Datenschutz | MSB Medical Spirit of Beauty

Data Privacy Statement

1) Information about the collection of personal data and the contact data of the controller

1.1 Thanks for visiting our website! We appreciate your interest. The following will inform you about how your personal data will be treated when you use our website. “Personal data” means all data which can be used to identify you.

1.2 For the purposes of the General Data Protection Regulation (GDPR), the controller for data processing on this website is SkinCare Manufaktur GmbH, Edelhofweg 8–9, 08301 Bad Schlema, Germany, Tel.: +49 3772/3812350, E-Mail: info@msb-myspecialbeauty.de. The “controller” for the processing of personal data is the natural person or legal entity who, alone or in conjunction with others, decides on the purposes and means of processing personal data.

1.3 This website uses SSL or TSL encryption, for security reasons and to protect the transmission of personal data and other confidential content (such as orders or questions sent to the controller). You can recognise an encrypted connection by the character sequence “https://” and the padlock icon in your browser line.

2) Data collection during visits to our website

If you use our website only for informational purposes, and thus do not register or otherwise transmit information to us, we collect only data which your browser transmits to our server (known as “server log files”). If you access our website, we will collect the following data, which are technically necessary for us to show you our website):

Which website of ours you visited
Date and time of access
Quantity of data sent, in bytes
Source or reference from which you arrived at the site
Browser used
Operating system used
IP address used (possibly in anonymised form)

The data are processed under Art. 6 (1) f GDPR, based on our legitimate interest in improving our website’s stability and functionality. The data will not be used for other purposes or forwarded. However, we reserve the right to check the server log files at a later time if there are specific indications of illicit use.

3) Cookies

To make visiting our website attractive and to allow for the use of certain functions, we use cookies on different sites. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and allow us or our partner companies (“third-party cookies”) to recognise your browser when you visit us again (“persistent cookies”). If cookies are placed, they collect and process certain individualised user information, such as browser and location data, as well as IP address values. Persistent cookies are deleted automatically after a specified period, which can differ according to the cookie.

Some cookies serve the purpose of simplifying the order process by storing your preferences (e.g. saving the content of a virtual shopping cart for later use). If personal data are also processed through individual cookies we use, that processing will take place under Art. 6 (1) b GDPR to implement the contract or, under Art. 6 (1) f GDPR, to guard our legitimate interests in having our website function at its best and our site visit be customer-friendly and effective.

Under certain circumstances, we cooperate with advertising partners who help us design our internet presence to be more interesting for you. To that end, cookies from partner companies (third-party cookies) will also be stored on your hard drive when you visit our website. If we collaborate with such advertising partners, you will be individually and separately informed within the following paragraphs about the use of such cookies and the scope of the information collected thereby.

Please note that you can change your browser settings to inform you when cookies are being placed, so you can decide to accept them individually or to exclude them in certain cases or in general. Every browser manages its cookie settings differently. This is described in every browser’s “Help” menu, which will tell you how to change your cookie settings. You will find these for the browser in question under the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Deciding to refuse cookies can limit our website’s functionality.

4) Contact

When you contact us by contact form or email, personal data will be collected. Each contact form specifies the data that will be collected if it is used. These data will be stored and used exclusively to address your concerns or establish contact, and for the technical administration this entails. The legal basis for processing the data is our legitimate interest in addressing your concerns under Art. 6 (1) f GDPR. If you are contacting us to conclude a contract, processing will also be legally based on Art. 6 (1) b GDPR. After your request has been handled, your data will be erased. This is the case if circumstances indicate that the matter has been cleared up, insofar as erasing your data would not oppose any statutory retention requirements.

5) Data processing for the purpose of registering a customer account and implementing a contract.

As per Art. 6 (1) f GDPR, personal data will continue to be collected and processed if you share these data with us in order to implement a contract or register a customer account. The nature of the data collected depends on the respective entry forms. You can delete your customer account at any time by contacting the controller using the aforementioned contact details. We store the data you share with us and use it to complete your contract. After the completion of the contract or deletion of your customer account, your data is blocked in consideration of tax and commercial law retention periods, but it is blocked for any other purposes and deleted after these periods, unless you have expressly consented to the further use of your data or we have reserved the right to process your data further within the scope permitted by law, as described below.

6) Comments function

When using the comments function on this website, not only your comment but also information on the time of comment creation and the selected commenter name are saved and published on this website. Your IP address is also logged and saved. The IP address is saved in this way for security reasons and in case the data subject has violated the rights of third parties by means of the posted comment or has posted illegal content. We require your email address to contact you in the event that a third party objects to content published by you as illegal. The legal basis for the storing of your data is Art. 6 (1) (b) and (f) GDPR. We reserve the right to delete comments if third parties object to them as illegal.

7) Utilisation of your data for direct advertising

Distribution of our e-mail newsletter to existing customers
If you have given us your e-mail address when purchasing goods or services, we reserve the right to send you regular e-mails containing information about similar goods or services from our range. According to § 7 (3) UWG, we do not need to obtain your consent separately to do this. Data processing is based solely on our legitimate interest in personalised direct advertising under Art. 6 (1) f GDPR. If you object to the use of your e-mail address for this purpose during the purchasing process, we will not send you any advertising e-mails. You have the right to object to the continued use of your e-mail address for the aforementioned advertising purposes at any time by messaging the controller specified at the beginning of this document. This will only incur transmission costs as per the basic tariffs. After we receive your objection, we will immediately cease to use your e-mail address for advertising purposes.

8) Processing of personal data for order processing

8.1 To process your order, we work together with server provider(s) listed below, who provide varying levels of assistance in the implementation of concluded contracts. Certain personal data will be provided to these service providers in consideration of the information below.
To the extent necessary to deliver the goods, the personal information we collect will, as part of the contract execution, be passed on to the transport company that is commissioned with the delivery. We provide your payment data to the authorised credit institution as part of the settlement of payments if this is necessary to process your payment. If we use any payment service providers, we will inform you about them in detail in the following section. The legal basis for disclosing the data is Art. 6 (1) f GDPR.

8.2 Disclosure of personal data to shipping providers

– DHL

If the delivery of goods is carried out by the transport provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we provide your e-mail address to DHL prior to the delivery of the goods as per Art. 6 (1) a GDPR for the purpose of agreeing upon a delivery date or notifying you of the delivery, provided that you have expressly consented to this during the order process. Otherwise, we only provide the recipient’s name and the delivery address to DHL for the purpose of delivering your order as per Art. 6 (1) b GDPR. We only disclose this data if required for the delivery of the goods. In this case, prior coordination of the delivery date with DHL and the issuance of a notification regarding the delivery by DHL are not possible.

You can withdraw your consent from the aforementioned controller or the shipping service provider DHL for future effect at any time.

8.3 Utilisation of payment service providers

– Heidelpay
Credit card payments are processed by Heidelberger Payment GmbH, Vangerowstraße 18, 69115 Heidelberg (“Heidelpay”), to whom we will disclose your personal data as shared with us during the order process for the exclusive purpose of processing your payment under Art. 6 (1) b GDPR. We only disclose this data if it is actually required to process your payment. To process the payment Heidelpay discloses your data – if required – to HUELLEMANN & STRAUSS ONLINESERVICES S.A., 1, Place du Marché, 6755 Grevenmacher, Luxemburg under Art. 6 (1) b GDPR.
If you select the payment option “purchase on account via Heidelpay” or “direct debit via Heidelpay”, you will be prompted during the ordering process to provide your personal data (first and last name, street, house number, postcode, city, date of birth, e-mail address and phone number). To protect our legitimate interest in determining the solvency of our customers, we disclose those data under Art. 6 (1) f GDPR to Heidelberger Payment GmbH, Vangerowstr. 18, 69115 Heidelberg (“Heidelpay”) for the purpose of a credit check. On the basis of the personal data that you provide as well as other data (such as shopping cart, invoice, order history, payment history), Heidelpay checks whether your selected payment option can be granted in terms of payment and/or debt risks. To facilitate our decision on entering into or completing a contractual relationship, we are also entitled to obtain information about your identity and solvency from the following credit agencies under Art. 6 (1) f GDPR:
– SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden
– CRIF Bürgel GmbH, Friesenweg 4, Haus 12, 22763 Hamburg
– Arvato Infoscore GmbH, Rheinstraße 99, 76532 Baden-Baden
– Deltavista GmbH, Kaiserstraße 217, 76133 Karlsruhe
– UNIVERSUM Business GmbH, Hugo-Junkers-Straße 3, 60386 Frankfurt am Main
– Bisnode International Group, Robert-Bosch-Straße 11, 64293 Darmstadt
– Regis24 GmbH, Wallstraße 58, 10179 Berlin
– Creditreform AG, Hellersbergstraße 12, 41460 Neuss
The credit report can include probability values (so-called score values). If score values are incorporated in the result of the credit check, they are based upon a scientifically recognised mathematical and statistical method. The calculation of the score values includes address data (among other information).
You can object to this use of your data at any time by messaging the data processing officer or Heidelpay. Heidelpay may retain the right to process your personal data if this is necessary to complete your payment in accordance with the contract.
– Paypal
In the case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment in instalments” via PayPal, we provide your payment information (within the payment process) to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The disclosure of the data takes place as per Art. 6 (1) f GDPR and within the scope required for processing the payment.
PayPal reserves the right to conduct a credit check for the payment methods of credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment in instalments” via PayPal. To this end, your data may be disclosed to credit agencies under Art. 6 (1) f GDPR, based on PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check with respect to the statistical probability of default for the purpose of the decision concerning the provision of the respective payment method. The credit report can include probability values (so-called score values). If score values are incorporated in the result of the credit check, they are based upon a scientifically recognised mathematical and statistical method. The calculation of the score values includes address data (among other information). For more information about data protection, including the credit agencies used, please refer to the Privacy Policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this use of your data at any time by messaging PayPal. PayPal may retain the right to process your personal data if this is necessary to complete your payment in accordance with the contract.
– Wirecard
If you choose one of the payment types provided by the payment service provider checkoutportal by wirecard, the payment processing is performed by the payment service provider checkoutportal by wirecard, Wirecard UK & Ireland Ltd, 1st Floor Ulysses House, Foley Street Dublin 1, Ireland, to whom we provide the information you share within the order process as well as the information about your order (name, address, possibly IBAN, possibly BIC, invoice amount, currency and possibly transaction number). Your data will be shared with the payment service provider checkoutportal by wirecard exclusively for the purposes of payment processing in accordance with Art. 6 (1) (b) GDPR. We only disclose your data if actually required for the processing of the payment.

9) Use of graphic rating and certification marks

EHI certification mark widget

On our website, we use the seal “EHI Geprüfter Online-Shop” [EHI-certified online shop], a widget by EHI Retail Institute GmbH, Spichernstraße 55, 50672 Cologne (“EHI”). Whenever a user visits our website, the EHI servers upload dynamic content (current shop ratings, certificate etc.) to the widget. In this context, your IP address, your previously visited website, the date and time of your access, the transferred data volume, browser type, your operating system and the requesting provider (referrer data) are transferred to the EHI servers. Those data are processed based on our legitimate interest in optimising our service under Art. 6 (1) f GDPR.
For more information about data protection at EHI, see: www.ehi-siegel.de/datenschutz

10) Online-Marketing

10.1 Google AdSense
This website uses Google AdSense, a web advertising service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdSense uses so-called cookies, text files that are stored on your computer and that enable the analysis of your use of the website. Google AdSense also uses so-called “web beacons” (small, invisible graphics) for collecting information; these allow for simple actions such as the recording, collection and analysis of visitor traffic on the website. The information generated by the cookie and/or web beacon (exclusively your IP address) about your use of this website is usually transferred to a Google server and stored there. This can also result in transfer to the servers of Google LLC. in the USA.
Google uses the information obtained in this way to conduct an analysis of the usage behaviour with regard to the AdSense ads. The IP address that is transmitted from your browser in the context of Google AdSense will not be merged with other data from Google. The information collected by Google may be transferred to third parties in some cases if this is required by law and/or insofar as third parties process these data on behalf of Google.
The described processing of data takes place according to Art. 6 (1) (f) GDPR for the purpose of targeting advertising at the user by third party advertisers, whose ads are displayed on this website based on the evaluated user behaviour. This processing also serves our financial interest in exhausting the economic potential of our website by displaying personalised advertising content of third parties for a fee.
For the event that personal data is transferred to Google LLC, with registered office in the USA, Google LLC. has been certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
You can find more information about the Google Privacy Policy at the following Internet address: https://policies.google.com/privacy/
You can deactivate cookies for advertising procedures by changing the settings of your browser software accordingly or by downloading and installing the browser plug-in available under the following link:
https://www.google.com/settings/ads/plugin?hl=gb
Please note that deactivating the use of cookies might render certain functions of this website unusable or not fully usable.

10.2 Use of Google Ads conversion tracking
This website uses the online advertising programme “Google Ads” and, within the framework of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use the services of Google Ads so we can use promotional materials (Google AdWords) on external websites to draw attention to our attractive offerings. We can determine how successful the individual promotional measures are in relation to the data of those ad campaigns. Therefore, we pursue our interest in showing you ads that will intrigue you, making our website more appealing, and invoicing incurred advertising costs fairly.
The cookie for conversion tracking is set when a user clicks on an ad placed by Google Ads. Cookies are small text files that are stored on your end device. After 30 days, these cookies will normally become ineffective and unable to identify you personally. If the user visits certain pages of this site and the cookie has not yet expired, we and Google can recognise that the user has clicked on the ad and proceeded to that page. Each Google Ads advertiser receives a different cookie. Cookies therefore cannot be tracked via the sites by Google Ads customers. The information collected with the aid of the conversion cookie is used to create conversion statistics for Google Ads customers that have opted for conversion tracking. Customers receive information as to the total number of users who have clicked on their ad and proceeded to a page tagged with a conversion tracking tag. However, they do not receive any information that can personally identify a user. If you don’t want to participate in tracking, you can block this function by deactivating Google conversion tracking in the “user settings” of your internet browser. You will then not be included in the conversion tracking statistics. We use Google Ads based on our legitimate interests in targeted advertising under Art. 6 (1) f GDPR. The use of Google Ads can also result in transfer of personal data to the servers of Google LLC. in the USA.
For the event that personal data is transferred to Google LLC, with registered office in the USA, Google LLC. has been certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
You can find more information about the Google Privacy Policy at the following Internet address: https://policies.google.com/privacy/
You can deactivate cookies for advertising procedures by changing the settings of your browser software accordingly or by downloading and installing the browser plug-in available under the following link:
https://www.google.com/settings/ads/plugin?hl=gb

Please note that deactivating the use of cookies might render certain functions of this website unusable or not fully usable.

11) Web analysis services

Google (Universal) Analytics

Google (Universal) Analytics
Google Universal Analytics with demographics
This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses so-called cookies, text files that are stored on your computer and that enable the analysis of your use of the website. The information the cookie generates about your use of this website (including the truncated IP address) is normally transmitted to a Google server and stored there; this could also include transmission to the servers of Google LLC. in the USA.
This website uses Google Analytics exclusively with the extension “anonymizeIP()”, which anonymises the IP address by truncating it to prevent it from being traced to you. Google will use that extension to truncate your IP address in advance within the member states of the European Union or in other Contracting Parties to the EEA Agreement. Only in exceptional cases will the full IP address be transferred to a Google LLC. server in the USA and shortened there. In these exceptional cases, the data is processed under Art. 6 (1) f GDPR, based on our legitimate interest in statistically analysing user behaviour for optimisation and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, create reports about website activities and render additional services for us which are related to website use and internet use. The IP address that is transmitted from your browser in the context of Google Analytics will not be merged with other data from Google.
You may prevent the storing of cookies by appropriately adjusting your browser software. However, we would like to point out that, in that case, you may not be able to use all of the features of this website to their full extent. You can also prevent the collection of the data generated by the cookie and about your use of the website (including your IP address) to Google as well as the processing of these data by Google by downloading and installing the browser plug-in which is available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=gb
Alternatively to the browser plug-in or within browsers on mobile devices, please click on the following link in order to place an opt-out cookie which will prevent the collection by Google Analytics on this website in the future (this opt-out cookie will only work in this browser and only for this domain; to delete your cookies in this browser, you have to click on this link again): <a onclick=”alert(‘Google Analytics wurde deaktiviert’);” href=”javascript:gaOptout()”>Deactivate Google Analytics</a>
For the event that personal data is transferred to Google LLC, with registered office in the USA, Google LLC. has been certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
This website also uses Google Analytics for cross-device analysis of visitor flows by means of a user ID. The first time a page is loaded, a unique, lasting and anonymised ID is assigned to the user, which is used across devices. This allows interaction data from various devices and from different sessions to be associated with an individual user. The user ID contains no personal data and does not transmit such data to Google.
The data collection and storage via user ID can be revoked at any time with effect for the future. To do this, you must deactivate Google Analytics on all systems that you use, such as in another browser or on your mobile device.
This website also uses the “Demographics” function of Google Analytics. This allows reports to be created that contain information about demographic data such as the age, gender and interests of the page visitors. These data originate from interests-based advertising by Google, the Google Display network and visitor data from third party providers. You can deactivate this function at any time in the display settings of your Google account or generally disable the collection of your data by Google Analytics as described above.
Deactivation is accomplished with a browser plugin from Google (https://tools.google.com/dlpage/gaoptout?hl=de). Alternatively to the browser plug-in or within browsers on mobile devices, please click on the following link in order to place an opt-out cookie which will prevent the collection by Google Analytics on this website in the future (this opt-out cookie will only work in this browser and only for this domain; to delete your cookies in this browser, you have to click on this link again): <a onclick=”alert(‘Google Analytics wurde deaktiviert’);” href=”javascript:gaOptout()”>Deactivate Google Analytics</a>
More information on Google (Universal) Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376

12) Retargeting / remarketing / advertising for recommendation

Google Ads remarketing
Our website uses the functions of Google Ads remarketing, through which we advertise for this website in the Google search results and third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). To this end, Google places a cookie in the browser of your end device, which automatically enables interest-based ads by using a pseudonymous cookie ID based on the pages you have visited. The processing is based on our legitimate interest in optimally marketing our website under Art. 6 (1) f GDPR.
Data is processed beyond this only if you have given Google your consent to connect your internet and app browser history with your Google account and to use information from your Google account to personalise ads you see in the web. In this case, if you are logged into Google while you visit our website, Google will use your data together with Google Analytics data to compile and define target group lists for cross-device remarketing. In addition, Google will temporarily combine your personal data with Google Analytics data to form target groups. The use of Google Ads remarketing can also result in transfer of personal data to the servers of Google LLC. in the USA.
You can deactivate the setting of cookies for ad purposes permanently by downloading and installing the browser plug-in available under the following link: https://www.google.com/settings/ads/onweb/
Alternatively, you can get information from the Digital Advertising Alliance at the internet address www.aboutads.info about the placement of cookies and change your settings to that end. Finally, you can change your browser settings to inform you when cookies are being placed, so you can decide to accept them individually or to exclude them in certain cases or in general. Choosing to reject cookies might restrict our site’s functionality.
For the event that personal data is transferred to Google LLC, with registered office in the USA, Google LLC. has been certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
Further information as well as the privacy policy regarding advertising and Google can be found here:
https://www.google.com/policies/technologies/ads/

13) Tools, miscellaneous

Google Maps
On our website, we make use of Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for presenting interactive maps to show geographic information. Using this service will show you our location and make getting there easier.
By accessing the subpages which incorporate the maps of Google Maps, information about your use of our website (such as your IP address) will be transmitted to Google servers and stored there; this can also result in transmission to the servers of Google LLC. in the USA. This will occur regardless of whether Google provides a user account into which you are logged, or whether a user account exists. If you are logged in with Google, your data will be assigned directly to your account. To keep this from happening, you must log out of Google before activating the button. Even if you aren’t logged in, Google will store your data as a usage profile and evaluate that profile. The collection, storage and evaluation will be carried out in particular under Art. 6 (1) (f) GDPR, based on Google’s legitimate interest in inserting personalised ads, market research, or designing needs-based Google websites. You may object to this user profile being formed. To exercise that right, you must contact Google.
For the event that personal data is transferred to Google LLC, with registered office in the USA, Google LLC. has been certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
If you don’t want your data transmitted to Google when you use Google Maps in the future, you can deactivate the Google Maps web service by turning of the JavaScript application in your browser. If you do, you will not be able to use Google Maps or (therefore) the map display on this internet site.
You can find Google’s usage conditions under https://policies.google.com/terms, and the additional usage conditions for Google Maps under https://www.google.com/intl/gb/help/terms_maps.html
You can find comprehensive information about data privacy in connection with the use of Google Maps on Google’s internet site (“Google Privacy Policy”): https://policies.google.com/privacy/

14) Rights of the data subject

14.1 Applicable data protection law grants you extensive data subject rights (rights to information and intervention) about which we will inform you in the following:

– Right of access to information under Art. 15 GDPR: In particular, you have the right of access to the personal data we are processing about you, the purpose of that processing, the categories of processed personal data, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining it, the existence of rights to rectification, erasure, restriction of processing, objection against the processing, lodging a complaint with a supervisory authority, the origin of your data (if we did not collect them from you), the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the implications for you, if need be, and the sought-after effects of such processing, as well as your right to be informed of which guarantees exist under Art. 46 GDPR if your data are forwarded to third countries;
Right to rectification under Art. 16 GDPR: You may demand the correction of incorrect data concerning you, or the completion of incomplete data about you we have stored, or both, without undue delay.
Right to erasure under Art. 17 GDPR: You may demand that your personal data be erased if the conditions of Art. 17 (1) GDPR have been met. However, you will not be so entitled in particular if the processing is necessary to exercise the right to free information and expression of opinion, to fulfil a legal obligation, for reasons of the public interest, or to assert, exercise or defend against legal claims;
Right to restriction of processing under Art. 18 GDPR: You may demand that the processing of your personal data be restricted if the correctness of your data (which you contest) is reviewed, you waive your right to have your data erased because those data were impermissibly processed and instead demand that their processing be restricted, you need your data to assert, exercise or defend against legal claims after we no longer need them to achieve their intended purpose, or you have lodged an objection for reasons arising from your particular situation, provided it has not yet been established whether our legitimate reasons prevail;
Right to be informed under Art. 19 GDPR: If you have asserted your right to rectification, erasure or restriction of the processing toward the controller, that controller is obligated to communicate such correction or deletion of the data or restriction of its processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or would entail a disproportionate effort. You are entitled to be informed about these recipients.
Right to data portability under Art. 20 GDPR: You may receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, or may demand that those data be transmitted to another controller, provided this is technically feasible;
Right to withdraw consent you have granted, under Art. 7 (3) GDPR: You have the right at any time to withdraw a consent you have granted to have your data processed, with effect for the future. If you do so, we will delete the data concerned without undue delay, unless their further processing can be supported by the legal basis of “processing without the need for consent”. Withdrawing your consent will not affect the legality of processing that has already occurred based on your consent;
Right to lodge a complaint under Art. 77 GDPR: If you believe the processing of the personal data concerning you breaches the GDPR, you may lodge a complaint with a supervisory authority, especially in the member state of your residence, workplace, or the location of the alleged breach. This right exists without prejudice to any other legal remedies you may have under administrative law or the courts.

14.2 RIGHT TO OBJECT

IF WE HAVE PROCESSED YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTERESTS AFTER HAVING WEIGHED OUR INTERESTS AGAINST YOURS, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO LODGE AN OBJECTION AGAINST THIS PROCESSING WITH EFFECT FOR THE FUTURE.

IF YOU TAKE ADVANTAGE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING THE DATA IF WE CAN VERIFY COMPULSORY LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS DONE TO ASSERT, EXERCISE OR DEFEND AGAINST LEGAL CLAIMS.

IF WE ARE PROCESSING YOUR PERSONAL DATA TO OPERATE DIRECT ADVERTISING, YOU MAY OBJECT TO SUCH PROCESSING AT ANY TIME. YOU MAY EXERCISE YOUR RIGHT OF OBJECTION AS DESCRIBED ABOVE.

IF YOU TAKE ADVANTAGE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA IN QUESTION FOR THE PURPOSES OF DIRECT ADVERTISING.

15) Storage period for personal data

The storage period for personal data is measured by the legal basis, the purpose of processing and – insofar as applicable – the relevant statutory retention period (such as those under commercial or tax law).
If personal data are processed on the basis of express consent under Art. 6 (1) (a) GDPR, the data are stored until the data subject revokes consent.
If statutory retention periods apply to data processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) GDPR, these data are typically deleted after the end of the retention periods unless they are needed to initiate or fulfil a contract or we have a legitimate interest in continuing to store them.
If personal data are processed on the basis of Art. 6 (1) (f) GDPR, the data are stored until the data subject exercises his right to revocation under Art. 21 (1) GDPR, unless we can verify compulsory legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or if the processing is done to assert, exercise or defend against legal claims.
If personal data are processed on the basis of Art. 6 (1) (f) GDPR for the purpose of direct advertising, the data are stored until the data subject exercises his right to revocation under Art. 21 (2) GDPR.
Unless otherwise specified in the other information in this policy concerning specific processing situations, stored personal data is deleted when they are no longer needed for the purposes for which they were collected or otherwise processed.