Privacy Policy

Data Protection

Data protection is a fundamental concern for us, and we also put the protection of personal data concretely into practice. As a first point, we try to collect as little data as possible. Where we do, you can expect us to handle your data sensitively and carefully. 

We use Matomo's privacy-friendly technology for statistical analysis of site usage. We collect your data without reference to you personally. Users with an activated DoNotTrack setting in their browser are automatically excluded.

To protect the security of your data during transmission we always use state-of-the-art encryption methods and protocols, such as TLS and HTTPS.

We act in compliance with the following regulations: Datenschutzgrundverordnung (EU General Data Protection Regulation, GDPR), Bundesdatenschutz and Telemediengesetz (German Federal Data Protection Act and Telemedia Act). We will collect and process users' personal information only to the extent described in this Privacy Policy.

Which data we collect

  • When visiting our pages your IP address, browser data, and time of access will be stored temporarily. For analytical purposes we only use your IP address in abbreviated form. We use the Matomo software for this.
  • If you subscribe to our newsletter or other mailing list, we will store your e-mail address, and - if provided - your name, salutation, company name and position. We use the service provider MailJet for delivering our mailing lists.
  • When you become a member of polypoly SCE mbH we store your name, address, nationality, e-mail address, payment information, number of cooperative shares and other membership information (status, date, etc.).
  • If you visit our social media pages or contact us through them, polypoly may have access to information about your profile. We use the service provider Agorapulse to manage our social media pages.

What we use your data for

  • For statistical analysis, which articles are particularly popular, and for regular operation of the website.
  • To resolve technical issues and prevent spam or other attacks.
  • Stored IP addresses and browser data are deleted after a maximum of 45 days. The data we use for statistical analysis is stored without any reference to you personally.
  • To enable the admission of members to the cooperative.
  • Stored membership data will be used for administration of the membership, for keeping the register of members, and for other activities related to member administration.
  • To be able to send information to our subscribers and members via email.
  • For responding to support and other user requests.

Your rights

You can always contact us and ask for...

  • Information
  • Correction
  • Deletion
  • Restriction of processing
  • Access

...concerning the data stored about you, please contact us by email: Artur Andretta (artur.andretta@port-zero.com).

Privacy Policy - Detailed Version

I. Name and address of the responsible person

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

pc polypoly coop SCE mbH
("The polypoly Cooperative")

Reichenberger Str. 121
10999 Berlin
Germany

The controller's data protection officer is:

Port Zero GmbH
Artur Andretta
Paul-Lincke-Ufer 7e
10999 Berlin
Email: artur.andretta@port-zero.com

II. General information about data processing

1. Nature and extent of the collection and processing of personal data

In principle, we process the personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. Personal data is collected and processed when you register for our newsletter or mailing lists. Furthermore, we store data that arises when using our service but only for statistical reasons, and in an anonymised manner. A creation of profiles, tracking, or other evaluation on the level of individual visitors does not take place.

2. Legal basis for the processing of personal data

We obtain the consent of the data subject for processing of personal data under Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as legal basis. Insofar as processing of personal data is required to fulfill a legal obligation that is subject to polypoly, Art. 6 para. 1 lit. c GDPR as legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR as legal basis for processing.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. It may also be stored if provided for by the European or national legislator in EU regulations, laws or other regulations to which polypoly is subject. A blocking or deletion of the data takes place also if a storage period prescribed by the cited standards expires, unless there is a need for further storage of the data for a contract conclusion, or a contract fulfilment. Details can be found in the following sub-items.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data will be collected:

  1. Information about the browser type and the version used
  2. The operating system of your computer
  3. The Internet service provider you are using
  4. The IP address of your computer
  5. Date and time of access
  6. Websites from which the user's system accesses our website ("referrers")
  7. Websites accessed by your system through our website

The data is stored temporarily in the log files of our system, and not stored together with other personal data.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to your computer. For this purpose, the IP address of your computer must remain stored for the duration of the session. Log files are stored to ensure the functionality of the website and the security of our information technology systems. We do not use IP addresses to identify you. The data is not evaluated for marketing purposes.

Our legitimate interest in data processing pursuant to Art. 6 Para. 1 lit. f GDPR lies in these purposes.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

  • In the case of the collection of data to provide the website, this is the case when the respective session is terminated.
  • If the IP address is stored in log files, this is the case after 45 days at the latest.

5. Possibility of opposition and removal

The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of opposition.

IV. Statistical analysis

1. Description and scope of data processing

Our website uses Matomo (formerly: PIWIK). This is open-source software with which we can analyse the use of our site. Data such as your IP address, the pages you visit, the website from which you came (referrer URL), the duration of your visit, and the frequency of your visits is processed.

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer.

We use Matomo with the "Automatically Anonymise Visitor IPs" function. This anonymisation function truncates your IP address by two bytes so that it is impossible to assign it to you or to the internet connection you are using.

The following data will be collected without any reference to you personally:

  1. Information about the browser type and the version used
  2. Your computer's operating system and type of your device
  3. The internet service provider you use
  4. The anonymised IP address of your computer
  5. Date and time of access
  6. Visiting and loading time of the page
  7. The city and country of your access (based on anonymised IP address)
  8. Screen resolution
  9. Websites from which the user's system reaches our website (“referrer”)
  10. Websites that are accessed by your system through our website

Information of this type may be statistically evaluated by us in order to optimise our website and the technology behind it. The data thus collected will be temporarily stored, but not in association with any other of your data.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

Our legitimate interest lies in the analysis and optimisation of our website. We do not use your data to draw conclusions about you personally.

4. Duration of storage

We archive the data permanently without reference to your IP address or you personally.

5. Possibility of opposition and removal

If you want to be excluded from any statistical analysis you can remove the tick here to set an “opt-out” cookie. Users with an activated DoNotTrack setting in their browser are automatically excluded.

No further possibilities of opposition or removal are available given that the data is stored with anonymised IP address and without any reference to you personally.

V. Acquisition of membership

1. Nature and extent of the collection and processing of personal data

You can become a member of our European cooperative on our website. In order to be able to guarantee the acquisition of a membership online via our website, we cooperate with the elopage sales platform. The acquisition of a membership is offered on our main page. As soon as you click on our acquisition button, you leave our website and will be redirected to our individual elopage sales page "join.polypoly.coop". The payment transactions are processed there. The payment is processed via the service of our partner elopage and their cooperation bank Lemonway. The data transmitted is exclusively data that is necessary for this processing and for fraud prevention.

All functions on the sales side as well as the entire downstream sales processing are carried out by elopage. You can find elopage's privacy policy here.

2. Legal basis for data processing

For the processing of personal data, which is necessary to fulfil a contract, with Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

VI. Administration of membership

1. Nature and extent of the collection and processing of personal data

According to Art 14 Paragraph 4 of Regulation (EC) No. 1435/2003 on the Statute for a European Cooperative Society (SCE), we must keep a register of members and store the following data on each member:

  • First name(s)
  • Last name
  • Address (street, house number, postal code, city, country)
  • Number of cooperative shares
  • Membership type

We also store the following personal data:

  • Email address
  • Nationality(s)
  • Transaction details of the payment (amount, payment method, transaction ID, date, status of the payment)
  • Joining date
  • Confirmation that the member has taken note of the statutes
  • Confirmation that the member is over 18 years of age
  • Leaving date, If applicable
  • Resignation date, if applicable
  • Reason for termination, if applicable

2. Purposes of processing

  • Admission of members to the cooperative
  • Keeping a directory of members
  • Providing information to members via the website and via email
  • Conducting general meetings and other activities in the context of member management

3. Legal basis for processing

Fulfillment of a contract in accordance with Art 6 Para. 1 b GDPR. In particular, we need the data of your entry process to be able to accept you as a member of the cooperative and to manage your membership.

Legal obligation according to Art 6 Para 1 lit c GDPR, because according to Art. 14 Para. 4 of Regulation (EC) No. 1435/2003 on the Statute for a European Cooperative Society (SCE) a register with data of the members must be kept.

Our legitimate interests in accordance with Art 6 Para 1 lit f GDPR. For example, to keep members up-to-date and specifically informed about the further development of the cooperative.

VII. Member communication via email

1. Description and scope of data processing

If you have become a member of the polypoly cooperative, you will automatically be added to mailing lists that we use to communicate with our members. In doing so, the following data will be transmitted to our email service provider MailJet and stored there:

  • First name(s)
  • Last name
  • Email address
  • Date and time of registration

When purchasing shares of the cooperative to become a member, reference is made to this privacy policy.

We do not use so-called tracking pixels (also known as "web beacons") for member communications. No analysis takes place whether and when you read our email messages and whether you followed any links contained in them.

2. Purpose of data processing

  • Admission of members to the cooperative
  • Providing members with information via mailing list messages

3. Legal basis for data processing

  • Fulfilment of a contract according to Art 6 para. 1 b GDPR. In particular, we need the data of your joining process to be able to accept you as a member of the cooperative and to manage your membership.
  • Legal obligation pursuant to Art 6 para. 1 lit. c GDPR, as we have a legal obligation to inform you about important aspects of your membership or the cooperative (e.g. invitation to a general meeting).
  • Safeguarding our legitimate interests pursuant to Art 6 para. 1 lit. f GDPR, so that we can inform members in an up-to-date and targeted manner about the further development of the cooperative.

4. Duration of storage

Email address and related information will be stored and processed by our mailing list service provider for as long as an active membership in the polypoly cooperative exists.

5. Possibility of opposition and removal

If the basis of the processing is based on Art 6 para. 1 b GDPR (contract fulfilment) or Art 6 para. 1 lit. c GDPR (legal obligation), there is no possibility of objection and removal.

In all other cases, the subscription to the mailing list can be cancelled by you at any time. For this purpose, you will find a corresponding link in such mailing list messages.

VIII. Mailing lists and newsletters

1. Description and scope of data processing

You can subscribe to free newsletters and mailing lists on our website. When subscribing to a mailing list or newsletter, the email address and other information you provided (e.g., name, company, position, etc.) are sent to our mailing list provider MailJet and stored there. Your consent will be obtained for the processing of your data during the registration process and reference will be made to this privacy policy. The date and time of registration will be saved to document your consent. The data will be used exclusively for sending the messages of the mailing list you registered for.

The newsletter or mailing list messages subsequently sent via MailJet may contain a so-called tracking pixel, also known as a "web beacon". With the help of this tracking pixel, we can evaluate whether and when you read our email messages and whether you followed any links contained in it. In addition to other technical data, such as the data of your IT system and your IP address, the data processed is stored so that we can optimise our service offer and respond to the wishes of the readers. The data will thus increase the quality and attractiveness of our service offering.

2. Purpose of data processing

The collection of your email address and related data serves to deliver the newsletter or mailing list. The date and time of registration are collected exclusively to document the registration for the newsletter or mailing list.

3. Legal basis for data processing

The legal basis for processing of the data, delivery of newsletter or mailing list and statistical analysis is your consent according to Art. 6 para. 1 lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. Accordingly, the email address, related data and subscription date will be stored as long as the newsletter or mailing list subscription is active.

5. Possibility of opposition and removal

The subscription of the newsletter or mailing list can be cancelled by you at any time. For this purpose you will find a corresponding link in every newsletter or mailing list posting, and in the confirmation e-mail. This also allows you to revoke your consent to the storage of personal data collected during the registration process.

IX. Social Media Services

polypoly maintains company profiles, pages, channels or groups on the following social media networks (hereinafter referred to as "social media page(s)"):

  • Twitter
  • Facebook
  • Instagram
  • LinkedIn
  • YouTube
  • Telegram

Through these social media sites, we engage with users of these services and regularly share content. The use of our social media pages is optional and not required to become a member of The polypoly Cooperative.

When you use these social networks, the nature, scope and purposes of the processing of data in the social networks are primarily determined by the operators of the 1social networks. The data collected about you in this context will be processed by the respective operators of the social networks and, if necessary, transferred to countries outside the European Union. polypoly has no influence on this.

If you visit our social media pages or contact us through them, polypoly may have access to information about your profile. polypoly does not process this data outside the respective social network. A creation of profiles, user tracking or any other evaluation on the level of individual visitors does not take place.

We would therefore like to expressly point out that any use of our social media pages is your own responsibility. If you do not wish processing of any data in connection with the operators of the social networks, please contact us by other means.

In the following, we would like to draw your attention to some details relevant to data protection when using our social media pages.

1. Responsible person for processing

If you submit personal data to us via our social media pages and we alone decide on the purposes and means of the processing, polypoly is the solely responsible controller.

However, in the first instance, the operators of the respective social networks alone decide on the purposes and means of the processing. In this case, the persons responsible for the processing are the operators of the respective social networks listed below:

  • Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, bzw. Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA - Twitter-Datenschutzrichtlinie
  • Facebook: Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, bzw. Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA - Facebook-Datenschutzrichtlinie
  • Instagram: Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, bzw. Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA - Instagram-Datenschutzrichtlinie
  • LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, bzw. LinkedIn Inc., 1000 West Maude Avenue, Sunnyvale, CA 94085, USA - LinkedIn-Datenschutzrichtlinie
  • YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, bzw. Google LLC, 1600 Amphitheatre Parkway. Mountain View, CA 94043, USA - Google-Datenschutzerklärung
  • Telegram: Telegram FZ-LLC, Business Central Towers, Tower A, Office 1003/1004, P.O. Box 501919, Dubai, United Arab Emirates - Telegram-Datenschutzrichtlinie

2. Description and scope of data processing

a) General information

If you visit our social media pages, respond to posts, leave comments or contact us via a private message, then the operator of the respective social network will process corresponding personal data from you. We would like to expressly point out that we have no influence on how this data is processed by the respective operator of the social network. 

In addition to the content you submit, depending on your privacy settings, information about your profile (e.g., name and username) and, if applicable, your likes and posts are accessible to us.

We use the tools and services from Agorapulse SAS, France to manage polypoly's social media pages on Twitter, Facebook, Instagram, LinkedIn, and YouTube. If you engage with us through any of these social media networks your social media information and data will be processed and stored by Agorapulse on our behalf for a certain period of time.

Agorapulse allows our social media team to effectively manage our social media pages, to view and respond to your comments and messages, and to view and create statistics and analytical reports for each social media network. All data processed or stored by Agorapulse is data that's also directly available to polypoly via each of the social networks mentioned above. All statistics and reports available via Agorapulse contain data only in aggregated form. Agorapulse stores and processes data on Amazon AWS servers in Ireland. You can find more information in their privacy policy and on their GDPR page.

Apart from Agorapulse, polypoly does not process the aforementioned data outside of the respective social network as a matter of principle. There is no further profiling, user tracking or other evaluation on the level of individual visitors does not take place.

Please carefully check which personal data you share with us via social networks. If you would like to avoid that the operators of the respective social network and Agorapulse process personal data transmitted by you to us, please contact us by other means.

b) Special notes on Facebook and Instagram

For our social media pages on Facebook and Instagram, Facebook as the operator of the social networks automatically generates statistics and makes them available to us. As the operator of the social media pages, we have no influence on the generation and presentation.

The statistics contain data only in aggregated form, and are used by us to make our posts and activities on our social media pages as appealing as possible to users. You can find more information about these page statistics on Facebook in their information about Page Insights Data.

c) Special notes on LinkedIn

For our social media pages on LinkedIn, LinkedIn as the operator of the social network automatically generates statistics and makes them available to us. As the operator of the social media pages, we have no influence on the generation and presentation.

The statistics contain the following data only in aggregated form, and the information is used by us to make our posts and activities as appealing as possible to users:

  • information about page visitors (count, demographics)
  • information about followers (count, demographics, how many have followed or unfollowed the page)
  • interactions (how often a message was viewed and shared, other reactions and how often links were followed).

You can find more information about these page statistics on LinkedIn in their documentation about the Page Analytics Module.

d) Special notes on Telegram

For our Telegram channels and groups, Facebook as the operator of the social networks automatically generates statistics and makes them available to us. As the operator of these channels and groups, we have no influence on the generation and presentation.

The statistics contain the following data only in aggregated form, and the information is used by us to make our posts and activities as appealing as possible to users:

  • growth and count of subscribers, including how many have joined or unsubscribed the channel or group
  • how many subscribers receive notifications and whether the channel or group has been muted
  • views by time of day
  • views by origin (followers, link, search, private messages, etc.)
  • subscribers by origin (link, search, private messages, groups, channels)
  • preferred language of subscribers
  • interactions (how often a message was viewed or shared)

3. Purpose of data processing

  • Providing information to members and interested parties.
  • Answering inquiries that are directed to us via the respective social networks.

4. Legal basis for data processing

  • Safeguarding our legitimate interests pursuant to Art 6 para. 1 lit. f GDPR, when contacting us or interacting with our social media pages or its content.
  • If you wish to become a member of the polypoly cooperative, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.

5. Duration of storage

As far as we are able, your data will be deleted when the operation of our social media pages is discontinued.

The Agorapulse service we use to manage our social media profiles and pages on Facebook, Instagram, Twitter, LinkedIn and YouTube has a maximum retention period of 6 month.

If further storage of this data was carried out by the operators of the respective social networks, the duration of storage is governed exclusively by the provisions of the privacy policy and the terms of use of the respective operator.

6. Possibility of opposition and removal

Depending on which social network you would like to exercise your right of opposition or removal, you have different options.

The options include, but may not be limited to you adjusting the privacy setting of your social media account, unfollowing our social meda pages, deleting messages, comments and likes, or deactivating your social media account. For details, please consult the privacy policy of the operator of the social network concerned. Removing your content from a social media network will also remove the corresponding content from the Agorapulse service.

If you have submitted personal data to us via our social media pages and we are the data controller, please contact polypoly or our data protection officer. Further detailed information about your rights can be found in the section "Rights of the data subject" below.

X. Customer Service

1. Description and scope of data processing

You can contact the support team by e-mail. In this case, we will process the data you provide to us as part of your inquiry to the extent necessary for customer support.

2. Purpose of data processing

  • Customer service and answering other customer and user inquiries
  • Error analysis in order to solve technical problems

3. Legal basis for data processing

The legal basis for the processing of data for customer service inquiries is the fulfillment of a contract pursuant to Art. 6 para. 1 b DSGVO.

If requests are not based on a contract, the legal basis is the safegarding of our legitimate interests pursuant to Art 6 para 1 lit f DSGVO.

4. Duration of storage

All personal data transmitted to us in the context of customer support will be automatically deleted six months after the last activity in the respective support case, unless we are obliged to further storage due to commercial and tax law reasons.

5. Possibility of opposition and removal

You can contact us or our data protection officer at any time regarding your personal data that you have transmitted to us. Further detailed information about your rights can be found in the section "Rights of the data subject" below.

XI. Data Processors

Commissioned data processing only proceeds on the basis of a data processing contract. We have entered such an agreement with all of our Processors.

The following service providers will have access to your personal data in whole or in part:

  • Hetzner – We host our website with our contract processor Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Connection data is processed for the purpose of monitoring the technical function and increasing the operational security of our web host. – https://www.hetzner.de/rechtliches/datenschutz/
  • elopage – For the purchase of memberships offered on our website we need a shop system. For this we use the service of our contract processor elopage GmbH, Kurfürstendamm 182, 10707 Berlin, Germany. – https://elopage.com/privacy 
  • polypoly – Our contract processor polypoly GmbH, Reichenberger Str. 121, 10999 Berlin, Germany supports us with various services, including the operation of the website, the e-mail service and the analytics service Matomo and finally the administrative services related to the payment for the purchase of a membership. – https://polypoly.com/en-gb/privacy-policy
  • sipgate – Our contract processor sipgate GmbH, Gladbacher Str. 74, 40219 Düsseldorf, Germany is used to handle our incoming and outgoing telephone calls with our members and/or interested parties. Your data will also be stored there if you leave a message on our answering machine. – https://www.sipgate.de/datenschutz
  • MailJet – For mailing list management and email delivery, we use the services of MailJet GmbH, Alt-Moabit 2, 10557 Berlin, Germany and MailJet SAS, 13-13 bis, rue de l'Aubrac, 75012 Paris, France. – https://www.mailjet.com/security-privacy/
  • Kreuzwerker – Some of our customer service tools are hosted with our contract processor kreuzwerker GmbH, Ritterstraße 12-14, 10969 Berlin, Germany – https://kreuzwerker.de/en/privacy-policy
  • Agorapulse – We use tools and services of our contract processor Agorapulse SAS, 32 Rue de Rivoli, 75001 Paris, France to manage our social media profiles. – https://www.agorapulse.com/privacy-policy/

XII. Other transmission of data to third parties

1. General information

polypoly does not pass on any personal data to third parties unless there is a legal obligation to do so. We do not sell or market any personal data. However, the use of content from external providers that are integrated on the website may result in the transmission of data to them.

2. Social media links under articles

We do not use social media plug-ins, as this means that your information is immediately collected by these services with your IP address and your further activities on the Internet are logged. This would happen even if you do not click on any of the buttons. To prevent this, there are simple links under our articles to share the text. If you use the links to share articles on social media services, they will be informed that you are coming from our site.

3. External video providers

When some external video hosters such as Youtube are integrated, cookies are normally set, and data such as the IP addresses are transferred to the providers – normally even without the video being clicked on. Therefore we try to avoid the use of such services. To ensure that as little data as possible is transmitted when we need to integrate such a video, we rely on integration without cookies. Since the preview image loads automatically, your IP addresses are already transmitted to e.g. Youtube when you call up the page.

XIII. Rights of the data subject

If your personal data is processed by us, you are the data subject within the meaning of the GDPR and you have the following rights against us:

1. Right to information

You may request confirmation from us as to whether personal data relating to you will be processed by us.

In the event of such processing, you may request the following information from us:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data processed;
  3. the recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed;
  4. the planned duration of the retention of the personal data concerning you or, if it is not possible to provide specific information in this regard, criteria for determining the retention period;
  5. the existence of a right to rectify or delete personal data concerning you, a right to limit the processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the origin of the data, if the personal data is not collected from the data subject;
  8. the existence of automated decision-making including profiling in accordance with Article 22(1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the relevant guarantees pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right of rectification and/or integration with us if the personal data processed concerning you is inaccurate or incomplete. The person responsible must rectify the data without delay.

3. Right of restriction of processing

Under the following conditions, you may request that the processing of your personal data be restricted:

  1. if you dispute the accuracy of the personally identifiable information about you for a period of time that allows us to verify the accuracy of the personally identifiable information;
  2. the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
  3. we no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
  4. if you have lodged an objection against the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.

Where the processing of personal data concerning you has been restricted, such data may not be processed, with the exception of their storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State. If the processing restriction has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

4. Right to erasure

a) Cancellation obligation

You may request us to delete your personal information immediately and we are obligated to delete that information immediately for any of the following reasons:

  1. Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke the consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 (2) GDPR.
  4. The personal data concerning you have been processed unlawfully.
  5. The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
  6. The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 Para. 1 GDPR.

b) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist if the processing is necessary

  1. to the exercise of freedom of expression and of information;
  2. to fulfil a legal obligation which the processing requires under the law of the Union or of the Member States to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. on grounds of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;
  4. for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under section a) presumably makes it impossible or seriously impairs the attainment of the objectives of such processing, or
  5. for the assertion, exercise or defence of legal claims.

5. Right to information

If you have exercised the right to correction, deletion or limitation of processing against us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this correction, deletion or limitation of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about these recipients.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to communicate this data to another responsible person without being hindered by the responsible person to whom the personal data has been provided, provided that

  1. the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
  2. processing is carried out using automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by one responsible person to another responsible person, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f GDPR. We will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

8. Right to withdraw data protection consent

You have the right to revoke your privacy statement at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you reside, at your place of work or at the place where the alleged infringement is alleged, if you consider that the processing of your personal data is in breach of the GDPR. The supervisory authority with which the complaint was lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Berlin Commissioner for Data Protection and Freedom of Information
Maja Smoltczyk
An der Urania 4-10
10787 Berlin
mailbox@datenschutz-berlin.de

XIV. Changes to our privacy policy

We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration then applies to your next visit.

Last updated: 27 May 2021