Privacy

Privacy Policy

I. Name and address of the controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States, as well as other data protection provisions, is:

WEICON GmbH & Co. KG
Königsberger Straße 255
48157 Münster
Tel: +49 251 9322 0
Email: info@weicon.de
Website: www.weicon.com

II. Name and address of the Data Protection Officer

The data protection officer for the data controller is:

Solicitor Nienhaus
Philipp-Reis-Straße 4
46397 Bocholt
Email: info@nienhaus-rechtsanwaelte.de

III. General information on data processing

1. Scope of the processing of personal data

As a rule, we only process personal data to the extent necessary to provide a functional website and our content and services. The processing of personal data takes place only with the user’s consent or in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Where we obtain consent from the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for taking pre-contractual measures.

Where processing personal data is necessary to comply with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, rights and freedoms of the data subject do not override that interest, Article 6(1)(f) GDPR serves as the legal basis for processing.

3. Data erasure and retention period

The personal data of the data subject will be deleted or blocked as soon as the purpose for storage no longer applies. Storage may also continue if required by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Blocking or deletion of the data will also occur when a statutory retention period expires, unless continued storage of the data is necessary for the conclusion or performance of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data is collected in this process:

1.1. Browser type and version

1.2. The operating system used

1.3. The user’s internet service provider

1.4. IP address

1.5. Date and time of access

1.6. Websites from which the user’s system accesses this website

1.7. Websites accessed by the user’s system via our website

The data is also stored in our system’s log files. This data is not stored together with other user data.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Article 6(1)(f) of the GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of our information technology systems. The data are not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing under Article 6(1)(f) GDPR.

4. Retention period

The data will be deleted as soon as they are no longer required for the purpose for which they were collected. In the case of data collected to provide the website, this applies when the respective session has ended.

Data stored in log files will be deleted after a maximum of seven days. Further storage is possible; in this case, the users’ IP addresses will be deleted or anonymised so that it is no longer possible to identify the client that accessed the website.

5. Right to object and right to erasure

The collection of data for the provision of the website and the storage of data in log files is strictly necessary for the operation of the website. Therefore, the user has no right to object in this context.

V. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the web browser or by the web browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive string of characters that enables the browser to be uniquely identified when the website is visited again.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser accessing the site can be identified even after a page change. This includes, for example, login details for restricted areas of our website that require authentication.

In addition, we use cookies on our website that enable an analysis of users’ browsing behaviour. When accessing our website, the user is informed about the use of cookies and their consent to the processing of personal data used in this context is obtained. In this connection, reference is also made to this privacy policy.

2. Legal basis for data processing

The legal basis for the processing of personal data is Article 6(1)(c), Article 6(1)(a) and Article 6(1)(f) of the GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to make it easier for users to use websites. Without the use of cookies, not all functions can be provided. The data collected through technically non-necessary cookies is used for the purpose of improving the quality of our website and its content. This enables us to understand how the website is used and to continuously optimise our offering.

These purposes also constitute our legitimate interest in the processing of personal data pursuant to Article 6(1)(f) GDPR.

4. Retention period, right to object and right to erasure

Cookies are stored on the user’s computer and transmitted to our website by the user. Users therefore have full control over the use of cookies. By changing the settings in their web browser, users can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all the website’s functions to their full extent.

The transmission of Flash cookies cannot be prevented via the browser settings, but can be disabled by changing the settings in the Flash Player.

VI. Newsletter

1. Description and scope of data processing

On our website, you can subscribe to a free newsletter. When you register, the data entered in the form is transmitted to us; this includes at least the following details:

1.1. Title

1.2. Name

1.3. Company

1.4. Postcode

1.5. Town

1.6. Country

1.7. Email address

The following data is also stored at the time the message is sent:

1.8. User’s IP address

1.9. Date and time of registration

The user’s consent to the processing is obtained during the registration process, and reference is made to this privacy policy, which also sets out the specific consent wording below.

No data is disclosed to third parties in connection with the processing of data for the purpose of sending newsletters. The data is used exclusively for the purpose of sending the newsletter.

2. Legal basis for data processing

The legal basis for the processing of personal data following registration for the newsletter is Article 6(1)(a) of the GDPR.

3. Purpose of data processing

The collection of the user’s data serves the purpose of delivering the newsletter. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Retention period

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user’s email address will therefore be stored for as long as the newsletter subscription remains active.

5. Right to object and right to erasure

The user concerned may cancel their subscription to the newsletter at any time. A link for this purpose is provided in every newsletter.

This also allows the user to withdraw their consent to the storage of the personal data collected during the registration process.

VII. Contact form and email contact

1. Description and scope of data processing

Where contact forms are available on our website for electronic communication and a user makes use of this option, the data entered in the form is transmitted to us and stored. Depending on the form selected, this data generally includes:

1.1. Surname

1.2. First name

1.3. Title

1.4. Company

1.5. Postcode

1.6. Town

1.7. Address

1.8. Telephone

1.9. Fax

1.10. Email address

The following data is also stored at the time the message is sent:

1.11. User’s IP address

1.12. Date and time of registration

The user’s consent to the processing is obtained during the registration process, and reference is made to this privacy policy, which also sets out the specific consent wording below.

Alternatively, it is possible to make contact via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

In this context, no data will be passed on to third parties. The data will be used exclusively for the purpose of processing the correspondence.

2. Legal basis for data processing

The legal basis for processing the data is Article 6(1)(a) of the GDPR, provided the user has given their consent.

The legal basis for processing data transmitted when sending an email is Article 6(1)(f) of the GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR.

3. Purpose of data processing

We process the personal data provided via the contact form solely for the purpose of handling your enquiry. Where contact is made via email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Retention period

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data entered via the contact form and that sent by email, this is the case once the relevant conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively resolved.

The personal data additionally collected during the submission process will be deleted after a period of seven days at the latest.

5. Right to object and right to erasure

The user may withdraw their consent to the processing of their personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such cases, the conversation cannot be continued.

Withdrawal of consent and objection to storage may be made verbally, in writing or by email.

In this case, all personal data stored in the course of the contact will be deleted.

VIII. Order placed by a consumer

1. Description and scope of data processing

On our website, we offer users the opportunity to order goods. The data is entered into a form, transmitted to us and stored.

The following data can be entered:

1.1. Title

1.2. First name

1.3. Surname

1.4. Address

1.5. Postcode

1.6. Town

1.7. Country

1.8. Email address

1.9. Delivery address

1.10. Billing address

The following data is also stored at the time the message is sent:

1.11. User’s IP address

1.12. Date and time of the order:

The user’s consent to the processing is obtained during the registration process, and reference is made to this privacy policy, which also sets out the specific consent wording below.

2. Legal basis for data processing

Where the user has given their consent, the legal basis for the processing of the data is Article 6(1)(a) of the GDPR.

Where the registration is required for the performance of a contract to which the user is a party or for the implementation of pre-contractual measures, Article 6(1)(b) GDPR constitutes an additional legal basis for the processing of the data.

3. Purpose of data processing

The purpose is to process the order.

4. Retention period

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

This applies to data collected during the ordering process for the purpose of fulfilling a contract or taking pre-contractual measures, once the data is no longer required for the performance of the contract. Even after the contract has been concluded, it may still be necessary to store the contractual partner’s personal data in order to comply with contractual or legal obligations.

5. Right to object and right to erasure

Users may cancel their order at any time. Any personal data stored about a user may be amended at any time upon request.

To do so, you can contact us by email, telephone or in writing.

However, if the data is necessary for the performance of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible provided that no contractual or legal obligations prevent such deletion.

IX. Google Analytics

We use Google Analytics on our website.

1. Category of data subjects

Website visitors

2. Data category

Usage data (e.g. browsing history on our website, use of specific content, access times, contact or order history)

Connection data (e.g. device information, IP addresses, URL referrers, online identifiers including cookie identifiers)

3. Purpose of data processing

Statistical analysis, optimisation and customisation of our website based on your click and usage behaviour.

4. Legal basis

The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR.

5. Data erasure and retention period

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected or, in the case of consent, upon withdrawal of consent.

6. Recipients of data

Google Analytics is a service provided by Google Ireland Limited (“Google”), Gordan House, Barrow Street, Dublin 4, Ireland. We have entered into a data processing agreement with this IT service provider.

7. Intended transfer to third countries

It cannot be ruled out that the information may be transferred to a server in a third country. In the event of such a transfer, it will be based on standard data protection clauses and adequacy decisions.

8. Right to object and right to erasure

Consent may be withdrawn at any time.

X. Google Fonts

We use Google Fonts on our website.

1. Category of data subjects

Website visitors

2. Data category

Connection data (e.g. device information, IP addresses, URL referrers, online identifiers including cookie identifiers)

3. Purpose of data processing

Google Web Fonts are used to ensure a consistent and attractive presentation of our online services.

4. Legal basis

The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR.

5. Data erasure and retention period

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected or, in the case of consent, upon withdrawal of consent.

6. Recipients of data

Google Fonts is a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We have entered into a data processing agreement with this IT service provider.

7. Intended transfer to third countries

8. Right to object and right to erasure

Consent may be withdrawn at any time.

XI. Google Maps

We use Google Maps on our website.

1. Category of data subjects

Website visitors

2. Data category

Usage data (e.g. browsing history on our website, use of specific content, access times, contact or order history)

Connection data (e.g. device information, IP addresses, URL referrers, online identifiers including cookie identifiers)

Location data (e.g. GPS data, IP geolocation, access points)

3. Purpose of data processing

Integration of interactive maps and the map function of Google Maps.

4. Legal basis

The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR.

5. Data erasure and retention period

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected or, in the case of consent, upon withdrawal of consent.

6. Recipients of data

Google Maps is a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We have entered into a data processing agreement with this IT service provider.

7. Intended transfer to third countries

8. Right to object and right to erasure

Consent may be withdrawn at any time.

XII. YouTube

1. Description and scope of data processing

We use components (videos) provided by YouTube, LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter: “YouTube”), a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). In doing so, we use the “enhanced privacy mode” option provided by YouTube. When the user accesses a page containing an embedded video, a connection is established with the YouTube servers and the content is displayed on the website via a notification to their browser.

According to YouTube, in “enhanced privacy mode,” the user’s data – in particular information about which of our web pages the user has visited and device-specific information, including the IP address – is only transmitted to the YouTube server in the USA if the user plays the video. By clicking on the video, the user consents to this transmission. If the user is simultaneously logged in to YouTube, this information will be associated with their YouTube account. The user can prevent this by logging out of their account before visiting our website.

2. Legal basis for the processing of personal data

The legal basis for the processing of personal data is Article 6(1)(f) and Article 6(1)(a) of the EU GDPR.

3. Purpose of data processing

Our purpose is to embed videos on our website. These purposes also constitute our legitimate interest in processing the data in accordance with Article 6(1)(f) of the GDPR.

4. Retention period

We do not know how long Google stores the data. Further information on data protection in connection with YouTube can be found in Google’s privacy policy.

5. Right to object and right to erasure

If users do not agree to their data being transmitted to Google when using YouTube, they have the option of not using Google’s web service.

XIII. Operation of a Facebook page

We operate a page for our company on the Facebook platform.

1. Category of data subjects

Website visitors

2. Data category

Personal details (e.g. names, addresses, dates of birth)

Contact details (e.g. email addresses, telephone numbers, messaging services)

Content data (e.g. text entries, photographs, videos, contents of documents/files)

Usage data (e.g. browsing history on our website, use of specific content, access times, contact or order history)

Connection data (e.g. device information, IP addresses, URL referrers, online identifiers including cookie identifiers)

Location data (e.g. GPS data, IP geolocation, access points)

3. Purpose of data processing

By operating this website, our aim is to present our company, provide information about offers and events, and communicate with partners and interested parties.

4. Legal basis

The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR.

5. Data erasure and retention period

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected or, in the case of consent, upon withdrawal of consent.

6. Recipients of data

Facebook is a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have entered into a data processing agreement with this IT service provider.

7. Intended transfer to third countries

8. Right to object and right to erasure

Consent may be withdrawn at any time.

XIV. Operation of an Instagram page

We operate a page about our company on the Instagram platform.

1. Category of data subjects

Website visitors

2. Data category

Personal details (e.g. names, addresses, dates of birth)

Contact details (e.g. email addresses, telephone numbers, messaging services)

Content data (e.g. text entries, photographs, videos, contents of documents/files)

Usage data (e.g. browsing history on our website, use of specific content, access times, contact or order history)

Connection data (e.g. device information, IP addresses, URL referrers, online identifiers including cookie identifiers)

Location data (e.g. GPS data, IP geolocation, access points)

3. Purpose of data processing

By operating this website, our aim is to present our company, provide information about offers and events, and communicate with partners and interested parties.

4. Legal basis

The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR.

5. Data erasure and retention period

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected or, in the case of consent, upon withdrawal of consent.

6. Recipients of data

Instagram is a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have entered into a data processing agreement with this IT service provider.

7. Intended transfer to third countries

8. Right to object and right to erasure

Consent may be withdrawn at any time.

XV. Operation of a LinkedIn page

We operate a page for our company on the LinkedIn platform.

1. Category of data subjects

Website visitors

2. Data category

Personal details (e.g. names, addresses, dates of birth)

Contact details (e.g. email addresses, telephone numbers, messaging services)

Content data (e.g. text entries, photographs, videos, contents of documents/files)

Usage data (e.g. browsing history on our website, use of specific content, access times, contact or order history)

Connection data (e.g. device information, IP addresses, URL referrers, online identifiers including cookie identifiers)

Location data (e.g. GPS data, IP geolocation, access points)

3. Purpose of data processing

By operating this website, our aim is to present our company, provide information about offers and events, and communicate with partners and interested parties.

4. Legal basis

The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR.

5. Data erasure and retention period

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected or, in the case of consent, upon withdrawal of consent.

6. Recipients of data

LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We have entered into a data processing agreement with this IT service provider.

7. Intended transfer to third countries

8. Right to object and right to erasure

Consent may be withdrawn at any time.

XVI. Operation of a YouTube page

We operate a page about our company on the YouTube platform.

1. Category of data subjects

Website visitors

2. Data category

Personal details (e.g. names, addresses, dates of birth)

Contact details (e.g. email addresses, telephone numbers, messaging services)

Content data (e.g. text entries, photographs, videos, the content of documents/files)

Usage data (e.g. browsing history on our website, use of specific content, access times, contact or order history)

Connection data (e.g. device information, IP addresses, URL referrers, online identifiers including cookie identifiers)

Location data (e.g. GPS data, IP geolocation, access points)

3. Purpose of data processing

By operating this website, our aim is to present our company, provide information about offers and events, and communicate with partners and interested parties.

4. Legal basis

The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR.

5. Data erasure and retention period

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected or, in the case of consent, upon withdrawal of consent.

6. Recipients of data

YouTube is a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We have entered into a data processing agreement with this IT service provider.

7. Intended transfer to third countries

8. Right to object and right to erasure

Consent may be withdrawn at any time.

XVII. Rights of data subjects

Where personal data of users is processed, they are data subjects within the meaning of the GDPR and are entitled to the following rights vis-à-vis the controller; the list below covers all their rights, not just those arising from the use of our services:

1. Right of access

Users may request from the controllers confirmation as to whether personal data concerning them is being processed by us.

If such processing is taking place, users may request information from the controller regarding the following:

1.1. the purposes for which the personal data is processed;

1.2. the categories of personal data being processed;

1.3. the recipients or categories of recipients to whom the personal data concerning them have been or will be disclosed;

1.4. the envisaged period for which the personal data relating to them will be stored, or, if this is not possible, the criteria used to determine that period;

1.5. the existence of a right to rectification or erasure of the personal data concerning them, a right to restriction of processing by the controller or a right to object to such processing;

1.6. the existence of a right to lodge a complaint with a supervisory authority;

1.7. any available information as to the source of the data, where the personal data are not collected from the data subject;

1.8. the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and – at least in such cases – meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for the data subject.

Users have the right to request information as to whether personal data concerning them is transferred to a third country or to an international organisation. In this context, they may request to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

2. Right to rectification

Users have the right to request that the controller rectify and/or complete their personal data if the personal data being processed concerning them is inaccurate or incomplete. The controller must rectify the data without delay.

3. Right to restriction of processing

Under the following conditions, users may request the restriction of the processing of personal data concerning them:

3.1. where users contest the accuracy of the personal data concerning them for a period enabling the controller to verify the accuracy of the personal data;

3.2. the processing is unlawful and the user objects to the erasure of the personal data and requests the restriction of the use of the personal data instead;

3.3. the controller no longer needs the personal data for the purposes of the processing, but the user needs it to establish, exercise or defend legal claims, or

3.4. where users have objected to the processing in accordance with Article 21(1) of the GDPR and it has not yet been determined whether the legitimate grounds of the controller override their grounds.

Where the processing of personal data relating to the user has been restricted, such data – apart from storage – may be processed only with the user’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.

If processing has been restricted in accordance with the above conditions, the controller will inform users before the restriction is lifted.

4. Right to erasure

4.1. Obligation to erase

Users may request that the controller erase personal data concerning them without delay, and the controller is obliged to erase such data without delay if any of the following grounds apply:

4.1.1. The personal data relating to the user is no longer necessary for the purposes for which it was collected or otherwise processed.

4.1.2. Users withdraw their consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.

4.1.3. Users object to the processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or they object to the processing in accordance with Article 21(2) of the GDPR.

4.1.4. The personal data relating to the user has been unlawfully processed.

4.1.5. The erasure of the personal data relating to the user is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.

4.1.6. The personal data relating to the user was collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

4.2. Information to third parties

Where the controller has made personal data concerning the user public and is obliged pursuant to Article 17(1) GDPR to erase it, the controller shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure of all links to, or copies or replications of, that personal data.

4.3. Exceptions

The right to erasure does not apply where processing is necessary

4.3.1. for the exercise of the right to freedom of expression and information;

4.3.2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

4.3.3. for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

4.3.4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, in so far as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or

4.3.5. for the establishment, exercise or defence of legal claims.

5. Right to information

Where users have exercised their right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data relating to the users has been disclosed of such rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.

Users have the right to be informed by the controller of these recipients.

6. Right to data portability

Users have the right to receive the personal data concerning them, which they have provided to the controller, in a structured, commonly used and machine-readable format. Furthermore, users have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

6.1. the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and

6.2. the processing is carried out by automated means.

In exercising this right, users also have the right to have their personal data transferred directly from one controller to another, provided this is technically feasible. This must not infringe upon the freedoms and rights of other individuals.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

Users have the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data relating to the user unless it can demonstrate compelling legitimate grounds for the processing which override the user’s interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

Where personal data relating to users is processed for the purposes of direct marketing, users have the right to object at any time to the processing of their personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.

Where users object to processing for the purposes of direct marketing, the personal data concerned shall no longer be processed for those purposes.

Users have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise their right to object by means of automated procedures using technical specifications.

8. Right to withdraw consent under data protection law

Users have the right to withdraw their consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of that consent prior to its withdrawal.

9. Automated decision-making in individual cases, including profiling

Users have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision

9.1. is necessary for the conclusion or performance of a contract between them and the controller,

9.2. is permitted under Union or Member State law to which the controller is subject, and that law provides for appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests; or

9.3. is based on their explicit consent.

However, such decisions may not be based on special categories of personal data as referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to safeguard their rights and freedoms and their legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, users have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place where the alleged infringement occurred, if they consider that the processing of personal data relating to them infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

XVIII. Consents (consent texts)

1. Contact form

I agree that the data I have entered in the form may be processed for the purpose of responding to my enquiry, whereby processing in accordance with Article 4 No. 2 GDPR means any operation or set of operations carried out on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Newsletter

I agree that the data I have entered in the form may be processed for the purpose of sending a newsletter, whereby processing in accordance with Article 4 No. 2 GDPR means any operation or set of operations carried out on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Order

I agree that the data I have entered in the form may be processed for the purpose of carrying out an order, whereby processing in accordance with Article 4 No. 2 GDPR means any operation or set of operations carried out on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Privacy Policy

Yummy cookies!