privacy policy

Data protection information (information obligations according to Art. 13 GDPR)

In our opinion, data protection should be transparent, easy to understand and, above all, fair for all parties. Therefore, we would like to inform you in this data protection information on the one hand about which personal data we collect from you and use, whether and, if so, to which third parties this data is passed on, how long we store the data and what rights you have if you not agree with our responsible handling at some point. If you still have questions after reading this detailed data protection information, please do not hesitate to contact us by using the contact details below.

Definitions

The following definitions are to ensure that we have the same understanding of the terms. In this way, all parties will know what we mean in this statement.

Personal data:

This means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing:

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing:

This means the marking of stored personal data with the aim of limiting their processing in the future.

Profiling:

This means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation:

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller:

This means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. Recipient: any natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; Third party: This is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. Consent: This is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1. Name and contact details of the responsible person

The controller for the data processing is

TMA Bulk GmbH & Co KG
Am Kaiserkai 1
20457 Hamburg

You can contact us by post, by email at management@tma-bulk.com or by phone 040 3600624-00.

2. Collection of personal data during use for information purposes

If you use our website purely for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 (1) lit. f GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access Status/HTTP Status Code
  • Data volume transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.



3. Use of cookies

(1) Moreover, by using this website, cookies will be stored on your computer. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive and via which information is provided to the entity that places the cookie (i.e. us in this case). Cookies cannot execute programmes or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the website generally more user-friendly and effective.

(2) Cookies may contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user.

(3) A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:

  • Technical cookies: these are mandatory to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they store which web pages you have visited;
  • Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;
  • Advertising cookies, targeting cookies: These are used to offer the website user tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
  • Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.

(4) Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) lit. a GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. Furthermore, we only pass on your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Art. 6 (1) lit. a GDPR.

(5) We use the following cookies on our website:

(6) You can determine for yourself whether cookies can be set and accessed through the settings in your browser. You can, for example, completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically informs you as soon as a cookie is to be set and asks you for feedback. You can block or delete individual cookies. However, for technical reasons, this may result in some functions of our website being impaired and no longer functioning fully.

(7) If cookies are only used on our website with your consent, you can also make the settings mentioned in paragraph 6 in our Cookie Consent Tool.

4. Data security

(1) All data transmitted by you personally will be encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that is also used, for example, in online banking. You can recognise a secure TLS connection, i.e by the appended s at the http (i.e. https) in the address bar of your browser or by the lock symbol in the lower area of your browser.

(2) We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

5. Use of functions of our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide further personal data, which we use to provide the respective service. If additional voluntary information is possible, this is marked accordingly.

(2) When contacting us by e-mail or using the contact form, we will store your email address and, if you have provided it, your name and your telephone number so that we can answer your questions. (Legal basis is Art. 6 (1) lit. b GDPR)

6. Social media profiles

(1) We have various presences in so-called social media platforms. We operate these presences with the following providers: LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, can be viewed at https://www.linkedin.com/legal/privacy-policy.

(2) We use the technical platform and services of the providers for these information services. We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored on your terminal device in the form of cookies. This information is used to provide us, as the operator of the accounts, with statistical information about the interaction with us.

(3) The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. According to their own information, all of the aforementioned providers maintain an adequate level of data protection equivalent to that of the former EU-US Privacy Shield and we have concluded the standard data protection clauses with the companies. We are not aware of how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. This data can be used to offer content or advertising tailored to you. If you want to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies on your device and restart your browser.

(4) As the provider of the information service, we also only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy. The legal basis for processing your data on the social media platform is Art. 6 (1) lit. f GDPR.

(5) To exercise your data subject rights, you can contact both us or the provider of the social media platform. Insofar as one party is not responsible for responding or must receive the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about the profiling, processing of your data when using the website. For questions about the processing of your interaction with us on our site, write to the contact details we have provided above.

(6) What information the social media platform receives and how it is used is described by the providers in their data protection declarations (see link in the table above). There you will also find information on contact options as well as on the setting options for advertisements. Further information on social networks and how you can protect your data can also be found at www.youngdata.de.

7. Transfer of data to third parties

(1) We will only pass on your personal data to third parties if participation in promotions, competitions, bookings or the conclusion of contracts are offered by us together with a third party provider. In this case, you will be informed separately about the transfer to third parties before your data is passed on.

(2) In some cases, we use external service providers to process your data. These have been carefully selected by us and commissioned in writing. They are bound by our instructions and are regularly monitored by us. The service providers will not pass on this data to third parties. Insofar as these service providers are located in the USA, we will inform you of this in connection with the respective functions. This data processing also takes place in accordance with the applicable legal situation. We would like to point out that there is currently no adequate level of data protection in the USA and there is also no adequacy decision on the part of the EU Commission. We would also like to point out that due to the CLOUD Act and other regulations (e.g. intelligence collection powers under Section 702 FISA and Executive Order 12 333), US authorities can access this data and you are not entitled to the data subject rights in the USA as is the case within the EU.

7.1 Use of Google Ads

(1) We use the Google Ads service to draw attention to our offers with the help of advertisements. If you access our website via a Google ad, Google Ads will store a cookie in your terminal device. The legal basis for the processing of your data is Art. 6 (1) lit. a GDPR, i.e. the integration only takes place with your consent.

(2) The advertising material is delivered by Google via so-called "ad servers". For this purpose, we and other websites use so-called ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. The Google Ads cookies stored on our website enable us to obtain information about the success of our advertising campaigns. These cookies are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that a user no longer wishes to be addressed) are usually stored as analysis values.

(3) The cookies set by Google enable Google to recognise your internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer will be able to recognise that the user has clicked on the ad and been redirected to that page. A different cookie is assigned to each Ads customer so that the cookies cannot be tracked across the websites of other Ads customers. Through the integration of Google Ads, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

(4) Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We ourselves do not independently collect personal data in the aforementioned advertising measures, but only provide Google with the opportunity to collect the data. We only receive statistical evaluations from Google that provide information about which ads were clicked on how often and at what prices. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

(5) You can revoke your consent at any time without affecting the permissibility of the processing until revocation. The easiest way to revoke is via our Consent Manager or via the following functions: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving any third-party ads; b) by setting your browser to block cookies from the domain "www.googleadservices.com", www.google.de/settings/ads, deleting this setting when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link www.aboutads.info/choices, deleting this setting when you delete your cookies; d) by permanently disabling them in your Firefox, Internetexplorer, Edge or Google Chrome browsers at the link www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all the functions of this website to their full extent.

(6) Further information on data protection at Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, can be found here: www.google.com/intl/de/policies/privacy and services.google.com/sitestats/en.html.

7.2 Google Conversion Tracking

(1) We use Google Ads with the additional application "Google Conversion Tracking". This is a procedure with which we can check the success of our advertising campaigns. For this purpose, the advertisements are provided with a technical provision, e.g. an ID, with which we can determine how a user interacts after clicking on the advertisements and whether one of our services is actually used. This provides us with statistical information about the total number of readers of our advertisements, which advertisements are particularly popular and, if applicable, further information about consequences from the advertisement.

(2) The legal basis for the processing of your data is also Article 6 (1) lit. a GDPR, i.e. the integration only takes place with your consent. You can prevent or no longer use the conversion tracking function in the same way as described above for Google Ads.

7.3 Google Remarketing

((1) We use Google Ads with the additional application "Google Remarketing". With this procedure, we can create advertisements based on existing information about you and address you again during your further internet use. This is done by means of cookies set when you visit our offers (usually by cookies), via which your usage behaviour when visiting various websites is recorded by Google and evaluated in pseudonymised form. According to its own statements, Google does not combine the data collected in the course of remarketing with your personal data, which may be stored by Google.

((2) The legal basis for the processing of your data is also Article 6 (1) lit. a GDPR, i.e. the integration only takes place with your consent. You can prevent or no longer use the remarketing function in the same way as described above for Google Ads.

7.4 DoubleClick by Google

(1) This website continues to use the online marketing tool DoubleClick by Google. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being shown more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later calls up the advertiser's website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information.

(2) Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

(3) You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving ads from third-party providers; b) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, this setting being deleted when you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies; d) by permanently deactivating them in your Firefox, Internetexplorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

(4) The legal basis for the processing of your data is Art. 6 (1) lit. a GDPR. You can revoke your consent at any time, most easily via our Consent Manager. Further information on DoubleClick by Google can be found at https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, as well as on data protection at Google in general: https://www.google. de/intl/en/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. We would like to point out that there is currently no adequate level of data protection in the USA and there is also no adequacy decision on the part of the EU Commission. We would also like to point out that due to the CLOUD Act and other regulations (e.g. intelligence collection powers under Section 702 FISA and Executive Order 12 333), US authorities can access this data and you are not entitled to the data subject rights in the USA as is the case within the EU.

7.5 LinkedIn Insight Tag

(1) Furthermore, the website uses the so-called LinkedIn Insight tag (or LinkedIn Pixel) of LinkedIn Ireland Unlimited Company ("LinkedIn"). By integrating this JavaScript tag, you as a user of our website can be shown interest-related and relevant advertisements ("Ads") when visiting the social network LinkedIn or other websites that also use the procedure, and we receive statistics about website visitors and demographics. Furthermore, we can evaluate your use of our LinkedIn ads and the interest in our offers, by means of a conversion tracking function and also display LinkedIn ads to you on other websites via retargeting. In this way, we pursue the interest of improving the effectiveness of the LinkedIn ads and making our website more interesting for you.

(2) By integrating the LinkedIn Insight tag, your browser automatically establishes a direct connection with LinkedIn's server, both when visiting the LinkedIn website and websites that have the LinkedIn Insight tag built in. LinkedIn and we are jointly responsible for the collection of your usage data when you visit our website and the transmission to the provider, but LinkedIn is solely responsible for the relevant processing to carry out the objectives described once the data has been transmitted. We have no influence on the scope and nature of the use of the data by LinkedIn, we therefore inform you according to our state of knowledge: Through the integration of the LinkedIn Insight tag, LinkedIn receives the information that you have called up the corresponding web page of our website or clicked on an advertisement from us. If you are registered with a LinkedIn service, LinkedIn can assign the visit to your account. Even if you are not registered with LinkedIn or have not logged in, it is possible that the provider will learn your IP address, time slot and other identifying characteristics and link them to the actions assigned to you.

(3) The deactivation of the LinkedIn Insight tag and other advertising objections are possible in the settings for advertisements at www.linkedin.com/help/linkedin/answer/62931?trk=microsites-frontend_legal_privacy-policy&lang=en and additionally at www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Further setting options and information can be found in the LinkedIn Privacy Center: privacy.linkedin.com/en?lr=1/.

(4) The legal basis for the processing of your data is Art. 6 (1) lit. a GDPR, i.e. the integration only takes place after your consent. You can revoke your consent at any time, most easily via our Cookie Manager. LinkedIn also processes your personal data in the USA and has imposed a standard on itself that corresponds to the former EU-US Privacy Shield. We have also agreed so-called standard data protection clauses with LinkedIn, the purpose of which is to maintain an appropriate level of data protection in the third country.

(5) Further information on data processing by LinkedIn can be obtained from the provider, LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland; information on the LinkedIn Insight tag: business.linkedin.com/en/marketing-solutions/insight-tag?lr=1/; privacy information: www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy/.

7.6 Use of Matomo

(1) On this website, we use the web analysis service Matomo to analyse and check the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.

(2) We operate Matomo in a version that does not require cookies. Thus, no Matomo cookies are stored on your computer for the purpose of web analysis. For the analysis of website usage, your IP address and information such as timestamp, web pages visited and your language settings are collected. We store the information collected in this way on our server.

This website uses Matomo with the extension “anonymizeIP”. This allows IP addresses to be processed in an abbreviated form in order to exclude any direct association to a specific person. The IP address sent from your browser using Matomo will not be consolidated with any other data collected by us.The legal basis for the use of Matomo is Art. 6 (1) lit. f GDPR.

(3) Preventing the use of Matomo is possible by removing the following tick and thus activating the opt-out plug-in: [Matomo iFrame ]. In this case, an opt-out cookie is stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated when you visit our site again.

(4) Matomo is an open source project. Information from the third-party provider on data protection is available at matomo.org/privacy-policy/.

7.7 Integration of YouTube videos

(1) We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos, data will be transmitted (mentioned in paragraph 2). We have no influence on this data transmission. The legal basis for the display of the videos is Art. 6 (1) lit. a GDPR, i.e. the integration only takes place after your consent. You can revoke your consent at any time, most easily via our Consent Manager.

(2) By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned in section 3 of this declaration is transmitted. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

(3) For further information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. We would like to point out that there is currently no adequate level of data protection in the USA and there is also no adequacy decision on the part of the EU Commission. We would also like to point out that due to the CLOUD Act and other regulations (e.g. intelligence collection powers under Section 702 FISA and Executive Order 12 333), US authorities can access this data and you are not entitled to the data subject rights in the USA as is the case within the EU.

7.8 Use of Vimeo

(1) On our website we integrate the service "Vimeo", which is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

(2) On some of our pages, we use plugins from the provider Vimeo. When you call up the pages of our online offer that are provided with such a plugin, a connection to the Vimeo servers is established and the plugin is displayed. This transmits to the Vimeo server which of our pages you have visited. If you are logged in as a Vimeo member, Vimeo assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.

(3) The privacy policy of Vimeo Inc. can be viewed here: vimeo.com/privacy

(4) The processing of the data is based on our legitimate interest, i.e. the optimisation of our offer and our website according to Art. 6 (1) lit. f. GDPR. Likewise, the transmission of the technically necessary data to Vimeo takes place on the same legal basis.

(5) In order to ensure an appropriate level of data protection when transferring data to the USA, we have concluded the EU standard contractual clauses with the provider of Vimeo in the so-called "controller to controller" variant. As further protective measures, we always integrate videos from Vimeo in the "Do Not Track" variant, so that personal data is only transmitted to Vimeo in a minimal way. In addition, the provider of Vimeo has made a commitment to us to continue to comply with the self-imposed obligations from the former so-called Privacy Shield Agreement.

8. Recipients or categories of recipients

If we pass on your personal data to third parties, you will be explicitly informed of this in the description of the respective data processing (e.g. when using our contact form). Of course, we also use external service providers for the technical and organisational processing, with whom we have concluded corresponding order processing contracts within the meaning of Art. 28 GDPR. These are, for example, service providers for web hosting, sending emails, maintenance and care of our IT systems etc.

9. Storage period

Your data will be stored for as long as it is absolutely necessary to achieve the respective purpose, at the longest, however, for as long as any statutory provisions require us to do so (e.g. under commercial law we are obliged to keep business letters, which may also include emails, for 10 years).

As soon as the purpose of storage ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.

10. Your rights

In this section we would like to inform you comprehensively about the rights you are entitled to.

10.1 Right to information

You have the right to obtain information from us at any time as to whether we process personal data concerning you. In this case, you have the right to be informed of the information specified in the second half of Art 15 (1) GDPR.

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.

10.2 Right of rectification

In accordance with Art 16 GDPR, you also have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

10.3 Right to erasure ("right to be forgotten")

You also have the right to request that we delete personal data relating to you without delay. We are obliged to comply with this request and to delete personal data unless we are legally obliged or entitled to continue processing your data. For details, please refer to Art. 17 of the GDPR.

10.4 Right to restrict processing

You have the right to demand that we restrict processing, provided that the legal requirements under Art. 18 of the GDPR are met.

10.5 Right to information

In accordance with Art 19 GDPR, you have the right to request rectification, erasure or restriction of processing. We are obliged to communicate this rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

10.6 Right to data portability

If your data is processed by us with your consent or on the basis of a contract, you have the right to receive the personal data concerning you in a structured, common and machine-readable format. You also have the right to transfer this data to another controller, provided that the legal requirements pursuant to Art. 20 GDPR are met.

10.7 Right to object

Right to object in individual cases You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1) lit. e or lit. f GDPR; this also applies to profiling based on these provisions.
We will no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Right to object to processing of data for direct marketing purposes If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

10.8 Right to withdraw the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. If you withdraw consent, the lawfulness of the processing based on consent before its withdrawal shall not be affected.

10.9 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and the responsible person,
  2. is authorised by legislation of the Union or the Member States to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. or is based on your explicit consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2) lit. a or lit. g of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests. With regard to the cases referred to in a. and c. above, the controller shall take reasonable steps to safeguard the rights and freedoms of, and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

10.10 Right of complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The supervisory authority responsible for us is:

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg
Phone: 040 / 428 54 - 4040
Fax: 040 / 428 54 - 4000
Email: mailbox@datenschutz.hamburg.de
Internet: https://datenschutz-hamburg.de



11. Legal bases of the processing

Unless specified for the individual types of processing in the above clauses, the legal bases according to which we process data are set out below.

Art. 6 (1) lit. a GDPR is the legal basis if we have obtained consent from the data subject for processing operations with personal data.

Art. 6 (1) lit. b GDPR is the legal basis when processing personal data is necessary for the performance of a contract to which the data subject is party. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract.

Art. 6 (1) lit. c GDPR is the legal basis if the processing of personal data is necessary for compliance with a legal obligation to which our company is subject.

Art. 6 (1) lit. d GDPR is the legal basis if processing personal data is necessary due to the vital interests of the data subject or of another natural person.

Art. 6 (1) lit. f GDPR is the legal basis for processing if processing is necessary for the purposes of a legitimate interest pursued by our company or by a third party and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject.

12. No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case within the scope of the products and services presented above, you will be informed of this separately.