpose of data processing

The use of TikTok makes it easier to share content and gives us the opportunity to present our offers in an appealing way. By using it, we can further publicize and disseminate our company and the services offered. We hope to reach more potential customers as a result.

4. Storage period

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and its use by TikTok and therefore cannot tell us to what extent, at what location and for how long the data is stored, to what extent TikTok complies with existing deletion obligations, what evaluations and links with the data are carried out and to whom the data is passed on. However, every user of the platform must carefully check for themselves which personal data they share with and via TikTok.

5. Objection and removal option

If you do not want TikTok to associate your visit to our pages with your TikTok user account, please log out of your TikTok user account. Options for account privacy settings are available at https://support.tiktok.com/de/account-and-privacy/account-privacy-settings.Nutzerdaten and can be requested at https://support.tiktok.com/de/account-and-privacy/personalized-ads-and-data/requesting-your-data.

XIII. Use of YouTube

1. Scope of processing of personal data

We maintain an online presence within the social network or video portal YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Within this framework and for up-to-date marketing, we process user data in order to communicate with users active there or to offer information about us.

For a detailed description of the respective forms of processing, we refer to the YouTube or Google privacy policy at https://policies.google.com/privacy.

For cases in which personal data is transferred to the USA, YouTube or Google has submitted to the EU-US Data Privacy Framework.

2.Legal basis for processing personal data

The legal basis for using YouTube is Art. 6 (1) (f) GDPR.

If YouTube asks you for consent to the described data processing, the legal basis for processing is Art. 6 (1) (a) GDPR.

3. Purpose of data processing

The use of YouTube makes it easier to share content and gives us the opportunity to present our offers in an appealing way. By using it, we can further publicize and disseminate our company and the services offered. We hope to reach more potential customers as a result.

4. Storage period

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and its use by YouTube and therefore cannot tell us to what extent, at what location and for how long the data is stored, to what extent YouTube complies with existing deletion obligations, what evaluations and links with the data are carried out and to whom the data is passed on. However, every user of the platform must carefully check for themselves which personal data they share with and via YouTube.

5. Objection and removal option

If you do not want YouTube to be able to associate your visit to our pages with your YouTube user account, please log out of your YouTube user account. There is an opt-out option at https://myadcenter.google.com/personalizationoff.

XV. Rights of the person concerned

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

1. Right to information

You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.

If there is such processing, you can request the following information from the person responsible:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom the seventh parties have been or are still being disclosed;

(4) the planned duration of storage of personal data concerning you or, if specific information is not possible, criteria for determining the storage period;

(5) the existence of a right to correct or delete personal data concerning you, a right to restrict processing by the person responsible or a right to object to this processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) all available information about the origin of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transfer.

2. Right to rectification

You have the right to correct and/or complete the data controller if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

3. Right to restrict processing

Under the following conditions, you can request that the processing of the seventh-meeting personal data be restricted:

(1) if you dispute the accuracy of the personal data concerning you for a permanent dispute that enables the person responsible to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

(3) the person responsible no longer needs the personal data for processing purposes, but you need them to assert, exercise or defend legal claims, or

(4) if you have filed an objection to processing in accordance with Article 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data — apart from storage — may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.

4. Right to deletion

a) Obligation to delete

You can request that the person responsible delete the personal data concerning you immediately, and the controller is obliged to delete this data immediately if one of the following reasons applies:

(1) The seventh personal data is no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR and there is no other legal basis for processing.

(3) You object to processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for processing, or you object to processing in accordance with Article 21 (2) GDPR.

(4) The personal data concerning you was processed unlawfully.

(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

(6) The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

b) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have deleted all links to this personal data or copies or replications of this personal data from them have requested personal data.

c) Exemptions

The right to deletion does not exist insofar as processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the right referred to in section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or

(5) to assert, exercise or defend legal claims.

5. Right to be informed

If you have asserted the right to correct, delete or restrict processing against the person responsible, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right, vis-à-vis the person responsible, to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided

(1) processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR, and

(2) processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected as a result.

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.

7. Right of objection

For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data relating to you based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller will no longer process your personal data unless he can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the recipients process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, you have the option to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications.

8. Right to withdraw the declaration of consent under data protection law

You have the right to withdraw your data protection consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.

9. Automated decision in individual cases, including profiling

You have the right not to be subject to a decision based exclusively on automated processing — including profiling — which has legal effect on you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the person responsible,

(2) is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to protect your rights and freedoms and your legitimate interests, or

(3) is made with your express consent.

However, these decisions must not be based on special categories of personal data under Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to protect the rights and freedoms and your legitimate interests, including at least the right to obtain the action of a person from the controller, to express his own position and to challenge the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint was submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

XVI. Changes to this privacy statement

The development of the Internet and our Internet offering may also have an impact on the handling of personal data. We therefore reserve the right to amend this privacy policy in the future within the framework of applicable data protection laws and, if necessary, to adapt it to changes in data processing. The current version of the privacy policy is always available under the “Data Protection” or “Privacy Policy” section.