Privacy policy
1) Information on the collection of personal data and contact details of the responsible person
1.1
We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. In this context, personal data is all data with which you can be personally identified.
1.2
The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (DSGVO) is MIYEN Design GmbH, Lucile-Grahn-Str. 48, 81675 Munich, Germany, Tel.: 12345678, e-mail: shop@miyen.de. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.
2) Data collection when visiting our website
When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
3) Hosting
Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by adequacy decision of the European Commission. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than the aforementioned of Shopify will only take place within the framework communicated below.
4) Cookies
In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable your browser to be recognized the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.
In some cases, cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping basket for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a DSGVO in the case of consent given or in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
Please note that you can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Please note that if you do not accept cookies, the functionality of our website may be limited
5) Contacting us
When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f DSGVO. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
6) Data processing when opening a customer account and for contract processing
Pursuant to Art. 6 para. 1 lit. b DSGVO, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We store and use the data provided by you for the purpose of processing the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved on our part.
7) Data processing for order handling
7.1
In order to process your order, we work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 Para. 1 lit. b DSGVO.
7.2
Use of special service providers for order processing and handling
- Billbee
Order processing is carried out by the service provider "Billbee" (Billbee GmbH, Paulinenstrasse 54, 32756 Detmold). Name, address and, if applicable, other personal data will be passed on to Billbee in accordance with Art. 6 Para. 1 lit. b DSGVO exclusively for the purpose of processing the online order. Your data will only be passed on to the extent that this is actually necessary for the processing of the order. Details of Billbee's data protection and its privacy policy can be viewed on Billbee's website at "billbee.io".
7.3
Use of payment service providers (payment services)
Amazon Pay
If you select the payment method "Amazon Pay", the payment will be processed via the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: "Amazon Payments"), to whom we will pass on the information you provided during the ordering process, together with information about your order, in accordance with Art. 6 (1) lit. b DSGVO. Your data will only be passed on for the purpose of payment processing with the payment service provider Amazon Payments and only insofar as it is necessary for this purpose. You can obtain further information on the data protection provisions of Amazon Payments at the following Internet address: https://pay.amazon.com/de/help/201751600
Apple Pay
If you opt for the "Apple Pay" payment method of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your end device operated with iOS, watchOS or macOS by charging a payment card deposited with "Apple Pay". Apple Pay uses security functions that are integrated into the hardware and software of your device to protect your transactions. In order to release a payment, you must enter a code previously defined by you and verify it using the "Face ID" or "Touch ID" function of your terminal device
For the purposes of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website from which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the success of the payment.
If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b DSGVO.
Apple keeps anonymized transaction data, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was completed successfully. Anonymization completely eliminates the possibility of any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on the iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and uncheck "Allow payments on Mac".
Further information on data protection with Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027
Google Pay
If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment will be processed via the "Google Pay" application of your mobile device running at least Android 4.4 ("KitKat") and equipped with an NFC function by charging a payment card deposited with Google Pay or a payment system verified there (e.g. PayPal). For the release of a payment via Google Pay in the amount of more than €25, the prior unlocking of your mobile end device by the respective verification measure set up (such as facial recognition, password, fingerprint or pattern) is required.
For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the source website, which is used to verify a payment that has been made. This transaction number does not contain any information about the real payment data of your payment means deposited with Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment deposited with Google Pay.
Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b DSGVO.
Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description for the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6(1)(f) DSGVO on the basis of the legitimate interest in proper billing, verification of transaction data and optimization and functional maintenance of the Google Pay service.
Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.
The Google Pay terms of use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection with Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
giropay
When paying via "giropay", payment is processed via giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, to whom we pass on the information you provided during the ordering process, along with information about your order. In accordance with Art. 6 Para. 1 lit. b DSGVO, your data will be passed on exclusively for the purpose of payment processing and only to the extent necessary for this purpose. You can obtain further information on the data protection provisions of giropay GmbH at the following Internet address: https://www.giropay.de/rechtliches/datenschutzerklaerung
Klarna
If you select a Klarna payment service, the payment will be processed via Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). In order to enable the processing of the payment, your personal data (first name and surname, street, house number, postcode, town, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, delivery type) will be passed on to Klarna for the purpose of checking your identity and creditworthiness, provided that you have expressly consented to this in accordance with Art. 6 Para. 1 lit. a DSGVO during the ordering process. You can find out which credit agencies your data may be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship.
You can withdraw your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data to the extent necessary to process payments in accordance with the contract.
Your personal data will be processed in accordance with the applicable data protection regulations and as specified in Klarna's data protection policy for data subjects located in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
handled.
Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 Para. 1 lit. b DSGVO and only insofar as this is necessary for the payment processing.
For the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process, together with information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b DSGVO. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. You can find more information on the data protection of Shopify Payments at the following Internet address: https://www.shopify.com/legal/privacy.
Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
8) Use of social media: Social plugins
Facebook plugins with Shariff solution
Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plugins, but only using an HTML link. This type of integration ensures that when you call up a page of our website that contains such buttons, no connection is yet established with Facebook's servers. When you click on the button, a new browser window opens and calls up the Facebook page where you can interact with the plugins there (if necessary after entering your login data).
For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook's privacy policy: https://www.facebook.com/policy.php.
9) Online-Marketing
Facebook Pixel for the creation of Custom Audiences (with Cookie Consent Tool)
Within our online offer, the so-called "Facebook Pixel" of the social network Facebook is used, which is operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook").
If a user clicks on an advertisement placed by us and played on Facebook, an addition is added to the URL of our linked page by Facebook Pixel. If our site allows data to be shared with Facebook via Pixel, this URL parameter is inscribed in the user's browser via a cookie that our linked site sets itself. This cookie is then read by Facebook Pixel and enables the data to be forwarded to Facebook.
With the help of the Facebook Pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. This allows us to further evaluate the effectiveness of the Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The data collected is anonymous for us, so it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). The data may enable Facebook and its partners to place advertisements on and outside of Facebook.
The data processing associated with the use of the Facebook Pixel is only carried out with your express consent in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. To exercise your revocation, remove the checkmark next to the setting for the "Facebook Pixel" in the "Cookie Consent Tool" integrated on the website.
10) Retargeting/ Remarketing/ Referral advertising
Google Ads Remarketing
Our website uses the Google Ads Remarketing function to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). For this purpose, Google sets a cookie in the browser of your terminal device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. The processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 para. 1 lit. f DSGVO.
Further data processing will only take place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalize the ads you see on the web. In this case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data in order to form target groups. In the context of the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. in the USA.
You can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the Google browser plug-in available at the following link:
https://www.google.com/settings/ads/onweb/
Further information and the privacy policy regarding advertising and Google can be found here:
https://www.google.com/policies/technologies/ads/
As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website or alternatively follow the option described above for making an objection.
Taboola
This website uses the retargeting technology of Taboola Inc, 16 Madison Square West 7th Floor, New York, NY 10010, USA ("Taboola"). This makes it possible to refer visitors to our website to further own or third-party content in the form of banners, based on their usage behaviour, which are likely to correspond to the respective user interest. This content is displayed on the basis of a cookie-based analysis of previous user behaviour, but no personal data is stored. For this interest-based content determination, a cookie is stored on your computer or mobile device in order to collect pseudonymized data about your surfing behaviour and thus adapt the content individually to the stored information.
Insofar as the collected and evaluated information has a personal reference, the processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in displaying personalized page content and in market research.
In order to generally deactivate the use of cookies on your end device, you can set your internet browser so that no more cookies can be stored on your end device in the future or so that cookies that have already been stored are deleted. Deactivating all cookies may mean that some functions on our Internet pages can no longer be carried out.
You can also permanently object to the setting of cookies for advertising preferences by Taboola by using the option of setting an opt-out cookie provided on the following linked page: https://www.taboola.com/privacy-policy#optout.
Further information on Taboola's data protection can be found here: https://www.taboola.com/privacy-policy
As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please follow the option described above for making an objection.
11) Tools and miscellaneous
DATEV
We use the cloud-based accounting software of DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg ("DATEV") to handle our accounting.
DATEV processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company in order to automatically record invoices, match them to the transactions and create the financial accounting from this in a semi-automated process.
If personal data is also processed in this process, the processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our legitimate interest in the efficient organisation and documentation of our business transactions.
For more information on DATEV, the automated processing of data and the data protection provisions, please visit https://www.datev.de/web/de/m/ueber-datev/datenschutz/.
12) Rights of the data subject
12.1
The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
- Right of access pursuant to Art. 15 DSGVO: In particular, you have the right to obtain information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the intended storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and the intended effects of such processing concerning you, as well as your right to be informed about which guarantees exist in accordance with Art. 46 DSGVO in case of transfer of your data to third countries;
- Right to rectification pursuant to Art. 16 of the GDPR: You have the right to have any inaccurate data relating to you rectified without delay and/or to have any incomplete data stored by us completed;
- Right to deletion pursuant to Art. 17 DSGVO: You have the right to demand the deletion of your personal data if the requirements of Art. 17 (1) DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
- Right to restriction of processing pursuant to Art. 18 of the GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified; if you refuse the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data; if you require your data for the assertion, exercise or defense of legal claims after we no longer need this data after the purpose has been achieved; or if you have lodged an objection for reasons relating to your particular situation as long as it has not yet been determined whether our legitimate grounds prevail;
- Right to information pursuant to Art. 19 DSGVO: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability pursuant to Art. 20 DSGVO: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
- Right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
- Right to lodge a complaint pursuant to Art. 77 GDPR: If you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
12.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
13) Duration of storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the processing purpose and - if relevant - additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a DSGVO, this data is stored until the data subject revokes his/her consent.
If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 Para. 1 lit. b DSGVO, this data will be routinely deleted after expiry of the retention periods, insofar as it is no longer required for the fulfilment of a contract or the initiation of a contract and/or there is no further justified interest on our part in continuing to store it.
When processing personal data on the basis of Art. 6(1)(f) DSGVO, such data shall be stored until the data subject exercises his/her right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6(1)(f) DSGVO, such data shall be stored until the data subject exercises his or her right to object pursuant to Art. 21(2) DSGVO.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
