Skip to content

Privacy Policy

Version: 11/2022

Protecting your privacy is important to us. If and to the extent that personal data is made available to us, it will be processed in accordance with the provisions of the EU Data Protection Directive (DSGVO) and its current interpretation, and in particular in accordance with the statutory data protection provisions of the German Federal Data Protection Act (BDSG), and other similar national, or federal regulations of the US. All data is treated confidentially. With the following data protection information, we would like to explain in detail how data is handled.

1. Contact details of the responsible party and the data protection officer
1.1 Name and address of the responsible party
The responsible party within the meaning of the German Data Protection Act (DSGVO) and other national data protection laws of the Member States as well as other data protection regulations (Art. 4 Para. 7 DSGVO) is:

userwerk LLC represented by the managing directors Jonathan Hancock & Robert Naser
1343 Main St., Suite 310, Sarasota, FL 34236, United States
E-Mail: hello@userwerk.com

1.2 Name and address of the data protection officer
The data protection officer of the responsible party is:
Stefan Schwytz, c/o Kulitz & Twelmeier GmbH, Magirus-Deutz-Str. 12, 89077 Ulm, Germany
E-mail: datenschutz@userwerk.com

2. General information about the collection of personal data
2.1 Basic principle
This data protection declaration applies to all customers, interested parties and employees as well as contractors and other natural persons who use our online offers and the websites, functions and contents associated with them (hereinafter jointly referred to as “online offer” or “website”). The Privacy Policy applies irrespective of the domains, systems, platforms and devices (e.g., desktop or mobile) on which the Online Service or the Website is operated.
2.2 Principles on the scope of the processing of personal data
We share the philosophy underlying the DSGVO and the Federal Data Protection Act (BDSG) that the collection and processing of personal data (“data”) must be limited as far as possible. Therefore, we process personal data only to the extent necessary for clearly defined purposes, which are described below (principles of data avoidance and data economy). Data processing is only permitted if it is based on a sufficient legal basis or consent (principle of legality). This means that we generally only process personal data insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data is generally only carried out with your consent. Exceptions to this are those cases in which it is not possible to obtain prior consent for practical reasons and the processing of the data is permitted by law. Unless otherwise specified below, the terms “processing” and “handling” include in particular the collection, use, disclosure and transfer of personal data (see Art. 4 No. 2 DSGVO).

2.3 General Legal Basis for the Processing of Personal Data
2.3.1 General legal basis
The processing of personal data is generally prohibited and only permitted in exceptional cases. The permissibility of data processing can only result from the fact that the processing of the data can be based on a suitable legal basis. The following may be considered as such:
– Insofar as we have obtained the consent of the person concerned for the processing of personal data, Art. 6 para. 1 lit. a DSGVO serves as legal basis.
– If the processing of personal data is necessary for the performance of a contract in which the data subject is a party, Art. 6 Abs. 1 lit. b DSGVO serves as a legal basis. This also applies to processing which is necessary for the implementation of pre-contractual measures.
– Insofar as the processing of personal data is required to comply with a legal obligation to which we are subject, Art. 6 para. 1 lit. c DSGVO serves as legal basis.
– For the case that vital interests of the affected person or another natural person make processing of personal data necessary, Art. 6 Abs. 1 lit. d DSGVO serves as legal basis.
– Insofar as the processing is required for the performance of a task that lies in the public interest or is carried out in the exercise of public authority that has been entrusted to us, Art. 6 para. 1 lit. e DSGVO is the legal basis for the processing.
– If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, rights and freedoms of the data subject do not override the aforementioned interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.
2.3.2 Special legal basis for the processing of special categories of personal data pursuant to Art. 9 DSGVO
The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguous identification of a natural person, health data or data relating to the sex life or sexual orientation of a natural person is prohibited. In exceptional cases, the processing of these special categories of personal data by us may also be permitted, provided that a suitable legal basis exists. These include in particular:
– Where the data subject has expressly consented to the processing of the special categories of personal data for one or more specified purposes, this shall constitute the legal basis for the processing (Art. 9 para. 2 lit. a DSGVO). This does not apply to the extent that Union law or the law of the Member States prohibits the processing of special categories of personal data.
– In the case that the data subject has obviously made the data public, Art. 9 para. 2 lit. e DSGVO is the legal basis for the processing.
– As far as the processing of the data is necessary for the assertion, exercise or defense of legal claims, the processing is based on Art. 9 Abs. 2 lit. f DSGVO.
– The processing of the data is permitted to the extent that it is necessary for reasons of substantial public interest on the basis of Union law or the law of a Member State which is in an appropriate relationship to the objective pursued, respects the nature of the right to protection of personal data and provides for appropriate and specific measures to safeguard the rights and interests of the data subject, cf. Art. 9 para. 2 lit. g DSGVO.

2.4 Objection and revocation to the processing of data
Any consent given for the processing of data may be revoked at any time. Such revocation shall affect the permissibility of the processing of personal data after it has been communicated to us.
Insofar as we base the processing of personal data on a balance of interests, an objection can be lodged against the processing. This is the case, in particular, if the processing is not necessary for the performance of a contract, as described below in the description of functions. When exercising such an objection, we ask for a statement of the reasons why we should not process the personal data as conducted by us. In the event of a justified objection, we will review the situation and either cease processing the data, adjust the processing, or provide our compelling legitimate reasons for continuing the processing.

2.5 Data deletion and retention period
Personal data will be deleted or blocked by us as soon as the purpose of storage no longer applies; blocking in this context means any removal of the reference to the personal data. A storage can take place furthermore, if this was provided by the European or national legislator in regulations, laws or other regulations, to which we are subject. A blockage or deletion of the data is also carried out if a storage period prescribed by the aforementioned standards has expired, unless there is a need for further storage of the data for the purpose of concluding or fulfilling a contract. An anonymization of the personal data will be carried out regularly after 3 months (Art. 5 Abs. 1 lit. e) DSGVO). Anonymization can take place at any time at the request of the customer, for example in the case of unintentionally or unlawfully collected data (Art. 17 DSGVO).

3. Purpose and legal basis of the processing of your personal data as well as further information on the concrete data processing
3.1 Visiting our website
3.1.1 Description and scope of data processing
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer (personal data that your browser transmits to our server). This is purely technical and intended, unless you register or provide information in some other way. The following data is collected
– User’s IP address
– Date and time of the request or access
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– Amount of data transferred
– Website from which the request comes (from which the user’s system comes to our website)
– Website from which the user’s system accesses our website
– Information about the browser type and version used
– Operating system and its interface
– Language and version of browser software
3.1.2 Purpose of data processing
The temporary storage of the above-mentioned data, in particular the IP address, by the system is necessary to enable the website to be delivered. For this purpose, the IP address must be stored for the duration of the session. It is generally not possible to call up pages on the Internet without the IP being transmitted. This also serves the purpose of evaluating and maintaining system security and stability, as well as other administrative purposes. The data is stored in log files to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
3.1.3 Legal basis for data processing
The legal basis for the temporary storage of data is Art. 6 par. 1 lit. f DSGVO. Our legitimate interest is based on the above-mentioned purposes of data collection. Under no circumstances will we use the collected data to draw conclusions about your person.
3.1.4 Duration of storage
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is terminated. In the case of the storage of data in log files, this is the case after seven days at the latest. Longer storage is possible. In this case, the IP addresses of the users will be deleted or changed in such a way that it is no longer possible to identify the requesting client.
3.1.5 Right of Objection and Removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Therefore, there is no possibility to object.

3.2 Integration of Google Maps
3.2.1 Description and scope of data processing
For our website (not the integration of online offers), we use maps from Google, which we integrate on our pages (third-party content). The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
3.2.2 Purpose of data processing
Third parties on our website may use the data thus obtained for statistical or marketing purposes.
3.2.3 Consent to the transfer of personal data to a third country
Third parties on our website may use the data obtained in this way for statistical or marketing purposes in a third country only if the special requirements of Art. 44 ff. DSGVO. The transfer of data may then be effected if the European Commission, by way of a decision within the meaning of Art. 45 par. 1, 3 DSGVO that an adequate level of data protection is ensured in the third country concerned. The European Commission certifies third countries through such so-called adequacy decisions. You can find a list of these countries as well as a copy of the adequacy decision here: https://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html.
By agreeing to the data collection by Google, you expressly agree to the data transfer described above, whereby you have been informed above about the possible risks of such a data transfer without an appropriate order and without appropriate guarantees. This consent can be revoked at any time. A revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.
3.2.4 Legal basis for data processing
The legal basis for the processing of your data is Art. 6 Abs. 1 S. 1 lit. a and f DS-GVO. The processing takes place on the basis of a tacitly given consent as well as on the basis of our legitimate interests. In this respect, we assume that the constitutionally protected positions are not seriously affected and therefore do not predominate.
3.2.5 Duration of data storage; right of objection and deletion
Google Maps requires an NID cookie that is stored in the browser. As a user, you therefore have full control over the use of cookies. You can disable or limit the transmission of cookies by changing the settings of your Internet browser. Already stored cookies can be deleted at any time. This can be done automatically. If cookies are deactivated for Google Maps, not all functions may be fully available.
3.2.6 Further information
For more information about the purpose and scope of data collection and processing, as well as more information about your rights and options regarding the protection of your privacy, please contact: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; Privacy Policy: https://policies.google.com/privacy?hl=en-US

3.3 Additional Online Offerings (Links to Advertising Partners)
In addition to the purely informational use of our website, we offer various services via our online offerings that customers can use if they are interested. In particular, we mediate for providers of various products (product providers) their special offers, in particular free samples of various media. To this end, our advertising materials are integrated into the websites of advertising partners who operate web shops for the purpose of selling their own services. If the customer, who must be of age, goes through the order process of the advertising partner, at the end of the order process he will be offered a selection of special offers from the product providers as a thank you for his order. After the selection of the desired offer, an order form is displayed, which is operated by us and already contains the personal data of the customer that were entered during the purchase in the shop system. This pre-filling takes place only in the customer’s browser, there is no transfer of personal data not authorized by the customer. The customer receives all necessary information about the product provider as well as the provider’s general terms and conditions and data protection information. If the customer wishes to take advantage of the offer, he/she must activate the checkbox “Yes, I agree to the terms of use”. If applicable, the Terms of Use linked here above contain the declaration that the Customer agrees to receive advertising from the Product Provider (by telephone or e-mail) with his order. In order to take advantage of the above-mentioned benefits, it may be necessary to provide additional personal data, which will be used by the Product Provider to provide the respective service and for which the above-mentioned data processing principles apply. Specifically, the data is processed as follows.

3.3.1 Use of the Order Form
3.3.1.1 Description and scope of data processing
When our order form is called up, the data and information of the calling up computer as specified in section 3.1.1. are recorded by our system for purely technical reasons. In addition, the advertising partner’s first name, year of birth, country, postcode, any variables relating to behavior within the advertising partner’s offer as well as the hash value of the specified e-mail address are transmitted in a pseudonymized form. Pseudonymization is the processing
of personal data in such a way that the personal data can no longer be associated with a specific person without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be associated with an identified or identifiable natural person.
3.3.1.2 Purpose of data processing
The temporary storage of the aforementioned data is technically required and serves the purposes of system security and stability, as well as warranty and administration. The hash value of the e-mail address is compared in a pseudonymized form in order to be able to comply with any objection to advertising that may have already been expressed with regard to a stored hash value.
3.3.1.3 Legal basis for data processing
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest is derived from the purposes of data collection listed above. In no case do we use the collected data to draw conclusions about the person. Furthermore, the legal basis for the analysis of the hash value of the e-mail address in order to be able to exclude a possible advertising objection in accordance with the law is Art. 21 par. 3, Art. 6 par. 1 lit. c DSGVO.
3.3.1.4 Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the provision of the order form, this is the case when the respective session is terminated. In the case of data storage for data security purposes, this is the case after seven days at the latest. A longer storage is possible. In this case, the IP addresses of the users will be deleted or altered so that it is no longer possible to identify the requesting client.
3.3.1.5 Right of Objection and Removal
The collection of data to provide the order form and the storage of the data is necessary for the operation of the order form. Therefore, there is no possibility to object. However, the analysis of potential interest with regard to the mediated offers can be objected to at any time.
3.3.2 Use of the Offers of the Product Providers
3.3.2.1 Description and scope of data processing
If an offer from the Product Providers is to be ordered via our order form, it is necessary for the conclusion of the contract that the personal data required for the processing of the order is provided. Only the mandatory data necessary for the processing of the contract will be collected. The data will be transmitted to the product provider.
3.3.2.2 Purpose of data processing
We process the data provided solely for the purpose of processing the order.
3.3.2.3 Legal basis for data processing
The legal basis for the data processing within the framework of the processing of an order is Art. 6 par. 1 lit. b DSGVO. Insofar as data processing for further advertising purposes is carried out exclusively on behalf of the product providers, the legal basis for this is Art. 6 Abs. 1 lit. b and Art. 6 Abs. 1 lit. f DSGVO; the legitimate interests result from the described purposes of data processing. Insofar as a consent to use the data for purposes of direct marketing, also exclusively on behalf of the Product Providers, has been granted, the legal basis for this is Art. 6 para. 1 lit. a DSGVO.
3.3.2.4 Duration of storage
With regard to the processing of orders, general commercial and tax regulations require that address, payment and order data be stored for a period of ten years. Insofar as the data are processed for advertising purposes on behalf of the product provider, they are stored until the corresponding consent is revoked or the processing of the data for advertising purposes is objected to.
3.3.3 Direct Marketing/Newsletter Sending by the Product Providers
3.3.3.1 Description and scope of data processing
With the contractual declaration to receive the order, the Customer may also agree to receive separate information about current and future products and services of the Product Provider (by telephone or e-mail). For the confirmation of the registration to receive this information we offer the so-called double opt-in procedure. double opt-in procedure. This means that an e-mail is sent to the specified e-mail address after the order is placed, requesting voluntary confirmation that the order has been placed by the customer. In addition, we store the IP addresses used and the times of the registration/order and confirmation.
3.3.3.2 Purpose of data processing
The purpose of the double opt-in process is to verify the registration and to be able to investigate any possible misuse of personal data. After confirmation, the e-mail address is stored for the purpose of direct marketing by the Product Provider. In order to fulfill these purposes, the data will be transmitted to the product provider. The data is processed exclusively for administrative purposes on behalf of the Product Provider.
3.3.3.3 Legal basis for data processing
Insofar as with the contractual declaration with regard to the order the consent to the data processing for advertising purposes by the product provider is declared, the legal bases for this are Art. 6 par. 1 lit. a and Art. 6 Abs. 1 lit. b DSGVO, furthermore § 7 Abs. 2 No. 3 UWG. Insofar as data are collected within the scope of the double opt-in procedure, this is done for documentation purposes in accordance with Art. 7 Abs. 1 and Art. 6 Abs. 1 lit. c DSGVO. If, in exceptional cases, we do not already process the data on the basis of a consent, the processing of the personal data takes place to the extent that this is necessary for the protection of our legitimate interests or the legitimate interests of a third party and does not override the interests, rights and freedoms of the customer, which require the protection of personal data (Art. 6 para. 1 lit. f DSGVO).
3.3.3.4 Duration of storage
If the customer does not confirm the order by means of the double opt-in procedure, and if the terms of the contract between the customer and the product provider do not require this for the order to be processed, the information will be blocked and automatically deleted after one month.
Otherwise, the data will be deleted as soon as they are no longer required for the purpose for which they were collected. Personal data will be stored by us only for the purpose of verification, anonymized after 6 months and then deleted.
3.3.4 Right of Revocation and Removal
The consent can be revoked at any time. The revocation can be declared to us, for example, by clicking on the link provided in each newsletter e-mail, by sending an e-mail to kontakt@userwerk.com or by sending a message to the contact data specified in Section 1.1, or preferably by revocation directly to the product provider, whose contact details are specified in the offers and the confirmation e-mail.

3.4 Communication
Due to the justified interest in a fast and customer-friendly communication and technical administration, we use according to Art. 6 par. 1 lit. f and Art. 6 Abs. 1 lit. b of the DSGVO: Emails and telephone inquiries are processed and stored by Zendesk, a customer service platform of Zendesk Inc., 1019 Market Street San Francisco, CA 94103. Zendesk, Inc. holds multiple certifications to ensure compliance with applicable privacy standards. Please refer to Zendesk’s privacy policy for more information: https://www.zendesk.com/company/agreements-and-terms/privacy-notice/
3.4.1 Consent to the Transfer of Personal Data to a Third Country
Subject to statutory or contractual authorization, personal data may generally only be transferred to a third country if the special requirements of Art. 44 ff. DSGVO. According to these provisions, data may be transferred if the European Commission adopts a decision within the meaning of Art. 45 par. 1, 3 DSGVO that an adequate level of data protection is ensured in the third country concerned. The European Commission certifies third countries through such so-called adequacy decisions. A list of these countries as well as a copy of the adequacy findings can be found here: https://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).
By agreeing to the collection of data by Zendesk, you expressly consent to the transfer of data described herein, and you have been advised above of the potential risks of such transfer of data without a court order and without adequate safeguards. This consent can be revoked at any time. A revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.
3.4.2 Legal basis for data processing
The legal basis for the processing of your data is Art. 6 para. 1 S. 1 lit. a and f DSGVO. The processing takes place on the basis of a tacitly given consent as well as on the basis of our legitimate interests. In this respect, we assume that the constitutionally protected positions are not seriously affected and therefore do not outweigh.
3.6 Integration of Amazon Web Services (AWS) Services
3.6.1 Description and scope of data processing
We use services, in particular cloud solutions, provided by Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg, a subsidiary of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA. Amazon Web Services, Inc. (hereinafter referred to as “AWS”) is a corporation organized and registered under the laws of the State of Delaware, USA (Registration No: 4152954, Secretary of State, State of Delaware, Tax No.: 204938068).
Your use of the AWS Services may involve the processing and storage of personally identifiable information. In accordance with the contract with AWS, this information is generally only processed within the EU or the EEA. However, data may be transferred outside the EU. We have no influence on this data transfer.
3.6.2 Purpose of data processing
The use of AWS services is essential for the functionality and full availability of our content and services. The purpose may be to provide services to fulfill the existing contractual relationship with you.
3.6.3 Consent to the Transfer of Personal Data to a Third Country
The use of the services of AWS Subject to statutory or contractual permits, personal data may in principle only be transferred to a third country if the special requirements of Art. 44 ff. DSGVO. Accordingly, data may be transferred if the European Commission has adopted a decision within the meaning of Art. 45 par. 1, 3 DSGVO that an adequate level of data protection is ensured in the third country concerned. The European Commission certifies third countries through such so-called adequacy decisions. A list of these countries as well as a copy of the adequacy findings can be found here: https://ec.europa.eu/justice/data-protection/internationaltransfers/adequacy/index_en.html).
By agreeing to the collection of data by AWS, you also expressly consent to the data transfer described herein, whereby you have been informed above of the possible risks of such data transfer without a court order and without appropriate safeguards. This consent can be revoked at any time. A revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.
3.6.4 Legal basis for data processing
The legal basis for the processing of your data is Art. 6 Abs. 1 S. 1 lit. a and f DSGVO. The processing takes place on the basis of an implied consent as well as on the basis of our legitimate interests. If the use of the services of AWS is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 Abs. 1 S. 1 lit. b DSGVO.
3.6.5 Further information
For further information on the purpose and scope of data collection and processing, as well as further information on your rights and options to protect your privacy, please visit https://aws.amazon.com/de/legal/aws-emea/ and https://d1.awsstatic.com/Supplementary_Addendum_to_the_AWS_GDPR_DPA.pdf
3.7 Instagram
3.7.1 Description and scope of data processing
We maintain a profile in the social network of Instagram. We have access to the communication data of the local users who communicate with us.
3.7.2 Purpose of data processing
The data is used to communicate with the registered users and to inform them about our products, services and news.
3.7.3 Legal basis
When you use and access our profile in the respective network, the privacy policy and terms of use of the respective social media provider apply. The processing of your personal data when visiting our profile on Instagram takes place on the basis of our legitimate interest in a varied external presentation of our company and the use of an effective information opportunity as well as communication with you. The legal basis is Art. 6 para. 1 lit. f DSGVO. Insofar as you have given the responsible party of the social network your consent to the processing of your personal data, the legal basis is Art. 6 Abs. 1 lit. a DS-GVO.
3.7.4 Additional Information
We have no influence on the processing of personal data by the respective social media provider. As a rule, when you visit our profile, the social media provider will store cookies in your browser, in which your usage behavior and your interests are stored for market research and advertising purposes. You can find detailed information on data processing when using our social media profile as well as your rights in the data protection declaration of the social media provider: Instagram (Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) Privacy Policy / Opt-Out: https://instagram.com/about/legal/privacy

4. Disclosure to third parties
We do not share personal information with companies, organizations or individuals outside of the Company, except in one of the following circumstances:
4.1 With your consent
We pass on personal data to companies, organizations or persons outside the company if we have received the customer’s consent to do so; this applies in particular to the uses described above.
4.2 Processing by other parties
We make personal data available to other companies that are part of the same group or group of companies, as well as to third parties, other trustworthy companies or persons who process this data on our behalf. This is done on the basis of our instructions and in accordance with the Privacy Policy and other appropriate confidentiality and security measures.
4.3 For legal reasons
We will disclose personal data to companies, organizations or persons outside the company if, according to good faith, it can be assumed that access to these data or their use, storage or disclosure is necessary in order to comply with applicable laws, regulations or legal proceedings or to comply with an enforceable official order.
5. Transfer of personal data to a third country or an international organization
Unless expressly stated otherwise in this Privacy Policy, no personal data will be transferred to third countries or international organizations.
6. Automated decision making
If automated decision making is used, it is mainly based on non-personal parts of the data, and pseudonymized, to improve relevance of the displayed offers, while respecting individuals’ privacy. Users can opt out anytime.
7. Legal Rights
If personal data is processed, the user is a data subject within the meaning of the DSGVO and has the following rights vis-à-vis us, the responsible party:
7.1 Right of access
You may request confirmation from the Responsible Party as to whether we are processing your personal data. If such processing is going on, you can request from the Responsible the following information:
– The purposes for which the personal data is processed.
– The categories of personal data which are processed.
– The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed.
– The intended duration of the storage of the personal data relating to you or, if it is not possible to provide specific details, the criteria for determining the storage period.
– The existence of a right to correction or deletion of the personal data concerning you, a right to restriction of the processing by the Responsible or a right to object to this processing.
– The existence of a right of appeal to a supervisory authority.
– All available information about the origin of the data, if the personal data are not collected from the data subject.
– The existence of an automated decision making process including profiling pursuant to Art. 22 par. 1 and 4 DSGVO and – at least in these cases – informative details about the logic applied as well as the scope and the expected impact of such processing on the data subject.
The data subject shall have the right to obtain information as to whether the personal data relating to him/her have been transferred to a third country or to an international organization. In this context, the data subject may request to be informed of the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.

7.2 Right of rectification
The data subject shall have a right of rectification and/or completion vis-à-vis the data controller if the processed personal data relating to the data subject are inaccurate or incomplete. The Responsible shall carry out the rectification without undue delay.

7.3 Right to Restrict Processing
Under the following conditions, the data subject may request that the processing of the personal data concerning him/her be restricted:
– If he/she disputes the accuracy of the personal data relating to him/her for a period of time sufficient to enable the Controller to verify the accuracy of the personal data.
– The processing is unlawful and you refuse the deletion of the personal data and request instead the restriction of the use of the personal data.
– The data is no longer required by the data controller for the purposes of the processing, but is necessary for the establishment, exercise or defense of legal claims.
– If you object to the processing pursuant to Art. 21 para. 1 DSGVO and it has not yet been determined whether the legitimate reasons of the Responsible Party outweigh your reasons.
If the processing of your personal data has been restricted, those data may only be processed – apart from their storage – with your consent or for the purpose of establishing, exercising or defending legal claims or for the purpose of protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. Where the processing has been restricted under the above conditions, the data subject shall be informed by the data controller before the restriction is lifted.

7.4 Deletion rights
7.4.1 Obligation to delete
The data subject may request from the Responsible Party, and the Responsible Party shall be obliged to delete, the data without undue delay, if one of the following reasons applies:
– You are no longer required to provide your personal data for the purposes for which it was collected or otherwise processed.
– You revoke your consent to the processing of your personal data pursuant to Art. 6 par. 1 lit. a or Art. 9 par. 2 lit. a DSGVO and there is no other legal basis for the processing.
– You invoke gem. Art. 21 Abs. 1 DSGVO and there are no overriding legitimate reasons for the processing, or you object to the processing gem. Art. 21 Abs. 2 DSGVO against the processing.
– The personal data concerning you has been processed unlawfully.
The deletion of the personal data relating to you is necessary to comply with a legal obligation under Union law or the law of the Member State to which the Responsible Party is subject. The personal data relating to you have been processed in relation to services offered by the information society pursuant to Art. 8 para. 1 DSGVO.

7.4.2 Information to third parties
If the Data Controller has made the personal data of the Data Subject available to the public, and if he is obliged to do so under gem. Art. 17 Abs. 1 DSGVO to delete such data, he/she shall take all reasonable measures, including technical measures, to inform the responsible data processor, that you, as the affected person, have requested the deletion of all links to these personal data or of all copies or replicas of these personal data.

7.4.3 Exceptions
The right to erasure does not apply to the extent that processing is necessary:
– To exercise the right to freedom of expression and information.
– To fulfill a legal obligation that requires the processing according to the law of the Union or of the Member States to which the Responsible is subject, or to fulfill a task that is in the public interest or in the exercise of public authority that has been assigned to the Responsible.
– For reasons of public interest in the area of public health pursuant to Art. 9 par. 2 lit. h and i and Art. 9 par. 3 DSGVO.
– For reasons of public interest, for archiving purposes, for scientific or historical research or for statistical purposes gem. Art. 89 par. 1 DSGVO, to the extent that the right specified in letter a) is likely to make it impossible or seriously impair the realization of the purposes of the processing.
– For the assertion, exercise or defense of legal claims.

7.5 Right of access
Where the data subject has exercised his or her right to obtain the rectification, erasure or restriction of the processing, the data controller shall be obliged to notify the rectification, erasure or restriction of the processing to all the recipients to whom the data has been disclosed, unless this proves impossible or involves a disproportionate effort.

7.6 Right to data portability
Data subjects have the right to obtain the personal data relating to them which they have provided to the data controller in a structured, commonly used and machine-readable format. Furthermore, they have the right to transmit these data to a different data controller without hindrance from the data controller to whom the data were provided, provided that:
– The processing is based on consent pursuant to Art. 6 par. 1 lit. a DSGVO or Art. 9 Abs. 2 lit. a DSGVO or on a contract gem. Art. 6 Abs. 1 lit. b DSGVO.
– The processing is carried out using automated procedures.
In exercise of this right, affected persons also have the right to err that the personal data concerning them be transmitted directly by a responsible person to another responsible person, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected thereby. The right to data portability does not apply to the processing of personal data which is necessary for the performance of a task that lies in the public interest or is carried out in the exercise of public authority and which has been entrusted to the Responsible.

7.7 Right to object
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of the personal data concerning him or her, which have been collected pursuant to Art. 6 para. 1 lit. e or f DSGVO; this also applies to profiling based on these provisions. The Controller shall no longer process the personal data concerning you, unless he can demonstrate compelling legitimate reasons for the processing, which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. If the processing of your personal data is carried out for the purpose of direct advertising by the Product Provider, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as it is carried out in connection with such direct advertising by the Product Provider. If you object to the processing of your personal data for the purpose of direct marketing, your personal data will no longer be processed for this purpose. You have the possibility to exercise your right of objection in connection with the use of services of the information society – without prejudice to Directive 2002/58/EC – by means of automated procedures in which technical specifications are used.

7.8 Right to withdraw the data protection declaration
Data subjects have the right to revoke their data protection declaration at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

7.9 Right not to be the subject of an automated decision making process including profiling
Data subjects have the right not to be subjected to a decision based exclusively on automated processing – including profiling – which has legal effect vis-à-vis them or which significantly affects them in a similar manner. This does not apply:
– If the decision is necessary for the conclusion or the performance of a contract between you and the data controller.
– on the basis of the laws of the Union or of the Member States to which the Responsible Party is subject, and these laws contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests.
– With your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DSGVO, unless Art. 9 Abs. 2 lit. a or g DSGVO applies, and appropriate measures have been taken to protect the rights and freedoms as well as their legitimate interests. With regard to the cases mentioned under (1) and (3), the Responsible Party shall take appropriate measures to protect the rights and freedoms as well as their legitimate interests. This includes at least the right to obtain the intervention of a representative of the data controller, to present one’s own position and to contest the decision.

7.10 Right to complain to a supervisory authority
Notwithstanding any other administrative or judicial remedy, the data subject shall have the right to lodge a complaint with a supervisory authority. In particular, in the Member State of their residence, their place of work or the place of the alleged infringement, if they are of the opinion that the processing of the personal data relating to them is in breach of the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 DSGVO.

8. Applications
We are pleased that you wish to apply for a job with us. You will find our special data protection information for applicants here on a separate information page. You can also access this information directly using the online form provided there, where we will inform you in particular about the purposes, legal basis and other aspects of the concrete processing in connection with your application to us.