Privacy Policy
General information
This privacy policy contains detailed information about what happens to your personal data when you visit our website www.biolitec.de.
Personal data is all data with which you can be personally identified.
When processing your data, we adhere strictly to the statutory provisions, in particular the General Data Protection Regulation (“GDPR”), and attach great importance to ensuring that your visit to our website is absolutely secure.
Responsible body
The controller responsible under data protection law for the collection and processing of personal data on this website is
Name: biolitec biomedical technology GmbH
Street, house number: Otto-Schott-Str. 15
Postal code, city: 07745 Jena
Country: Germany
E-mail: info@biolitec.de
Phone: +49 (0) 3641 519 53 0
Data Protection Officer
The internal data protection officer of the controller is
First name, last name: Regina Mörth
Street, house number: Otto-Schott-Str. 15
Postal code, city: 07745 Jena
Country: Germany
E-mail: regina.moerth@ceramoptec.com
Phone: 0228979670
Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
Access data (server log files)
When you visit our website, we automatically collect and store access data in so-called server log files, which your browser automatically transmits to us. These are
- Browser type and browser version of your PC
§ 1
Web analysis tools and advertising
- Operating system used by your PC
- Referrer URL (source/reference from which you came to our website)
- Host name of the accessing computer
- Date and time of the server request
- the IP address currently used by your PC (possibly in anonymized form)
As a rule, it is not possible for us to identify you personally, nor is this intended. The processing of such data is carried out in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interest in improving the stability and functionality of our website.
Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your end device. Cookies cannot execute programs or transmit viruses to your computer system.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy. Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
1.1 Google Analytics
Our website uses the web analysis service Google Analytics in the version Google Analytics 4.
The provider is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
(“Google”).
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable your use of our website to be analyzed. In Google Analytics, all data is collected from devices located in the EU (based on the geographical location according to the IP address) via domains and servers in the EU before the traffic is forwarded to Analytics servers for processing. The legal basis for the processing of your data is the consent you have given via the cookie consent tool in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
a) IP anonymization
With Google Analytics, the IP anonymization function is automatically activated on the website. As a result, your IP address will be truncated by Google within member states of the EU or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on our behalf to evaluate your use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. According to Google, no IP addresses are logged and stored in Google Analytics, but are only processed briefly for geo-localization and deleted immediately afterwards. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
b) Demographic characteristics with Google Analytics
Our website uses the “demographic features” function of Google Analytics.
This allows reports to be created that contain statements about the age, gender and interests of visitors to the site. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics - as described in the section “Objection to data collection”.
c) Google Signals
In connection with this website, the Google Signals service is also used as an extension of Google Analytics. With Google Signals, we can have Google create cross-device reports (so-called “cross-device tracking”). If you have activated “personalized ads” in your Google account settings and linked your Internet-enabled devices to your Google account, Google can analyze usage behavior across devices and create database models based on this if you have given your consent to the use of Google Analytics in accordance with Art. 6 Para. 1 lit. a GDPR. This takes into account the logins and device types of all website users who were logged into a Google account and carried out a conversion.
The data shows, among other things, on which device you clicked on an ad for the first time and on which device the relevant conversion took place. We do not receive any personal data from Google, but only statistics compiled on the basis of Google Signals. You have the option of deactivating the “personalized ads” function in the settings of your Google account and thus deactivating the cross-device analysis in connection with Google Signals. To do this, follow the instructions on this page: support.google.com/ads/answer/2662922.
Further information on Google Signals can be found at the following link: support.google.com/analytics/answer/7532985.
d) Order processing
We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
e) Storage duration
Data stored by Google at user and event level that is linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be deleted after 2 months. For details, please see the following link: support.google.com/analytics/answer/7667196.
f) Right of withdrawal
Many data processing operations are only possible with your express consent. If the processing of your data is based on your consent, you have the right to revoke your consent to the processing of data in accordance with Art. 7 para. 3 GDPR at any time with effect for the future by calling up the cookie settings and changing your selection there. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The storage of data for billing and accounting purposes remains unaffected by a revocation.
You can find more information on the handling of user data at Google Analytics in Google's privacy policy: support.google.com/analytics/answer/6004245.
Further information on data protection can be found in Google's privacy policy: policies.google.com/privacy
1.2 Google Tag Manager
Our website uses Google Tag Manager. The provider is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The tool that implements the tags is a cookie-less domain and does not store any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
1.3 Google Ads and Google conversion tracking
Our website uses Google Ads (formerly Google AdWords). Google Ads is an online advertising program from the provider Google.
Google Ads enables us to draw attention to our offers with the help of advertising material on external websites and to determine how successful individual advertising measures are. This helps us to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
As part of Google Ads, we use what is known as conversion tracking. The advertising material is delivered by Google via so-called “AdServers”. For this purpose, we use so-called AdServer cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify the user. These cookies enable Google to recognize your web browser. If you visit certain pages of our website when the cookie has not yet expired, Google and we can recognize that you have clicked on the specific ad and have been redirected to this page.
Each Google Ads customer receives a different cookie. The cookies can therefore not be tracked via the websites of Ads customers. The following information is usually stored as analysis values for the cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Ads customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking statistics.
The summary of the data collected in your Google account is based exclusively on your consent, which you can give or revoke at Google (Art. 6 para. 1 lit. a GDPR). For data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest arises from the fact that we have an interest in the anonymized analysis of visitors to our website for advertising purposes in order to optimize both our website and our advertising.
Further information and the data protection provisions can be found in Google's privacy policy at: policies.google.com/technologies/ads.
1.4 Google Remarketing
Our website uses the functions of Google Remarketing in conjunction with the cross-device functions of Google Ads and Google DoubleClick from the provider Google.
Google Remarketing analyzes your user behavior on our website in order to classify you into specific advertising target groups and then display suitable advertising messages to you when you visit other online offers (remarketing or retargeting).
The advertising target groups created with Google Remarketing can be linked to Google's cross-device functions so that interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device are also displayed on another of your devices. If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you sign in with your Google account.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device advertising.
You can permanently opt-out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account by following this link: www.google.com/settings/ads/onweb/.
The summary of the data collected in your Google account is based exclusively on your consent, which you can give or revoke at Google (Art. 6 para. 1 lit. a GDPR). For data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest arises from the fact that we have an interest in the anonymized analysis of visitors to our website for advertising purposes.
Further information and the data protection provisions can be found in Google's privacy policy at: policies.google.com/technologies/ads.
Social media
1.1 Facebook plugins (Like & Share button)
Plugins of the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our website (“Facebook”). You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our website. You can find an overview of the Facebook plugins here: developers.facebook.com/docs/plugins/.
In order to increase the protection of your data when you visit our website, the Facebook plugins are not integrated into the page without restrictions, but only using an HTML link (so-called “Shariff” solution from c't). This integration ensures that no connection to the Facebook servers is established when a page of our website containing such plugins is accessed. Only when you click on the Facebook button will a new browser window open and call up the Facebook page where you can click on the Like or Share button.
Information about the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights in this regard and settings options for protecting your privacy, can be found in Facebook's privacy policy at: de-de.facebook.com/privacy/explanation.
1.2 Instagram plugin
Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearance can be found here: blog.instagram.com/post/36222022872/introducing-instagrambadges
In order to increase the protection of your data when you visit our website, the Instagram plugins are not integrated into the page without restrictions, but only using an HTML link (so-called “Shariff” solution from c't). This integration ensures that no connection to the Instagram servers is established when a page of our website containing such plugins is accessed. Only when you click on the Instagram button will a new browser window open and call up the Instagram page.
Information about the purpose and scope of data collection and the further processing and use of data by Instagram as well as your rights in this regard and setting options for protecting your privacy can be found in Instagram's privacy policy at: instagram.com/about/legal/privacy/.
1.3 LinkedIn plugin
Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”).
In order to increase the protection of your data when you visit our website, the LinkedIn plugins are not integrated into the page without restrictions, but only using an HTML link (so-called “Shariff” solution from c't). This integration ensures that no connection to the LinkedIn servers is established when a page of our website containing such plugins is accessed. Only when you click on the LinkedIn button will a new browser window open and call up the LinkedIn page.
For information on the purpose and scope of data collection and the further processing and use of data by LinkedIn, as well as your rights in this regard and settings options for protecting your privacy, please refer to LinkedIn's privacy policy at: www.linkedin.com/legal/privacy-policy.
1.4 X (Twitter) plugin
Our website uses functions of the X (Twitter) service. The provider is X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103 USA (“X (Twitter)”).
In order to increase the protection of your data when you visit our website, the X (Twitter) plugins are not integrated into the page without restrictions, but only using an HTML link (so-called “Shariff” solution from c't). This integration ensures that no connection to the X (Twitter) servers is established when a page of our website containing such plugins is accessed. Only when you click on the X (Twitter) button will a new browser window open and call up the X (Twitter) page.
When you use X (Twitter) and the “Re-Tweet” function, websites you visit are linked to your X (Twitter) account and published in your X (Twitter) feed. This involves the transmission of data to X (Twitter). We have no knowledge of the content of the transmitted data or the use of this data by X (Twitter). Details can be found in the privacy policy of X (Twitter): twitter.com/privacy. You can change your data protection settings at X (Twitter): twitter.com/account/settings
For more information on the purpose and scope of data collection and the further processing and use of data by X (Twitter), as well as your rights in this regard and settings options for protecting your privacy, please refer to X (Twitter)'s privacy policy at: twitter.com/privacy.
1.5 YouTube plugin
Our website uses plugins from YouTube to integrate and display video content. The provider of the video portal is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”).
In order to increase the protection of your data when you visit our website, the YouTube plugins are not integrated into the page without restrictions, but only using an HTML link (so-called “Shariff” solution from c't). This integration ensures that no connection to the YouTube servers is established when a page of our website containing such plugins is accessed. Only when you click on the YouTube button will a new browser window open and call up the YouTube page on which you can click the Like button.
For information on the purpose and scope of data collection and the further processing and use of data by YouTube, as well as your rights in this regard and settings options to protect your privacy, please refer to YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.
Google Maps
Our website uses the Google Maps map service provided by Google via an API (Application Programming Interface).
To ensure data protection on our website, Google Maps is deactivated when you enter our website for the first time. A direct connection to Google's servers is only established when you activate Google Maps yourself (consent in accordance with Art. 6 para. 1 lit. a GDPR). This prevents your data from being transmitted to Google the first time you visit our website.
After activation, Google Maps will save your IP address. This is then usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer once Google Maps has been activated.
You can find more information on the handling of user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.
Newsletter
If you have expressly consented, we will regularly send our newsletter to your e-mail address. To receive our newsletter, you must provide us with your e-mail address and then verify it. Additional data is not collected or is voluntary. The data is used exclusively for sending the newsletter.
The data provided when registering for the newsletter will be processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time. To withdraw your consent, simply send us an informal email or unsubscribe via the “Unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
Data entered to set up the subscription will be deleted if you unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.
Sending newsletters with CleverReach
We use CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. This service enables us to organize and analyze the sending of newsletters. The data you enter to receive the newsletter, such as your email address, is stored on CleverReach's servers.
The servers are located in Germany and Ireland.
Sending newsletters with CleverReach allows us to analyze the behavior of newsletter recipients. The analysis shows, among other things, how many recipients have opened our newsletter and how often links in the newsletter were clicked.
CleverReach supports conversion tracking in order to analyze whether a previously defined action, such as a product purchase, has taken place after clicking on a link. Details on data analysis by CleverReach can be found at: www.cleverreach.com/de/funktionen/reporting-und-tracking/.
Data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. If you do not wish to be analyzed by CleverReach, you must unsubscribe from the newsletter. To unsubscribe, simply send us an informal email or unsubscribe via the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Data entered to set up the subscription will be deleted from our servers and the CleverReach servers if you unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.
You can find details on CleverReach's data protection provisions at: www.cleverreach.com/de/datenschutz/.
We have concluded an order processing contract with CleverReach to ensure full compliance with the statutory data protection requirements.
Contact form
If you contact us by e-mail or via a contact form, the data transmitted, including your contact details, will be stored in order to process your request or to be available for follow-up questions. This data will not be passed on without your consent.
The data entered in the contact form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. An informal notification by e-mail is sufficient for revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you ask us to delete it, revoke your consent to storage or there is no longer any need to store the data. Mandatory statutory provisions - in particular retention periods - remain unaffected.
Data use and disclosure
We will not sell or otherwise market the personal data that you provide to us, e.g. by e-mail (e.g. your name and address or your e-mail address), to third parties. Your personal data will only be processed for correspondence with you and only for the purpose for which you have provided us with the data. In order to process payments, we pass on your payment data to the credit institution commissioned with the payment.
Data that is automatically collected when you visit our website is only used for the aforementioned purposes. The data will not be used for any other purpose.
We assure you that we will not pass on your personal data to third parties unless we are legally obliged to do so or you have given us your prior consent.
SSL or TLS encryption
Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
§ 2
Storage period
This data will not be passed on without your consent.
The data entered in the contact form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. An informal notification by e-mail is sufficient for revocation.
The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you ask us to delete it, revoke your consent to storage or there is no longer any need to store the data. Mandatory statutory provisions - in particular retention periods - remain unaffected.
Personal data provided to us via our website will only be stored until the purpose for which it was entrusted to us has been fulfilled. Insofar as retention periods under commercial and tax law must be observed, the storage period for certain data may be up to 10 years.
§ 3
Rights of data subjects
As a data subject, you have the following rights vis-à-vis the controller with regard to the personal data concerning you in accordance with the statutory provisions:
3.1 Right of revocation
Many data processing operations are only possible with your express consent.
If the processing of your data is based on your consent, you have the right to revoke your consent to the processing of data at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The storage of data for billing and accounting purposes remains unaffected by a revocation.
3.2 Right to information
In accordance with Art. 15 GDPR, you have the right to request confirmation from us as to whether we are processing personal data concerning you. If such processing is taking place, you have the right to information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or criteria for determining the storage period. the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries.
3.3 Right to rectification
In accordance with Art. 16 GDPR, you have the right to request the immediate rectification of inaccurate personal data concerning you and/or the completion of your incomplete data at any time.
3.4 Right to erasure
You have the right to request the erasure of your personal data in accordance with Art. 17 GDPR if one of the following reasons applies
a) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
b) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
c) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
d) The personal data was processed unlawfully.
e) The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member State to which we are subject.
f) The personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
However, this right does not exist insofar as the processing is necessary
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
c) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right of the data subject is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the establishment, exercise or defense of legal claims.
If we have made your personal data public and we are obliged to delete it in accordance with the above, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested them to delete all links to your personal data or copies or replications of this personal data.
3.5 Right to restriction of processing
You have the right to request the restriction of processing (blocking) of your personal data in accordance with Art. 18 GDPR. To do so, you can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases
a) If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
b) If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
c) If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
d) If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or a Member State.
3.6 Right to information
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. In accordance with Art. 19 GDPR, you have the right to be informed about these recipients upon request.
3.7 Right not to be subject to a decision based solely on automated processing, including profiling
In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This does not apply if the decision
a) is necessary for the conclusion or performance of a contract between you and us
b) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) with your express consent.
However, the decisions in the cases referred to in (a) to (c) may not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (a) and (c), we will implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
3.8 Right to data portability
If the processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and is carried out using automated procedures, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format and to transmit it to another person responsible or to request that it be transmitted to another person responsible, insofar as this is technically feasible, in accordance with Art. 20 GDPR.
3.9 Right to object
Insofar as we base the processing of your personal data on the balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on this provision. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR).
If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).
You have the option of exercising your right to object in connection with the use of information society services - notwithstanding Directive 2002/58/EC - by means of automated procedures using technical specifications.
3.10 Right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR
In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
The supervisory authority responsible for us is
Thuringian State Commissioner for Data Protection and Freedom of Information
P.O. Box 90 04 55
99107 Erfurt
Häßlerstraße 8
99096 Erfurt
Telephone: 03 61/57 311 29 00
E-mail: poststelle@datenschutz.thueringen.de
Internet: www.tlfdi.de
Validity and amendment of this privacy policy
This privacy policy is valid from May 10, 2024. We reserve the right to amend this privacy policy at any time in compliance with the applicable data protection regulations. This may be necessary, for example, to comply with new legal provisions or to take account of changes to our website or new services on our website. The version available at the time of your visit applies.
If this Privacy Policy is amended, we intend to post changes to our Privacy Policy on this page so that you are fully informed about what personal information we collect, how we process it and under what circumstances it may be disclosed.
©2002-2024 LEGAL DOCUMENTS (Sequiter Inc.)