Privacy Policy
The following information outlines what happens with your personal data when you visit this website. Personal data are all data that can be used to personally identify you. For detailed information on the subject of data protection please refer to our privacy policy below.
General information
I. Name and address of the person responsible (controller)
Responsible according to the General Data Protection Regulation and other national data protection acts of member states, as well as additional conditions regarding data protection laws, is:
SmartEm GmbH
In der Lieblich 9
56427 Siershahn
Telefon: 02623-869929-0
E-Mail: info@smartem.de
Website: www.smartemergency.com
II. Data processing overview
1. Which data do we collect and how do we collect it?
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in adherence to data protection legislation and the data protection declaration at hand.
When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy outlines what information we collect and on which statutory basis we collect your data. In addition, it explains how and why we collect it.
We process the following categories of personal data:
(1) Inventory data (e.g. names, addresses, functions, organizational affiliations etc.)
(2) Contact details (e.g. email, phone/fax numbers etc.)
(3) Content data (e.g. text input, image files, videos etc.)
(4) Usage data (e.g. access data)
(5) Meta/communication data (e.g. IP addresses)
On the one hand, your data is collected by the content you create. This can be the information that you give when you fill out a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. The data collected is mainly technical (e.g. web browser, system software or time of access). The collection of this data occurs automatically when you visit this website.
2. What do we use your data for?
Some of your data is collected to guarantee the bugless provision of our website and online store. Other data might be used to analyse your user behavior.
3. How long is the data stored for?
The personal data of the person in question is erased or blocked once retention is no longer required. Furthermore, data may be stored if provided for by the European or national legislator under union regulations, law or other instructions, to which the controller is subject. Blockage or removal of data may also occur when the storage period as prescribed by the regulations mentioned above ends, unless the retention of the data is necessary for a contract closing or the fulfillment of a contract.
4. What rights do you have regarding your data?
You have the right to obtain information about the origin, recipient and purpose of your stored personal data at any time and free of charge. In addition, you have the right to demand the rectification or erasure of this data. Your consent to the processing of your data may be revoked with future effect at any time. In other cases you have the right to object under certain conditions. Under certain circumstances, you also have the right to restrict the processing of your personal data. Additionally, you have the right of appeal to the relevant regulatory authority. You can find an extensive list of your rights at the end of this privacy policy.
5. Recipients of personal data
Within the frame of our data processing, any disclosure of data to other people and companies such as web providers, data processors or third parties, or any transmission of data or access to information, is based on legal permission (e.g. if the transmission of data to third parties according to art. 6(1)(b) GDPR is required for the fulfillment of a contract), when you have given your consent or if we are legally obliged to it.
6. Analytics tools and tools by third-party suppliers
Your browsing habits may be statistically evaluated when you visit this website. This is done mainly by using so-called analyzers. For detailed information on these analyzers, see the privacy policy below.
7. Data collection on this website
SSL or TLS encryption
or reasons of security and to protect the transmission of confidential information, such as orders or inquiries sent by you and directed at us as the website operator, this website uses SSL and TSL encryption, respectively. You will recognize an encrypted connection by the change in the browser’s address bar from “http://” to “https:// and the lock symbol in your browser bar. With the SSL or TLS encryption activated, the data that you transmit to us is not visible to third parties.
III. Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider. The personal data that is collected on this website is stored on the servers of the host. The data collected mainly includes IP addresses, contact requests, meta and communication data, contract data, contact information, names, website hits and other data generated on a website.
The legal basis for the processing of data within the context of contractual performance is set out in art. 6(1)(b) GDPR, and art. 6(1)(f) GDPR for the provision of the online store. In order to ensure data processing that is compliant with data protection requirements, we have entered into a data processing agreement with our host, art. 28 GDPR. Our host will process your data only insofar as is necessary to fulfil their obligation to perform and will comply with our instructions regarding this data.
The host is used for the purpose of contractual performance towards our potential and existing customers and in the interest of secure, fast and efficient availability of our online offer by a professional provider.
IV. Provision of the website and server log files
For every view of our website our system automatically collects data and information from the computer system of the calling computer.
Here the following data is collected:
(1) information about the browser type and the version used
(2) the user’s operating system
(3) the user’s internet service provider
(4) the user’s IP address
(5) date and time of access
(6) websites through which the user’s system lands on our website
This data is also stored in the log files of our systems. The data is not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is set out in art. 6(1)(f) GDPR.
The temporary storage of the IP address in the system is necessary to enable the delivery of the website to the computer of the user. For this purpose, the user’s IP address needs to be retained for the duration of the session. The storage in log files guarantees the functionality of the website. In addition, this data helps us optimize the website and ensure the security of our information technology system. Within this context, the data is not interpreted for marketing purposes. These purposes justify our legitimate interest in data processing pursuant to art. 6(1)(f) GDPR.
The data is deleted once it is no longer needed for the purpose of collection. If data is collected for the provision of the website, the data is erased once the respective session has ended. In the case of the storage of data in log files, the data is deleted after seven days at the latest. Storage extending beyond this point is possible. In that case the user’s IP address is deleted or anonymized so that the calling client can no longer be identified.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the internet page. Accordingly, the user has no right to object.
V. Use of cookies
Our website uses “cookies”. Cookies are small text files and do not cause any damage on your terminal device. They are stored on your terminal device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies).
Cookies have various functions. Many cookies are technically required, seeing as certain functions of a website would otherwise not work (e.g. the shopping cart function or the display of videos). Other cookies serve to interpret user behavior or advertising. In some cases cookies by third parties, too, may be stored on your terminal device when you visit our website (third party cookies). These allow us or you to use certain services provided by the third-party contractor (e.g. cookies for the handling of payment services).
Cookies have various functions. Many cookies are technically required, seeing as certain functions of a website would otherwise not work (e.g. the shopping cart function or the display of videos). Other cookies serve to interpret user behavior or advertising. In some cases cookies by third parties, too, may be stored on your terminal device when you visit our website (third party cookies). These allow us or you to use certain services provided by the third-party contractor (e.g. cookies for the handling of payment services).
The legal basis for the processing of personal data using technically required cookies is set out in art. 6(1)(f) GDPR. The legal basis for the processing of personal data using cookies for purposes of analysis based on the user’s consent is set out in art. 6(1)(a) GDPR.
The purpose of using technically required cookies is to simplify the use of websites for the user. Certain functions of our website cannot be provided withouth the use of cookies. These require that the browser is still recognized after changing to another page. These purposes justify our legitimate interest in the processing of personal data pursuant to art. 6(1)(f) GDPR. The use of analysis cookies ensures the improved quality of our website and its contents. The analysis cookies tell us how the website is used and enable us to continuously optimise our offer.
Session cookies are cleared automatically as soon as you leave the website. Persistent cookies remain stored on your terminal device unless you personally delete them or they are automatically deleted by your web browser. You can reset your browser to notify you of the placement of cookies and to allow cookies only in individual cases, to disable cookies in certain cases or altogether, and to activate the automatic erasure of cookies when closing a browser. If you choose to disable the cookies, the website’s functionality.may be limited.
You have the right to revoke your consent to the use of technically non-essential cookies at any time by opening the cookie settings [SETTING LINK TO SETTINGS!!!!! ] and changing your selection.
VI. Contact form
When you send us an inquiry via the contact form, the information on the form including your contact details is retained.
In addition, the following data is stored once you submit your message:
(1) the IP address
(2) registration date and time
During the submission process we obtain your consent to the processing of your data and refer you to the privacy policy at hand.
Your data is not passed on to third parties during this process. The data is used exclusively for the processing of the conversation.
The legal basis for data processing based on the user’s consent is set out in article 6(1)(a) GDPR.
The processing of personal data supplied on the form is used to process your inquiry. Any other personal data that is processed during submission serves to prevent misuse of the contact form and to ensure the security of our information technology system.
The data will be deleted once it is no longer required for the fulfillment of its collection purposes. As for the personal data in the input mask of the contact form, this is the case as soon as the respective conversation with the user has ended. The conversation is considered ended as soon as circumstances suggest that the respective matter has been conclusively resolved. Any personal data that has been additionally collected during the submission process is deleted at the end of seven days the latest.
You have the right to revoke your consent to the processing of personal data at any time. For this purpose please contact the person responsible using the contact details provided at the beginning of the privacy policy. This way all the personal data that has been stored in the course of the query will be deleted.
VII. Enquiries by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, e-mail address, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail or contacting us by telephone or fax is Art. 6 para. 1 letter f GDPR. If the purpose of the contact is the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
Your data will be stored for the purpose of contacting you and processing your request. This is also the reason for the necessary legitimate interest in processing the data. In addition, the transmission of data may be necessary for the fulfilment of a contract or the implementation of pre-contractual measures.
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. This is the case when the respective conversation with the user has ended. The conversation ends when it is clear from the circumstances that the matter in question has been conclusively clarified. If the user contacts us via the aforementioned channels, he/she can object to the storage of his/her personal data at any time. In such a case the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case.
VIII. Registration
You can register on this website to make use of additional functions of the site. We use your registration data only so that you may use the respective offer or service for which you registered.
For important changes such as those concerning the scope of offer or technically required changes, we use the email address provided during registration to inform you. Your data is not passed on to third parties.
In addition, the following data is stored during registration:
(1) the IP address of the user
(2) registration date and time
During the registration process we obtain the user’s consent to the processing of the respective data.
The legal basis for data processing based on the user’s consent is set out in art. 6(1)(a) GDPR. Should the registration serve the purpose of the fulfillment of a contract with the user as its contracting party or should it serve the implementation of pre-contractual arrangements, the legal basis for the processing of data, art. 6(1)(b) GDPR, additionally applies.
User registration is required for the use of additional functions of the website and particularly for the fulfillment of a contract with the user or for the implementation of pre-contractual arrangements.
The data will be deleted once it is no longer required for the fulfillment of its collection purposes. This applies if the data that has been collected for the purpose of the fulfillment of a contract during the registration process or for the execution of pre-contractual measures is no longer required. In order to fulfill contractual or legal obligations, the storage of the personal data of a contractual partner may remain necessary even after the conclusion of a contract.
As the user, you have the right to void your registration and change your stored data at any time. For this purpose please contact the person responsible using the contact details provided at the beginning of the privacy policy.
IX. Comments feature
For the comments feature on this website, not only your comment but also information regarding the time at which the comment was written, your email address and, unless you are posting anonymously, your chosen user name, are retained. In addition, our comments feature stores the IP addresses of those users who write a comment.
The storage of comments occurs on the basis of your consent (art. 6(1)(a) GDPR).
Seeing as we do not check the comments before they are activated on this website, this data is required should any violations of rights occur such as insults or propaganda for us to be able to take action against the author.
The comments and related data (e.g. IP address) are stored and remain on this website unless the commentated content is completely deleted or the comments require deletion for legal reasons (e.g. offensive comments).
You have the right to revoke your consent at any time. For this purpose please contact the person responsible using the contact details provided at the beginning of the privacy policy.
X. Newsletter
If you would like to receive the website’s newsletter, we need your email address as well as further information which allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. Further data will not be collected or only on a voluntary basis, respectively. We use this data exclusively for the transmission of the required information and do not pass it on to any third parties. In addition, the following data is collected during registration:
In addition, the following data is collected during registration:
(1) IP address of the calling computer
(2) registration date and time
We obtain your consent to the processing of your data during the registration process and refer you to the privacy policy at hand. When you register, your data is stored on our servers and a confirmation message containing a link for the definitive registration is generated and sent to the provided email address. If you don’t confirm this link, the data is deleted at the end of 24 hours. Only once you have confirmed the respective link, will your data be stored for the distribution of the newsletter for the period during which our service is used. By adding an additional confirmation message, which contains a link for the definitive registration (double-opt-in), to the registration process, we ensure that the newsletter has been requested by you and not by any third party.
The legal basis for data processing following the user’s subscription to the newsletter based on the user’s consent is set out in article 6(1)(a) GDPR.
The elicitation of the user’s email address serves the delivery of the newsletter. The collection of other personal data during the registration process serves to prevent the misuse of services or of provided email addresses.
The data will be deleted once it is no longer required for the fulfillment of its collection purposes. Accordingly, the user’s email address is retained as long as the subscription to the newsletter is active. Any other personal data that is collected during the registration process is generally deleted at the end of seven days.
The subscription of the newsletter can be cancelled by the respective user at any time. In doing so, the consent to the storage of personal data collected during the registration process can also be revoked. Following the removal from the newsletter distribution list, if necessary your email address may be retained on a blacklist by us or by the provider of the newsletter, respectively, to prevent future mailings. The data from the blacklist is used for this purpose only and is not merged with other data. This is in our common interest, which is to adhere to the statutory provisions regarding the distribution of newsletters (legitimate interest in accordance with article 6(1)(f) GDPR). Storage on the blacklist is not limited to a certain period of time. You have the right to object to the storage provided that your interest outweighs our legitimate interest.
XI. Online presence in social media
We cultivate an online presence on social networks (Facebook, LinkedIn and Instagram) so as to inform active users about our services and to communicate via the platforms where there is an interest. We process data relating to our social media presence insofar as comments or direct messages are directed at us via those social media platforms. The legal basis for data processing based on the user’s consent is set out in art. 6(1)(a) GDPR.
Our social media channels can only be accessed via an external link. As soon as you view the particular social media profiles on the respective network, the terms and conditions as well as the data-processing guidelines of the respective operator apply. We have no control over the social networks’ collection of data and their subsequent use of this data. We do not know to what extent, at what location and for how long the data is retained, neither to what extent the networks carry out existing obligations to delete data, what kind of data evaluation and links are made and to whom the data is forwarded. Hence, we expressly call attention to the fact that your data (e.g. personal information, IP address) is retained by the operators of the networks in question according to their data-processing guidelines and is used for commercial purposes.
Tools used
Google Analytics
Provided you have given your consent, this website uses the features of the web analytical service, Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service uses cookies
We have activated the IP anonymization feature on this website. Thus your IP address is shortened by Google within member states of the European Union or other states which are party to the Agreement on the European Economic Area prior to transmission to the US. Only in exceptional cases will the full IP address be transferred to a server in the US owned by Google and shortened there. On behalf of the website operator, Google will use this information to analyze your use of the website, to prepare reports on website activities and to provide further services related to website and internet use to the website operator. The IP address transferred from your browser by Google Analytics will not be merged with other data from Google.
During your visit to our website the following data is collected:
(1) the pages you access, your “breadcrumbs”
(2) achievement of “website goals” (conversions, e.g. newsletter subscriptions, downloads, purchases)
(3) your user behavior (e.g. clicks, dwell time, bounce rates)
(4) your approximate location (region)
(5) your IP address (shortened)
(6) technical information about your browser and terminal devices (e.g. language settings, screen resolution)
(7) your internet provider
(8) the referrer URL (via which website/promotional tool you landed on this website)
You can find further information on the terms of use of Google Analytics and Google’s data protection policy at https://www.google.com/analytics/terms/de.html and at You can find further information on the terms of use of Google Analytics and Google’s data protection policy at https://www.google.com/analytics/terms/de.html and at https://policies.google.com/?hl=de.
This analytics tool is used pursuant to art. 6(1)(a) GDPR. Google and the operator of the website are jointly responsible for the processing of data, art. 26 GDPR.
Google Analytics uses technologies which facilitate user recognition for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The website operator is thus able to analyze the behavior of website visitors. The website operator receives various user data, such as page views, dwell time, the system softwares used, and the user’s origin. Where required this data is condensed into the profile associated with the respective user and his or her terminal device, respectively.
The data we send and link to cookies is automatically deleted at the end of 14 months. The removal of data that has reached the end of its retention period occurs automatically once a month.
In addition, you can prevent data that has been generated by the cookie and which is based on your use of the website (including your IP address) from being collected and processed by Google by
(1) not giving your permission to set cookies or
2) downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can also prevent the storage of cookies via the respective setting in your browser software. However, if you configure your browser to decline all cookies, this may result in limited functionality on this and other websites.
You have the right to revoke your consent with future effect at any time by going to the cookie settings and changing your selection.
XII. Google Web Fonts
When you visit our website your browser connects to Google servers. This way Google is informed about which IP address has been used to visit this website.
You can find further information on Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
The use of Google Web Fonts is based on article 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform display of his or her website’s typeface with simultaneous consideration of potential licensing restrictions regarding the incorporation of said typeface. Provided that the corresponding consent has been obtained (e.g. the consent to the storage of cookies), the processing of data occurs exclusively based on art. 6(1)(a) GDPR; this consent is revocable at any time.
The use of Google Web Fonts is based on article 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform display of his or her website’s typeface with simultaneous consideration of potential licensing restrictions regarding the incorporation of said typeface. Provided that the corresponding consent has been obtained (e.g. the consent to the storage of cookies), the processing of data occurs exclusively based on art. 6(1)(a) GDPR; this consent is revocable at any time.
E-Commerce and payment provider
Customer and contract data
We collect, process and use personal data if and when it is essential for the establishment and substance of, or changes to, the legal or contractual relationship.
The legal basis for this is set out in art. 6(1)(b) GDPR, which permits the processing of data in order to fulfil a contract or pre-contractual arrangements.
The data is processed for the purpose of the performance of the contract.
The collected customer data is deleted as soon as the order is completed or the business relationship has been terminated. This has no effect on legal retention periods.
XIII. Data transfer when a contract is concluded for online stores, salesmen and mail-order companies
We transfer personal data to third parties, such as companies in charge of the dispatch of goods or the credit institution charged with the handling of payments, only if this is necessary for the processing of contracts. The data is no further transferred unless you agree expressly to the transmission. Your data is not passed on to third parties, e.g. for advertising purposes, without your explicit consent.
The legal basis for data processing is set out in art. 6(1)(b) GDPR, which permits the processing of data in order to fulfill a contract or pre-contractual arrangements. The data is processed for the purpose of the performance of the contract.
The data is processed for the purpose of the performance of the contract.
XIV. PayPal
On this website our offer includes payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (henceforth referred to as “PayPal”).
If you choose payment via PayPal, the payment information provided by you will be transmitted to Paypal.
Your data is transmitted to PayPal pursuant to art. 6(1)(a) GDPR (consent) and art. 6(1)(b) GDPR (data processing in order to fulfil a contract).
The data is processed for the purpose of the performance of the contract.
Provided that the data is transmitted on the basis of your consent, you have the right to revoke your consent at any time. If you wish to do so, please contact the controller using the contact details provided at the beginning of the privacy policy. A revocation does not affect the effectiveness of past data processing procedures.
XV. Immediate payment
On this website we offer “immediate payment”. The provider of this payment service is the Sofort GmbH, Theresienhöhe 12, 80339 Munich (henceforth referred to as “Sofort GmbH”).
By means of “immediate payment” we receive an immediate payment confirmation by the Sofort GmbH and are thus able to meet our obligations without delay.
Once you have chosen the payment method of “immediate payment” you then transmit the PIN and a valid TAN to the Sofort GmbH, who will use this information to access your online banking account. Following the login procedure the Sofort GmbH automatically checks your account balance and transfers the money to us by means of the TAN provided by you. Following this, they immediately transmit to us a transaction record. Furthermore, after the login procedure, your activities, the credit line and the existence of additional accounts and their balances are automatically checked.
In addition to the PIN and the TAN, any payment information provided by you as well as your personal data will also be transmitted to the Sofort GmbH. Your personal data includes your first and last name, address, phone number(s), email address, IP address and, where necessary, additional data required for payment handling. The transmission of this data is necessary to verify your identity beyond doubt and prevent attempted fraud.
You can find details regarding payment via immediate payment at the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
The transmission of your data to the Sofort GmbH is based on article 6(1)(a) GDPR (consent) and article 6(1)(b) GDPR (processing for the fulfillment of a contract).
Data is processed for the purpose of the performance of the contract.
Provided that the data is transmitted on the basis of your consent, you have the right to revoke your consent at any time. If you wish to do so, please contact the controller using the contact details provided at the beginning of the privacy policy. A revocation does not affect the effectiveness of past data processing procedures.
XVI. Secure payment on this website
Should you be obliged to transmit your payment information (e.g. account number for direct debit authority) following the completion of a fee-based contract, this data will be used for the payment transaction.
Payments via common payment methods (Visa/MasterCard, direct debit payment) are performed exclusively with an SSL encryption or TLS encryption, respectively. You will recognize an encrypted connection by the change in the browser’s address bar from “http://” to “https:// and the lock symbol in your browser bar. With end-to-end encryption activated, the data that you transmit to us is not visible to third parties.
Data subject rights
When your personal data is processed, your are a data subject according to GDPR and you have the following rights in relation to the controller:
Right to information
You have the right to request from the controller a confirmation as to whether your personal data is being processed by us.
In case your data is indeed processed by us, you have the right to request from the controller the disclosure of the following information:
(1) the purposes for which personal data is processed;
(2) the categories of the personal data being processed;
(3) the recipients or the categories of recipients to whom your personal data has been disclosed or will be disclosed, particularly if it concerns recipients in third countries or international organisations;
(4) the intended storage period of your personal data or, if precise information on this is not possible, cirtieria to determine the storage period;
(5) the existence of a right to rectification or deletion of your personal data, a right to restrict the processing of your data by the controller or a right to object to this processing;
(6) the existence of a right of appeal with a regulating authority;
(7) all the available information about the origin of the data, if the personal data has not been collected from the person in question;
(8) the existence of an automated decision-making agreement including profiling pursuant to art. 22(1) and (4) GDPR, and – at least in such cases – meaningful information about the logic involved as well as the scope and intended consequences of such a processing for the person in question.
You have the right to request information as to whether your personal data is transmitted to a third country or an international organisation. In connection to this you have the right to request to be informed of appropriate safeguards pursuant to art. 46 GDPR regarding data transmission.
XVII. Right to rectification
You have a right to request rectification and/or completion from the controller, if the processed personal data concering you is inaccurate or incomplete. The controller must rectify your data without undue delay.
XVIII. Right to restrict processing
You have the right to restrict the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal data, for a period of time that allows for the controller to investigate the accuracy of your personal data;
(2) if the data has been unlawfully processed and you oppose the erasure of your personal data and request restricted use fo your personal data instead;
(3) if the controller no longer needs the personal data for processing purposes, but you need need it in order to establish, exercise or defend a legal claim, or
(4) if you have objected to the processing of your data pursuant to art. 21(1) GDPR, and it is not certain yet if the controller’s legitimate grounds override your own.
If the processing of your personal data has been restricted, this data – with the exception of its storage – can only be processed with your consent or to establish, exercise or defend a legal claim or for the protection of the rights of another natural or legal person or for reasons of a Union’s or a Member State’s substantial public interest.
If the restriction of the processing has been refused in due consideration of the abovementioned conditions, the controller will inform you before the restriction is lifted.
XIX. Right to erasure
Duty to delete
You have the right to request from the controller the deletion of your personal data without undue delay, and the controller is obliged to immediately erase this data if any of the following apply:
(1) Your personal data is no longer needed for the purposes for which they were collected or processed in any other way.
(2) You revoke your consent on which the processing pursuant to art. 6(1)(a) or art. 9(2)(a) GDPR was based, and there is no other legal basis for the processing of the data.
(3) You enter an objection against the processing of your data pursuant to art. 21(1) GDPR and there are no overriding legitimate grounds for processing, or you enter an objection against the processing of your data pursuant to art. 21(2) GDPR.
(4) Your personal data has been unlawfully processed.
(5) The erasure of your personal data is necessary for the fulfillment of a legal obligation under Union law or in accordance with the Member State law to which the controller is subject.
(6) Your personal data has been collected in connection to services provided by the respective information society pursuant to art. 8(1) GDPR.
7. Disclosure of information to third parties
If the controller has disclosed your personal data and is obliged to delete it pursuant to art. 17(1) GDPR, he or she takes appropriate measures with due regard to the available technology and costs of implementation. This includes technical measures to inform those that are responsible for the processing of data, including yours, that you have requested for all links to your personal data or copies or replications of your personal data to be erased.
8. Exceptions
You do not have the right to erasure if the processing of data is required for
(1) the exercise of the right to freedom of expression and information;
(2) the fulfillment of a legal obligation that requires the processing of data under Union law or Member State law, to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) reasons of public interest within the public health sector pursuant to art. 9(2)(h) and (i) as well as art. 9(3) GDPR;
(4) filing purposes that are of public interest, for scientific or historical research purposes or for statistical purposes pursuant to art. 89(1) GDPR, if the right mentioned under section a) renders the implementation of those processing goals impossible or seriously impairs them, or
(5) the establishment, exercise or defense of legal claims.
XX. Right to be informed
Once you have claimed your right to rectification, erasure or restriction of the processing of data from the controller, he or she is obliged to inform all the recipients to whom your personal data has been disclosed about the rectification or erasure of data or the restriction of processing, unless this turns out to be impossible or involves disproportionate effort.
You have the right to request from the controller to be informed about these recipients.
XXI. Right to data portability
You have the right to receive personal data that you have provided to a controller in a structured, commonly used and machine readable format. You also have the right to transmit this data to another controller without hindrance by the controller to which the personal data has been provided, as long as
(1) the processing is based on consent pursuant to art. 6(1)(a) GDPR or art. 9(2)(a) GDPR or on a contract pursuant to art. 6(1)(b) GDPR and
(2) the processing is carried out by automated means.
In exercising this right you furthermore have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others shall not be affected hereby.
The right to portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
XXII. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on art. 6(1)(e) or (f) GDPR; this includes profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data for such marketing; this includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the respective personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
XXIII. Right to withdraw declaration of consent for data processing
Many data processing procedures are carried out only with your explicit consent. You have the right to withdraw your consent for processing your data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
XXIV. Automated decision-making in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This is not the case if the decision
(1) is necessary for the entry into or performance of a contract between you and the controller,
(2) is authorised by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or
(3) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in art. 9(1) GDPR, unless art. 9(2) lit.(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at the least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
XXV. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to art. 78 GDPR.