Privacy

Privacy

Protecting your intellectual property
We do not sell, trade, exchange or otherwise make available any personally identifiable information to any other team or organization. We may update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your account or by placing a prominent notice on our site.

I. Name and address of the data controller

The responsible person within the meaning of the General Data Protection Regulation law and other national data protection laws within Germany's federal states, as well as any other provisions on data protection, is:

MeisterLabs GmbH
Zugspitzstrasse 2
85591 Vaterstetten
Germany
Tel.: +49 89 1213 5359
Email: [email protected]

Websites:
www.meisterlabs.com
www.mindmeister.com
www.meistertask.com
focus.meisterlabs.com

II. Name and address of the data protection officer

The data protection officer for the data controller is:
Rehm Datenschutz GmbH
Eugen-Sänger-Ring 13
85649 Brunnthal
Germany
Tel.: +49 89 6080 7600
Email: [email protected]
Website: www.rehm-datenschutz.de

III. General information on data processing

1. Scope of processing of personal data

We generally only process our users' personal data if we require this data to offer you the full functionality of our website and services, or if the information is required for access to our content and services. Users' personal data is usually only processed once the user provides their consent. The exception to this rule applies in cases in which it is not possible to obtain prior consent for practical reasons and the processing of this data without permission is permitted by law.

2. Legal basis for processing personal data

Article 6, section 1, item a) of the EU General Data Processing Regulation (GDPR) serves as the legal basis for processing personal data in cases where the user has provided permission for us to do so. In cases where processing personal data is necessary for the performance of a contract that the user in question has signed, article 6, section 1, item b) of the GDPR applies. This also applies for processing procedures that are required for the performance of pre-contractual measures. If the processing of personal data is required for the fulfilment of legal obligations that our company is subject to, article 6, section 1, item c) of the GDPR applies. For cases in which the vital interests of the person concerned, or those of another natural person, make it necessary to process personal data, article 6, section 1, item d) of the GDPR applies. If the processing of personal data is necessary to safeguard the interests of our company or a third party, and the interest, fundamental rights and freedoms of the data subject do not outweigh these interests, article 6, section 1, item f) of the GDPR applies as the legal basis for processing data.

3. Erasure of data and duration of data storage

The personal data of the person concerned is deleted or blocked as soon as the data has served its purpose. Data may be stored beyond this period if provisions are made to this effect by European and national legislators in regulations, laws or other legal texts in accordance with the union law that the data controller is subject to. The data will also be deleted or blocked if the storage period specified in these regulations expires, unless the storage of this data for a longer period is required for the conclusion of a contract or the fulfilment of contractual obligations.

IV. Provision of the website and services and creation of log files

1. Description and scope of data processing

Each time our website or services are accessed, our system automatically collects data and information from the computer system of the user accessing the site or service. The following data is collected as part of this process:

  1. Information on the browser type and version
  2. The user's operating system
  3. The user's internet service provider
  4. The user's IP address
  5. The date and time of website and service access
  6. Website from which the user's system directs the user to our website or service
  7. Any websites the user's system accesses via our website or service

Data is also stored in log files on our system. Neither this data nor any other personal data about the user is stored.

2. Legal basis for processing data

The legal basis for temporary storage of data and log files can be found in article 6, section 1, item f) of the GDPR.

3. Purpose of processing personal data

Temporary storage of IP addresses on the system is necessary in order to make the website and services available on the user's computer. The user's IP address must be stored for the duration of the session. IP addresses are stored in log files to ensure the functionality of the website and services. This data also helps us to optimise our website and services and ensure the security of our IT systems. Data stored in this way is not evaluated for marketing purposes. These purposes also constitute legitimate interest for processing data within the meaning of article 6, section 1, item f) of the GDPR.

4. Duration of storage

Data is deleted as soon as the purposes it has been collected for have been fulfilled. If the collection of data is necessary for the provision of the website and services, data is deleted as soon as the respective session is complete. If data is stored in log files, data will be deleted no more than 14 days after the website or service is accessed. It is possible that data will be stored for a longer period. In this case, the user's IP address is deleted or distorted, to ensure that the customer accessing the site can no longer be identified.

5. Revocation and deletion

The collection of data for the provision of the website and services, and the storage of data in log files is essential to the operation of the website and services. There is therefore no possibility for the user to opt out.

V. Use of cookies

1. Description and scope of data processing

Our website and services use cookies. Cookies are small text files stored in your website browser/in the website browser of the user's computer system. When a user accesses a website or service, a cookie may be stored on the user's operating system. This cookie contains a unique string of characters that make it possible to identify the browser if the user accesses the website or the service again. We use cookies to make our website and services more user-friendly. Certain elements on our website and services require us to be able to identify the browser of the user accessing the website or service even if the user comes back to the site after leaving. The data therefore stored and transferred in our cookies can be found in the followingcookies list. Our website and services also use cookies that enable us to analyse the browsing behaviours of users. As a result, the data contained in the list may be transmitted: The data collected can be found in the list above. User data collected in this way is pseudonymised by means of technical procedures where possible. This means it is no longer possible to attribute the data to the user accessing the website or the services. The data is not stored together with the user's other personal data. When our website or our services are accessed and in the registration process for our product, the user is informed of the use of cookies on the website or on the services for the purposes of analysis and a link to this data protection declaration is provided. Information is also provided on how the storage of cookies can be prevented in their browser settings. Each time a user accesses our website or our services, they are informed of the use of cookies for the purpose of analysis and are requested to provide permission for their personal data to be processed in this way. They are also provided with a link to this data protection declaration.

2. Legal basis for processing data

The legal basis for processing personal data using technical cookies can be found in article 6, section 1, item f) of the GDPR. The legal basis for processing personal data using cookies for the purposes of analysis is the users consent, which can be found in article 6, section 1, item a) of the GDPR.

3. Purpose of processing personal data

The purpose of using technical cookies is to make the website and services easier for the user to navigate. Certain functions on our website and services cannot be provided without the use of cookies. For these functions, it is necessary for the website to be able to recognise the browser even after the user navigates away from the website. The use of cookies is required for the following applications:

  1. Shopping basket
  2. Updating language preferences
  3. Remembering search terms

User data collected using technical cookies is not used to create user profiles. The purpose of analytical cookies is to improve the quality and content of our website and services. Using analytical cookies, we can learn about how our website and services are used in order to continuously improve it. These purposes also constitute legitimate interest for processing of personal data within the meaning of article 6, section 1, item f) of the GDPR.

4. Duration of storage/revocation and deletion options

Cookies are stored on the user's computer before being transferred to our website or our services. Users therefore have full control over how cookies are used. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. Stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website or our services, it is possible that certain functions will no longer be available.

VI. Newsletter

1. Description and scope of data processing

Our website and services provide users the option to sign up for our free newsletter. When users subscribe to our newsletter, the data they provide on the subscription form is sent to us.

  1. Name and Surname
  2. Email address
  3. IP address of the computer from which the website or the service is accessed
  4. The date and time of subscription

During the subscription process, the user is asked to provide their consent for their data to be processed. A link to this data protection declaration is also provided. None of the data processed as part of the subscription to our newsletter is shared with third parties. The data is used exclusively for the purpose of sending you our newsletter.

2. Legal basis for processing data

The legal basis for processing data as part of our newsletter subscription process can be found in article 6, section 1, item a) of the GDPR. The legal basis for sending a newsletter to users who have purchased goods or services can be found in article 7, section 3 of the German Fair Trade Practices Act (UWG).

3. Purpose of processing personal data

We collect users' email addresses for the purposes of delivering our newsletter. Any other personal data collected as part of the subscription process is used to prevent the misuse of services or the email address provided.

4. Duration of storage

Data is deleted as soon as the purposes it has been collected for have been fulfilled. Users' email addresses are stored for as long as they remain subscribed to our newsletter. Any personal data collected as part of the subscription process is generally deleted after 14 days.

5. Revocation and deletion options

Users can unsubscribe from our newsletter at any time. A link is provided in each newsletter that users can click on to unsubscribe Users can also unsubscribe by using the privacy dashboard of our products. The option is also provided to revoke permission for the storage of any personal data collected during the subscription process.

VII. Newsletter performance analyses

1. Description and scope of data processing

We analyse the distribution and reception of our newsletter in order to continuously optimise its content. For example, we record how many users open our newsletters and which articles are clicked on most frequently by subscribers. The newsletters contain a small file that is retrieved from the sending server when the newsletter is opened. Technical information such as IP address and a time stamp are also transmitted.

  1. Email address
  2. IP address
  3. Time stamp

None of the data processed as part of the subscription to our newsletter is shared with third parties. The data is used exclusively for the purpose of sending you our newsletter.

2. Legal basis for processing data

The legal basis for processing data as part of our newsletter subscription process can be found in article 6, section 1, item a) of the GDPR.

3. Purpose of processing personal data

We analyse newsletter performance to ensure continuous improvement of our products.

4. Duration of storage

Data is deleted as soon as the purposes it has been collected for have been fulfilled. Results of newsletter performance analyses are stored for as long as users remain subscribed to our newsletter.

5. Revocation and deletion options

Users can unsubscribe from our newsletter at any time. A link is provided in each newsletter that users can click on to unsubscribe Users can also unsubscribe by using the privacy dashboard of our products.

VIII. Registration

1. Description and scope of data processing

We provide users with the option to register on our website by entering their personal data. This data is entered into an online registration form before being transferred to us and stored on our system. This data is not shared with any third parties. The following data is collected as part of the registration process:

  1. Name
  2. Company
  3. Email address
  4. Chosen password

Furthermore, for the same purposes we also process the data that the user voluntarily provides when registering. The data will be used by us for providing the respective user account of our services. Data is stored in a central user account where it can be viewed, changed and updated by the user at any time there. For billing purposes, we also collect and process the payment data of the user after registration, for instance bank details provided by him or any other payment and invoice data. We use qualified payment providers for billing purposes and process payment data in the case of certain payment methods for the purpose of collecting the claims. This applies in particular if legal requirements or internationally agreed financial security standards such as PCI DSS (Payment Card Industry Data Security Standard) make this necessary. At the time of registration, the following additional data is collected:

  1. The user's IP address
  2. The date and time of subscription
  3. Country of user

Users are asked to provide their consent for this data to be processed as part of the registration process.

2. Legal basis for processing data

The legal basis for processing data once consent has been provided can be found in article 6, section 1, item a) of the GDPR. If registration is required for the fulfilment of a contract the user is party to, or for the implementation of pre-contractual measures, an additional legal basis for the processing of this data can be found in article 6, section 1, item b) of the GDPR.

3. Purpose of processing personal data

Users are required to register on our website or our services for the purposes of concluding contracts or for the implementation of pre-contractual measures.

4. Duration of storage

Data is deleted as soon as the purposes it has been collected for have been fulfilled. This applies to data collected during the registration process in order to conclude a contract or for the implementation of pre-contractual measures, if the data is no longer required for the fulfilment of the contract. Even once the contract has been concluded, it may be necessary to store the contractual partner's personal data in order to meet contractual or statutory obligations. Your data will be deleted after the end of the contract, unless statutory provisions (e.g. from tax law) provide for longer storage.

5. Revocation and deletion options

As a user, you have the option to cancel your registration at any time. You also have the option to modify the data you have provided at any time. If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, data can only be deleted if there are no legal requirements preventing the deletion of this data.

IX. Contact forms and email contact

1. Description and scope of data processing

A contact form is available on our website that can be used to get in touch with us online. If a user takes advantage of this service, the data entered into the contact form is transferred to us and stored on our system. This data includes: At the time at which the message is sent, the following additional data is collected:

  1. Name
  2. Email
  3. Company size
  4. Company sector
  5. Company name
  6. Telephone number
  7. Number of employees
  8. IP address of user
  9. Date and time of registration

During the subscription process, the user is asked to provide their consent for their data to be processed. A link to this data protection declaration is also provided. Alternatively, it is possible to contact us using the email address provided. In this case, the personal data transferred when the email was sent is stored on our system. None of the data collected for these purposes is shared with third parties. The data is used exclusively for the purpose of processing the conversation.

2. Legal basis for processing data

The legal basis for processing data once consent has been provided can be found in article 6, section 1, item a) of the GDPR. The legal basis for processing data transferred when a user sends an email can be found in article 6, section 1, item a) of the GDPR. If the email is sent for the purposes of concluding a contract, the legal basis for processing this data can also be found in article 6, section 1, item b) of the GDPR.

3. Purpose of processing personal data

The sole purpose of processing personal data provided in our on-line form is to process any communication between our company and the respective user. If a user contacts us by email, this also constitutes a legitimate interest for processing data. Any other data processed when a user sends an email is used to prevent the misuse of our contact form and ensure the security of our IT systems.

4. Duration of storage

Data is deleted as soon as the purposes it has been collected for has been fulfilled. In the case of personal data entered into the contact form, as well as any data sent to us by email, data is deleted once the respective conversation with the user is terminated. The conversation is deemed as terminated once the respective situation is resolved. Any additional personal data collected when an email is sent is generally deleted no later than 14 days after being stored.

5. Revocation and deletion options

The user has the option to revoke their consent for their data to be processed at any time. If the user contacts us by email, they can revoke their consent for their data to be stored at any time. In this case, the conversation cannot be carried on any further. In this case, all personal data provided during the contact procedure is deleted.

X. Web analytics using Google Analytics, Google Analytics Remarketing, Google AdWords und Google Conversion-Tracking

1. Scope of processing of personal data

1.1 Google Analytics

This website and services uses Google Analytics with Google Tag Manager, a web analytics tool provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files saved on your computer, to help the website or service to analyze how you use the site. The information generated by the cookie and regarding your behavior when using the website or service (including your IP address) will be transmitted to and stored by Google on servers in the United States. If the the IP anonymization is activated, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area before transferring data. Only in exceptional cases, the full IP address is sent to Google servers in the USA and then shortened. On behalf of the website or service provider, Google will use this information for the purpose of analyzing your behavior when you are using the website or service, compiling reports on website activity and providing other services relating to website activity and internet usage to the website or service provider. Google will not link your IP address to any other data stored by Google. You may disable cookies by selecting the appropriate settings in your browser. However, please note that if you do this, you may not be able to use the full functionality of this website and services. Furthermore, you can object to forwarding the data collected with cookies when you visit this website (including the IP address) to Google and prevent Google from processing of data by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en-GB. Google Analytics cookies are stored on the basis of Article 6, section 1, item a) GDPR. The storage is unlimited in time, unless you make use of your possibilities to opt out. In exceptional cases, Google Analytics transfers personal data into the USA, which is subjected to the EU-US-Privacy-Shield https://www.privacyshield.gov/EU-US-Framework . (Legal basis for the use of Google Analytics is Article 6, section 1, item f) GDPR) Information on Google: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Terms of service: https://www.google.com/analytics/terms/us.html, Overview of Privacy Policy: http://www.google.com/intl/en/analytics/learn/privacy.html, Privacy Policy declaration: http://www.google.de/intl/en/policies/privacy.

1.2 Google Analytics Remarketing

Our websites and our services use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behaviour on one device (e.g. your mobile phone), on other devices (such as a tablet or computer). Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging. To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion. You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/. The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Article 6, section 1, item a) GDPR. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Article 6, section 1, item f) GDPR. The website or service operator has a legitimate interest in analysing anonymous user behaviour for promotional purposes. For more information and the Google Privacy Policy, go to: https://www.google.com/policies/technologies/ads/

1.3 Google AdWords und Google Conversion-Tracking

We use Google AdWords. AdWords is an online advertising program of Google Inc, 1600 Amphi- theatre Parkway, Mountain View, CA 94043, United States ("Google"). In the context of Google AdWords we use the so-called conversion tracking. When you click on an ad placed by Google, a cookie will be set for the conversion tracking. Cookies are small text files that the Internet browser places on the user's computer. These cookies lose their validity after 30 days and are not used to identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user has clicked on the ad and has been redirected to this page. Each Google AdWords customer gets a different cookie. The cookies can not be tracked over websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have chosen für Conversion Tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to identify users. If you do not participate in tracking, you obcan opt out by deactivating the Google Conversion Tracking cookie in your Internet browser. Users are then not included in the conversion tracking statistics. Conversion cookies are stored on the basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in analysing user behaviour in order to optimise both our website and our advertising. You can configurate your browser in a way that you will be informed about the setting of cookies or that your browser only allow cookies in certain cases. You can exclude the acceptance of cookies certain cases or generally and activate the automatic deletion of the cookies when closing the browser. If cookies are disabled, the functionality of this website may be reduced. For more information about Google AdWords and Google Conversion Tracking, please see Google's privacy policy.: https://www.google.de/policies/privacy/ .

XI. Subscription or Registration via Facebook

You can sign up for our service with your Facebook account (Facebook Connect). You are forwarded by a link to the Facebook website (Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA), where you can log in with your Facebook login credentials.

1. Scope of processing of personal data

When you sign in using your Facebook account, your Facebook profile will be linked to our service. Please note that we have no influence on the processing of data by Facebook. Please note that you may need to log out of your Facebook account after the transfer process. We receive the following information from Facebook: Name, surname, email address The only information that we use from Facebook is the following: Name, surname, email address This information is mandatory for the login to be able to identify the user. For more information about Facebook Connect, please see Facebook's Privacy Policy and Terms of Service.

2. Legal basis for processing personal data

The legal basis for processing personal data in the subscription or registration process can be found in article 6, section 1, item f) of the GDPR.

3. Purpose of processing personal data

Facebook Connect is used to make your login to our product as convenient as possible.

4. Duration of storage

Data provided to us from Facebook is deleted as soon as the purposes it has been collected for have been fulfilled. If data is stored in log files, data will be deleted no more than 14 days after the website or service is accessed. It is possible that data will be stored for a longer period. In this case, the user's IP address is deleted or distorted, to ensure that the customer accessing the site can no longer be identified.

5. Revocation and deletion

Users have the possibility to cancel the registration at any time. You can change or delete the data stored about you at any time.

XII. Subscription or Registration via Office 365

You can sign up for our service with your Office 365 account. You are forwarded by a link to the Office 365 website from Microsoft (Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399, USA), where you can log in with your Office 365 login credentials.

1. Scope of processing of personal data

When you sign in using your Office 365 account, your Office 365 profile will be linked to our service. Please note that we have no influence on the processing of data by Microsoft. Please note that you may need to log out of your Office 365 account after the transfer process. We receive the following information from Microsoft: Name, surname, email address The only information that we use from Microsoft is the following: Name, surname, email address This information is mandatory for the login to be able to identify the user. For more information about Office 365, please see Microsoft Privacy Policy and Microsoft Services Agreement.

2. Legal basis for processing personal data

The legal basis for processing personal data in the subscription or registration process can be found in article 6, section 1, item f) of the GDPR.

3. Purpose of processing personal data

Login via Office 365 is used to make your login to our product as convenient as possible.

4. Duration of storage

Data provided to us from Microsoft is deleted as soon as the purposes it has been collected for have been fulfilled. If data is stored in log files, data will be deleted no more than 14 days after the website or service is accessed. It is possible that data will be stored for a longer period. In this case, the user's IP address is deleted or distorted, to ensure that the customer accessing the site can no longer be identified.

5. Revocation and deletion

Users have the possibility to cancel the registration at any time. You can change or delete the data stored about you at any time.

XIII. Subscription or Registration via Twitter

You can sign up for our service with your Twitter account. You are forwarded by a link to the website from Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland), where you can log in with your Twitter login credentials.

1. Scope of processing of personal data

When you sign in using your Twitter account, your Twitter profile will be linked to our service. Please note that we have no influence on the processing of data by Twitter. Please note that you may need to log out of your Twitter account after the transfer process. We receive the following information from Twitter: Name, surname, email address The only information that we use from Twitter is the following: Name, surname, email address This information is mandatory for the login to be able to identify the user. For more information about Twitter, please see Twitter Privacy Policy and Terms of Service.

2. Legal basis for processing personal data

The legal basis for processing personal data in the subscription or registration process can be found in article 6, section 1, item f) of the GDPR.

3. Purpose of processing personal data

Login via Twitter is used to make your login to our product as convenient as possible.

4. Duration of storage

Data provided to us from Twitter is deleted as soon as the purposes it has been collected for have been fulfilled. If data is stored in log files, data will be deleted no more than 14 days after the website is accessed. It is possible that data will be stored for a longer period. In this case, the user's IP address is deleted or distorted, to ensure that the customer accessing the site can no longer be identified.

5. Revocation and deletion

Users have the possibility to cancel the registration at any time. You can change or delete the data stored about you at any time.

XIV. Subscription or Registration via Google

You can sign up for our service with your Google account. You are forwarded by a link to the website from Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), where you can log in with your Google login credentials.

1. Scope of processing of personal data

When you sign in using your Google account, your Google profile will be linked to our service. Please note that we have no influence on the processing of data by Google. Please note that you may need to log out of your Google account after the transfer process. We receive the following information from Twitter: Name, surname, email address The only information that we use from Google is the following: Name, surname, email address This information is mandatory for the login to be able to identify the user. For more information about Google, please see Google Privacy Policy and Terms of Service.

2. Legal basis for processing personal data

The legal basis for processing personal data in the subscription or registration process can be found in article 6, section 1, item f) of the GDPR.

3. Purpose of processing personal data

Login via Google is used to make your login to our product as convenient as possible.

4. Duration of storage

Data provided to us from Google is deleted as soon as the purposes it has been collected for have been fulfilled. Collected data is for the provision of our product, data is deleted as soon as the respective session is complete. If data is stored in log files, data will be deleted no more than 14 days after the website or service is accessed. It is possible that data will be stored for a longer period. In this case, the user's IP address is deleted or distorted, to ensure that the customer accessing the site can no longer be identified.

5. Revocation and deletion

Users have the possibility to cancel the registration at any time. You can change or delete the data stored about you at any time.

XV. Rights of the data subject

The following list comprises all the rights of the data subject under the GDPR. You should not include any rights in your declaration that do not apply to your specific website. The list should be modified appropriately. If your personal data is processed, you are deemed a 'data subject' within the meaning of the GDPR and have the following rights.

1. Right to information

You may ask the data controller to confirm whether any personal data concerning you is processed by us. If this is the case, you can request the following information from the data controller:

  1. the purposes for which the personal data is processed;
  2. the categories of personal data processed;
  3. the recipient or categories of recipients the respective personal data has been shared with or continues to be shared with;
  4. the planned storage duration of the respective personal data or, if no specific information is available, the criteria for determining storage duration
  5. whether you have the right to rectification or erasure with regard to the respective personal data, the right to restriction of processing carried out by the data controller or the right to object to processing;
  6. whether you have the right to appeal to a supervisory authority;
  7. all available information regarding the origin of the data, if the personal data has not been collected from the data subject;
  8. whether an automated individual decision-making process including profiling exists in accordance with article 22, sections 1 and 4 of the GDPR and, in this case, what authoritative information is available on the logic involved, as well as the scope and intended effects of this type of processing on the data subject.

You have the right to request information regarding whether your personal data is shared with another country or state, or to an international organisation. In this regard, you may request information on the appropriate guarantees in accordance with article 46 of the GDPR in relation to transfer of data.

2. Right to rectification

You have the right to obtain from the data controller rectification and/or completion of your data if the processed data concerning you is inaccurate or incomplete. The data controller is required to make the correction without undue delay.

3. Right to restriction of processing

Under the following circumstances, you may request the restriction of processing of any of your personal data:

  1. if you contest the accuracy of your personal data for a period of time that enables the data controller to verify the accuracy of your personal information;
  2. if the processing is unlawful and you refuse the erasure of the personal data in favour of restricted use of the personal data;
  3. the data controller no longer requires the personal data for processing purposes, but you require it for the establishment, exercise, or defence of legal claims;
  4. You have objected to processing pursuant to article 21, section 1 of the GDPR pending verification of whether the legitimate grounds of the controller override your own.

If the processing of your data is restricted, this data will – with the exception of storage – only be processed with your consent or for the establishment, exercise of defence of legal claims or for the protection of the rights of another natural person or for reasons of important public interest of the Union or of a member state. If you have obtained restriction of processing pursuant to the aforementioned provisions, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Erasure obligation

You may request from the data controller that your personal data be deleted without undue delay. The data controller is under obligation to delete the data without undue delay if any of the following points apply:

  1. the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based according to article 6, section 1, item a), or article 9, section 2 GDPR, and where there is no other legal ground for the processing;
  3. the data subject objects to the processing pursuant to article 21, section 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21, section 2 GDPR;
  4. the personal data has been unlawfully processed;
  5. the personal data has to be deleted for compliance with a legal obligation in the Union or Member State law to which the controller is subject;
  6. the personal data has been collected in relation to the offer of information society services referred to in article 8, section 1.
b) Information for third parties

Where the data controller has made the personal data public and is obliged pursuant to article 17, section 1 GDPR to delete the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

c) Exceptions

Right to erasure does not apply to the extent that processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with article 9, section 2, items h), and i), and article 9, section 3 of the GDPR.
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89, section 1 of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  5. for the establishment, exercise or defence of legal claims.

5. Right to notification

If you have the right to notification, erasure or restriction of processing, the data controller is required to communicate this rectification, erasure or restriction to all recipients to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the data controller about these recipients.

6. Right to data portability

You have the right to receive any personal data you have provided to the data controller in a structured, commonly used, machine-readable format. You also have the right to transmit this data to another data controller without hindrance from the controller to which you have provided your data, if

  1. the processing is based on consent pursuant to article 6, section 1, item a) of the GDPR or article 9, section 2, item a) of the GDPR or on a contract pursuant to article 6, section 1, item b) of the GDPR; and
  2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others. The right to portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on article 6 section 1 item e) or f) of the GDPR, including profiling based on those provisions. The data controller will no longer process the personal data unless they demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes. In the context of the use of information society services and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to object by automated means using technical specifications.

8. Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. Revocation of consent does not affect the legality of any processing carried out on the basis of consent prior to revocation. In the event of revocation of your consent, we are currently no longer able to make our products available to you for technical reasons.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or affects you in a similarly significant way. This does not apply if the decision

  1. is necessary for entering into, or performance of, a contract between you and the data controller;
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your own rights and freedoms and legitimate interests or
  3. is based on your explicit consent

These decisions must be not be based on special categories of personal data referred to in Article 9, section 1 of the GDPR, unless article 9, section 2, item a) or g) of the GDPR apply and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state you are a resident of, your place of work, or place of alleged infringement if you believe that the processing of your personal data violates the provisions of the GDPR. The supervisory authority to which the complaint has been submitted must inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to article 78 of the GDPR.

Last modified: May 25, 2018

o Registrati