PRIVACY POLICY

All personal information will be handled confidentially. Our data protection practice is in accordance with the Federal Data Protection Act and the General Data Protection Regulation (GDPR). Below we inform you about the details of privacy:

RESPONSIBLE WITHIN THE MEANING OF THE GDPR AND THE BDSG babymarkt.de GmbH
Wulfshofstraße 22, 44149 Dortmund
Tel.: 0231/53471108
Fax: 0231/53471110
E-Mail:info@babymarkt.de

DATA PROTECTION OFFICER The Data Protection Officer can be reached at: E-Mail:datenschutz@babymarkt.de

1. THE REASONS OF DATA COLLECTION

We collect and process your information to provide our website and to provide you with the best possible service through convenient access to our services.

2. WHICH DATA WILL BE COLLECTED, PROCESSED OR UTILIZED?

2.1 VISITING OUR WEBSITE

When you access our website, our servers automatically collect information of a general nature, especially for the purposes of connection setup, functionality and system security. This includes the type of browser used, the operating system used, the domain name of the Internet service provider, the connection data of the computer used (IP address), the website from which you visit us (referrer URL), the pages you visit on our website and the date and duration of the visit. Conclusions from this data on certain persons are not possible for us due to a pseudonymization.

2.2 CONTACT FORM

If you contact us via a contact form, personal data will be collected. Which data are collected in each case can be found in the contact form. The data will be stored for the purpose of processing your request. Mandatory information is indicated by an asterisk (*). All other details are optional. We delete the data we recieved from the contact form after the storage is no longer required, or restrict the processing if there are statutory retention requirements. Legal basis for processing your personal information is Art. 6 para. 1 lit. b) GDPR when it comes to contacting us in the context of a contract. Incidentally, it is our legitimate interest to answer your inquiries, so in this case Art. 6 para. 1 lit. f) GDPR is the legal basis.

2.3 NEWSLETTER- SIGN UP

With your consent, you can subscribe to our free e-mail newsletter, which will inform you about current interesting offers. To register for the newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data. The only requirement for sending the newsletter is your e-mail address. All other details are optional. After your confirmation, we will store your data for the purpose of sending you the newsletter. You can unsubscribe from the newsletter at any time by notifying the person responsible, see at the beginning of our data protection instructions, e.g. by e-mail toinfo@baby-markt.com. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR.

2.4 SENDING OUR E-MAIL NEWSLETTERS TO OUR CUSTOMERS

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services as those already purchased from our product range by e-mail. In accordance with § 7 (3) UWG, no separate consent from you is required. The data processing is based on our legitimate interest in the transmission of personalized direct mail in accordance with Art. 6 para. 1 lit. f) GDPR. However, if you have initially objected to the use of your e-mail address for this aforementioned purpose, we will of course not send you any e-mails. Even if you have not initially objected, you are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the person responsible (cf. beginning of our Privacy Policy). Only the transmission costs according to the basic tariffs will be charged. Upon receipt of your objection, the use of your e-mail address for advertising purposes will be discontinued immediately.

2.5 DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT/REGISTRATION

We collect and process personal data if you provide us with this data when executing a contract or opening a customer account. The legal basis is Art. 6 para. 1 lit. b) GDPR. Which data is collected can be taken from the respective input forms. The deletion of your customer account is possible at any time and can be done by sending a message to the contact address of the responsible person. We store and use the data provided by you for contract processing between you and us. After complete processing of the contract or deletion of your customer account, your data will be blocked in consideration of tax and commercial retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by our site, about which we inform you in this data protection policy.

2.6 DATA PROCESSING FOR GUEST ORDERS

You can place your order without registering a customer account. Here too, personal data are collected and processed in accordance with Art. 6 para. 1 lit. b GDPR. Which data are collected and processed can be seen from the respective input forms. We store and use the data provided by you within the scope of the guest order for contract processing. After complete processing of the contract your data will be blocked in consideration of tax and commercial retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us, about which we inform you within the scope of this data protection policy.

2.7 DATA PROCESSING FOR THE HANDLING OF THE ORDER - DATA TRANSFER TO THIRD PARTIES DATA TRANSFER TO SHIPPING SERVICE PROVIDERS

The personal data collected by us will be passed on to the transport company commissioned with the delivery (e.g. DHL-Deutsche Post AG, GLS-General Logistics Systems Germany GmbH & Co. OHG) within the scope of contract processing, insofar as this is necessary for the delivery of the goods. For the purpose of arranging the delivery date for forwarding goods, we will also provide the carrier with your telephone number. The legal basis for the transfer of the data is Art. 6 para. 1 lit. b) and f) GDPR.

<4>DATA TRANSFER TO PAYMENT SERVICE PROVIDERS AND CREDIT ASSESSMENT
PayPal

We have integrated PayPal components on our website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal's European operating company is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If the person concerned selects "PayPal" as a payment option in our online shop during the order process, the data of the person concerned are automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing. The personal data transmitted to PayPal is usually the first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data in connection with the respective order are also necessary for the processing of the purchase contract.The purpose of data transmission is to process payments and prevent fraud. The person responsible for the processing will provide PayPal with personal data in particular if there is a legitimate interest in the transmission. Personal data exchanged between PayPal and the person responsible for processing may be transferred by PayPal to credit agencies. The purpose of this transmission is to verify identity and creditworthiness.PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal. The person concerned has the option to revoke his/her consent to the handling of personal data with PayPal at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing. PayPal's current privacy policy can be found athttps://www.paypal.com/de/webapps/mpp/ua/privacy-full.

3. INTEGRATION OF YOUTUBE VIDEOS

We have integrated YouTube videos into our online offering, which are stored onhttp://www.YouTube.com and can be played directly from our website. These are all integrated in the "extended data protection mode", i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos, the following data will be transmitted. We have no influence on this data transmission. By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. The IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, data volume transmitted in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software are transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:https://www.google.de/intl/de/policies/privacy.. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield,https://www.privacyshield.gov/EU-US-Framework. The legal basis for processing is Art. 6 para. 1 lit. f) GDPR.

4. INTEGRATION OF GOOGLE MAPS

On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, data volume transmitted in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software are transmitted. This is regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. For more information about the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information about your rights in this regard and setting options for the protection of your privacy:http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield,https://www.privacyshield.gov/EU-US-Framework. The legal basis for processing is Art. 6 para. 1 lit. f) GDPR.

5. COMPETITIONS

From time to time you have the opportunity to take part in competitions on our website. Within the scope of these competitions, personal data (e-mail address, name, address and, if applicable, other data necessary for the competition) may also be collected and stored for the purpose of handling the competition. The personal information you provide to us will only be used for the purposes of the competition (e.g. to determine the prize, notify you of the prize and hand over the prize). Within the scope of the competition, we will inform the participant specifically about data processing on the occasion of the concrete competition. After the end of our competitions the data of the participants will be deleted.

6. DELETION

Personal data will be deleted or blocked as soon as the purpose of storage ceases to apply or you request deletion. The data will also be deleted if a storage period prescribed by the aforementioned standard expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract or you have given your consent to this.

7. COOKIES

Cookies are used to make the use of the websites and the preferences of website visitors attractive. For example, this saves your entries for the selection of a language. Cookies are text files that are created on your hard drive to enable the identification of the browser when you visit the website again. You can prevent cookies from being stored on your hard drive by making the appropriate browser settings. Cookies that have already been set can be deleted at any time. For information on how to delete cookies or prevent them from being saved, please refer to the respective browser instructions. If you do not accept cookies, this can lead to an impairment of the use of our Internet offer. The legal basis for the processing of cookies is Art. 6 para. 1 lit. f) GDPR.

8. DATA SECURITY

We protect our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Depending on the browser used, data is transmitted using 128-bit to 256-bit SSL encryption. Despite regular controls and constant improvement of our safety measures, complete protection against all dangers is not possible.

9. FACEBOOK CUSTOM AUDIENCE VIA THE PIXEL METHOD

This website uses the "Facebook Pixel" of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). If explicit consent is given, users' behaviour can be tracked after they have seen or clicked on a Facebook advertisement. This process is designed to evaluate the effectiveness of Facebook ads for statistical and market research purposes and may help to optimize future advertising measures. The data collected is anonymous to us, so it does not give us any indication of the identity of the users. However, Facebook stores and processes the data so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Use Policy (https://www.facebook.com/about/privacy/). You can enable Facebook and its partners to serve ads on and off Facebook. A cookie may also be stored on your computer for these purposes. These processing operations take place exclusively with the granting of express consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent to the use of the Facebook pixel may only be given by users who are older than 13 years of age. If you are younger, please ask your legal guardian for permission. Facebook Inc., based in the USA, is certified for the us-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level that applies in the EU. In order to deactivate the use of cookies on your computer, you can set your Internet browser so that cookies can no longer be stored on your computer in the future or cookies that have already been stored are deleted. However, deactivating all cookies may mean that some functions on our Internet pages can no longer be executed. You can also disable the use of cookies by third parties such as Facebook on the following Digital Advertising Alliance website:http://www.aboutads.info/choices/

10. GOOGLE AdWords REMARKETING

Our website operates in collaboration with the AdWords Remarketing in order to advertise on Google and its third-party bodies. The provider of AdWords Remarketing is Google LLC., with headquarter in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Implementation of cookies in one’s browser enables to automatically collect an interest-based data. The data creates a user ID based on the pages that one has previously visited and therefore enables more personalized advertising. The aim of the process is advertising optimization and more customer-adjusted content provision within the meaning of Art. 6 para. 1 lit. f) GDPR. Any further data processing will be allowed only after one’s explicit consent to one’s web browser’s data usage. Google will use the information provided by the browser and one’s Google Account to furthermore personalize the advertising used on visited websites. In this case, when one will log in to one’s Google Account when visiting our website, Google will send the allowed data to Google Analytics in order to further define the audiences visiting our website. One is allowed to disable the settings of cookies by installing a browser plug-in available on the following link:https://www.google.com/settings/ads/onweb/.

Alternatively, one may visit the Digital Advertising Alliance website (www.aboutads.info) for further information on cookie settings. One may as well adjust one’s Internet browser, so that it would inform the user about any data collection. Therefore the user will be able to personally decide on the data collection by other websites. It should be taken into consideration that deactivation of all cookies may affect some functions provided by the websites. With the headquarters in the US, Google LLC is a subject to the US Privacy Shield, which respects the EU Data Protection restrictions. For more information on Google Privacy Policy regarding advertising, please visit:http://www.google.com/policies/technologies/ads/

11. GOOGLE AdSense

The data controller collaborates with Google Adsense, which is an online service providing a third-party advertising intermediation. Google AdSense uses an algorithm that selects advertisements displayed on third-party websites. The interest-based retargeting of advertising is specified by the prior collected information of user’s website activity. The company operating Google AdSense components is Alphabet Inc., with headquarters in 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The aim of Google AdSense components is to integrate the advertising on our website. Google AdSense implements cookies on one’s Internet Browser in order to later carry out an analysis of users’ activities on our website. The functioning of cookies has been explained in detail in the previous points of the policy. Agreement on cookies policy allows the information about one’s activity on our website to be sent to Google AdSense in order to improve our online advertising strategies. As a part of the process, Alphabet Inc. collects some of user’s information, such as the IP address, which is crucial to settle the origins of customers’ visits and therefore the commission agreements. Every person visiting our website has the right to deactivate the cookies on one’s browser through the browser’s settings. Such settings of the browser will prevent Alphabet Inc. from any data collection. In addition to this, cookie that has previously been agreed on may be deleted from the Alphabet Inc. data base at any time by specific browser settings.

Google AdSense implements so-called tracking pixels, which are miniature graphics embedded in websites that enable log file collection and analysis. The data collected by the pixels, such as when has the website been opened or which links on the website have been clicked on, is then used in the analysis of the network traffic. Some information, such as the user’s IP address, are collected and transferred by Google AdSense to Alphabet Inc. with headquarter in the United States of America. The information is later on stored and processed by the Alphabet Inc. and may be transferred to some third-parties. For more information about the Google AdSense privacy policy, please visit the website:https://www.google.de/intl/de/adsense/start/

12. THE USE OF GOOGLE ANALYTICS FOR ANALYSIS PURPOSES

This website operates with Google Analytics, which is an internet analysis service provided by Google Inc. (www.google.de). Google Analytics uses the so-called cookies that collect data about one’s activity on the website and therefore allow the analysis of Internet users‘ activities on our website.

The information generated by the cookies is transmitted to and stored by the Google server in the USA. In case of the IP anonymization on user’s website, the IP address will be beforehand shortened by Google following the Member of States of the EU or other responsible Parties within the European Economic Area Agreement .

In exceptional cases the IP address may be sent to the Google server in the USA and shortened there. On behalf of this website’s operator, Google will use the collected information to evaluate the use of the website. The website’s operators will then be provided by Google with the report on related to our website users’ activities that will help us provide the Internet users with more personalized website services.

The IP address collected by Google Analytics will not be merged with any Google data. The user is allowed to deactivate the cookies through browser settings. It should be taken into consideration that deactivation of all cookies may affect some functions provided by the websites. The previously collected data will be deleted after 26 months. Any data collection related to one’s activity on the website (including the IP address) may be avoided by a browser’s plug-in installation:http://tools.google.com/dlpage/gaoptout?hl=en. More detailed information about the Terms of Use and Privacy Policy can be found in the links:http://www.google.com/analytics/terms/de.html or athttps://www.google.de/intl/de/policies/.

13. USE OF SOCIAL MEDIA PLUG-INS

13.1 WHO ARE OUR SUPPLIERS?

We are currently using Facebook as our social media plug-in. We use the so-called two-click solution. In other words, when you visit our website, no personal data is initially provided to our plug-in providers. On the bottom of our website you can find the logo of the plug-in provider, which gives you an opportunity to move to the provider’s website with only one click. Only when you move to the plug-in provider’s website, the information about your activity is passed to the provider’s data base. The data collected by the plug-in are: the IP address, date and time of access, time zone difference to the Greenwich Mean Time (GMT), requested page, HTTP status code, amount of data transferred, used browser, the operating system and its interface, language and version of the browser. In case of Facebook, the IP address will be immediately anonymized. Any personal data collected by the plug-in providers will be transmitted to their data bases (in case of US providers, the data will be stored in USA). For safety reasons, we recommend you to delete all cookies before clicking on the providers’ plug-ins.

13.2 NO INFLUENCE BY US

We have no influence on the data collected and data processing operations, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

13.3 DATA USE BY PROVIDER

The plug-in providers collect and store data connected with users‘ profiles and their activities on websites for marketing and advertising purposes. Evaluations of Internet users’ activities are carried out, even if the person has not been logged in to any social media platform. Every Internet user has a right to disagree with the data collection. The plug-ins offer Internet users to interact with other users on social media platforms and give us a chance to improve our website and offered services. The plus-ins operate in compliance with Art. 6 Par. 1(f) of GDPR.

13.4. DATA TRANSFER

The data ransfer takes place regardless of whether you have an account on the social media platform, or not. If you are logged in, the data collected will be assigned to the existing account. For complete safety, we advise you to log out of every social media account regularly in order to avoid assigning your personal profile to any social media plug-ins.

13.5 PROVIDERS’ PRIVACY POLICY

More information on the purpose and use of the data collected will be provided below. There are also further information on your rights and data protection privacy.

Links to the plug-in provider’s privacy policy:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;http://www.facebook.com/policy.php; more information:http://www.facebook.com/help/186325668085084,http://www.facebook.com/about/privacy/your-info-on-other#applications as well ashttp://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook operates in accordance with the EU-US-Privacy-Shield,https://www.privacyshield.gov/EU-US-Framework.

13.6 ADDTHIS-BOOKMARKING

Our website also contains AddThis plug-ins that allow you to share an interesting content with other social media users. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f) GDPR. The data collected by the plug-in are: the IP address, date and time of access, time zone difference to the Greenwich Mean Time (GMT), requested page, HTTP status code, amount of data transferred, used browser,the operating system and its interface, language and version of the browser. In case of Facebook, the IP address will be immediately anonymized. Any personal data collected by the pug-in providers will be transmitted to their data bases (in case of US providers, the data will be stored in USA). We have no influence on the data collected or processed by the plug-in providers and we are not aware entirely of the purposes or the extent of the data collected. Generally, the data are stored and used for marketing and advertising purposes. You have the right not to agree on the data collection and in order to avoid any further data collection, you should contact the plug-in provider personally. You can also deactivate the cookies on your browser by the use of the link:http://www.addthis.com/privacy/opt-out. For more information on the purpose of data collection please contact the following provider: AddThis LLC, 1595 Spring Hill Road, Sweet 300, Vienna, VA 22182 , USA,www.addthis.com/privacy.

14. PROVIDER AND PRODUCT ASSESMENT

We, as a provider, and our products may be assessed by the customers in ordert to optimize and manage our website and services. The evaluation may be done through an independent website, eKomi Ltd. ("eKomi"). You can provide there your anonymous opinion on our website, products and services. After placing an order, you will receive an email with a link to eKomi website and then you can submit your opinion. For more information on eKomi Privacy Policy, please visitwww.ekomi.de/de/datenschutz. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR.

You have the right to object any data collection at any time. During your assessment on eKomi, you might provide your email address, which therefore may allow us to contact you in case of any misunderstandings or problems. Please note that providing an email is optional and you are a subject of independent eKomi’s privacy policy. eKomi is responsible for any data collected or processed provided by the assessment.

15. ECONDA

The website is integrated with the web analysis tool econda in accordance to the Art. 1 Par. 1 (f) of the GDPR. Web analysis services provided by econda include collection and analysis of data regarding Internet users’ activities on our website. Econda collects such information as the approximate time spent by the users on the website and its subpages. The main aim of the analysis is to optimize and improve our website and define the efficiency of our advertising strategies.

The entity in charge of econda services is econda GmbH with headquarter in Eisenlohrstr. 43, 76135 Karlsruhe, Germany. Econda uses the cookie technology that has been explained above. Each time you visit our website, your web browser sends information about your activity on the website to econda. The obtained information is used mainly for marketing optimization purposes. As a part of the technical process, econda receives information that will further be used to create a general profile of the website’s users. The profile will be later used to analyze the behavior of the users who have accessed the website. The data will only be collected after an explicit consent of the subject and will be used to improve and optimize the website. The data will in no way identify the subject’s personal information.

Every user of the website may decide not to share any information collected by cookies. As explained above, these changes may be introduced through Internet browser settings at any time. Deactivating cookies will remove already collected information from the econda data base and prevent econda from collecting any further data. Every website user may decide not to agree on the data collection related to the use of the website. To prevent any information processing, click on the linkLink. The information about cookie deactivation will be transferred to the econda data base.

It should be taken into consideration that deactivation of all cookies may affect some functions provided by the websites. More detailed information about econda Privacy Policy:http://www.econda.de/econda/unternehmen/datenschutz/datenschutzerklaerung/

16. JOB APPLICATIONS

We also collect and process personal data from applicants for the purpose of handling our application process. Processing can also be carried out electronically. This is always the case if the applicant submits application documents to us electronically, i.e. by e-mail or via a web form implemented on our website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. However, if no employment contract is concluded between us and the applicant, the application documents will be deleted four months after the decision of rejection has been announced, provided that no other legitimate interests of the person responsible stand in the way of deletion. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Act on Equal Treatment. We would like to evaluate all applicants only on the basis of their qualifications and therefore ask that information on racial and ethnic origin, political opinions, religious or ideological beliefs or any trade union membership, genetic data, biometric data to clearly identify a natural person, health data or data on sexual life or sexual orientation in the application should be avoided if possible.

17. EPOQ

Our website uses software technology from epoq internet services GmbH, Am Rüppurer Schloß 1, 76199 Karlsruhe ("epoq"). With epoq's software technology, it is possible for us to display targeted and individual product recommendations on the start, product detail, shopping cart or category page. Product recommendations are displayed based on a cookie-based analysis of previous and current click and purchase behaviour, but no personal data is stored. In these cases, a cookie is stored on your computer or mobile device to collect pseudonymised data about your interests and thus adapt the advertising individually to the stored information. You will be shown advertisements that most likely correspond to your product and information interests. If the information collected is personal, it is processed in accordance with Art. 6 Para. 1 letter f) GDPR on the basis of our legitimate interest in the insertion of personalised advertising and market research. You can permanently deactivate the setting of cookies for advertising preferences by setting your Internet browser so that cookies can no longer be stored on your computer in the future or cookies that have already been stored are deleted. However, deactivating all cookies may mean that some functions on our Internet pages can no longer be executed.

18. RIGHTS OF THE PERSON CONCERNED

If your personal data is processed, you are affected within the meaning of the GDPR and you have the following rights against the person responsible:

18.1 RIGHT TO DISCLOSURE

You can ask the person in charge to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you can request the following information from the person responsible:

  • the purposes for which the personal data are processed;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
  • the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  • the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of the processing by the controller or a right to object to such processing
  • Right of appeal to a supervisory authority;
  • any available information on the origin of the data if the personal data are not collected from the data subject.

18.2 RIGHT TO RECTIFICATION

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

18.3 RIGHT TO RESTRIKTION OF PROCESSING

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims or;
  • the data subject has objected to processing pursuant to 21 Abs. 1 GDPR (1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

18.4 RIGHT TO DELETION

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and there is no other legal basis for the processing.
  • You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
  • the personal data have been unlawfully processed
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
  • The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
  • • Information to third parties
    If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
    • Exeptions
    The right to cancellation does not exist insofar as the processing is necessary
  • for exercising the right of freedom of expression and information
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR
  • for the establishment, exercise or defence of legal claims.
  • 18.5 RIGHT TO INFORMATION

    If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. The person responsible shall have the right to be informed of such recipients.

    18.6 RIGHT TO DATA TRANSFER

    The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

    • processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
    • the processing is carried out by automated means.

    In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedom and rights of other persons must not be affected by this.

    18.7 RIGHT TO OBJECT

    You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

    18.8. RIGHT TO REVOKE THE DATA PROTECTION DECLARATION OF CONSENT

    You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

    18.9 AUTOMATED DECISION IN INDIVIDUAL CASES INCLUDING PROFILING

    The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Paragraph 1 shall not apply if the decision:

    • is necessary for entering into, or performance of, a contract between the data subject and a data controller;
    • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
    • is based on the data subject's explicit consent.

    However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

    18.10 RIGHT TO COMPLAIN TO A SUPERVISORY AUTHORITY

    Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

    The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. Last updated: May 2018