Data privacy statement

This privacy policy applies to the collection, processing and use (‘processing’) of your personal data when you use our online services, and for all other goods and services you would like to obtain from us.

I Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of EU Member States, as well as other data protection regulations, is:

Deutscher Landwirtschaftsverlag GmbH
Lothstr. 29
80797 Munich
Germany
Telephone: 004989127050
E-mail: info[at]dlv.de

II Data protection officer

You can contact our data protection officer using the following details:

Frank Jasper
Kabelkamp 6
30179 Hanover
Germany
Telephone: 0049511678060
Fax: 004951167806301
E-mail: datenschutz[at]dlv.de

III General information on data processing

III.1 Legal basis for processing personal data

If we obtain a data subject’s consent to process personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data required for the performance of a contract to which the data subject is a party, Article 6 (1) (b) of the GDPR serves as the legal basis. This also applies to any data processing operations that may be necessary prior to entering into a contract. If the processing of personal data is required to fulfil a legal obligation which our company is subject to, Article 6 (1) (c) of the GDPR serves as the legal basis. If interests essential for the life of the data subject or another natural person mean that personal data must be processed, Article 6 (1) (d) of the GDPR forms the legal basis for this. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) (f) of the GDPR serves as the legal basis for processing.

III.2 Erasing data and storage period

The data subject’s personal data will be erased or suppressed as soon as the purpose for its storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The suppression or erasure of data will also take place on expiry of a storage period required by the aforementioned regulations laws or provisions unless further storage is necessary for the conclusion or performance of a contract.

IV Provision of the website and creation of log files

IV.1 Description and scope of data processing

Each time you visit our website, our system automatically collects data and information from the accessing computer’s system.

The following personal data is collected in doing so:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) The websites from which the user’s system accesses our website
(7) Websites accessed by the user’s system via links on our website

The data is also stored in our system’s log files. The user’s IP addresses and other data that allows data to be assigned to a user are not affected by this. This data is not stored together with any of the user’s other personal data.

IV.​2 Legal basis for data processing​

The legal basis for the temporary storage of data is Article 6 (1)(f) of the GDPR.

IV.3 Purpose of data processing

It is necessary for the system to temporarily save the IP address to allow the website to be displayed on the user’s machine. The user’s IP address must be saved for the duration of the session in order to do so.

Our legitimate interest in data processing is also based on these purposes, pursuant to Article 6 (1) (f) of the GDPR.

IV.4 Data storage period

Data is erased as soon as it is no longer required to fulfil the purpose for which it was collected. If data was collected in order to provide the website, it will be erased as soon as your session on our site ends.

V Using cookies

V.1 Our own cookies

V.1.a Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in or by the web browser on the user’s computer system. If a user visits a website, a cookie may be stored on their operating system. This cookie contains a distinctive character string that enables the unique identification of the browser when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identifiable as you move on to another page within the site. Log-in details (IV [1]) are stored and transmitted in the cookies.

V.1.b Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6 (1) (f) of the GDPR.

V.1.c Purpose of data processing

The purpose of using cookies required for technical reasons is to simplify the use of websites for users. Some features of our website will not be available if the use of cookies is disabled.

V.1.d Storage period and restricting the use of cookies

Cookies are stored on the user’s computer and transmitted to our website from there. They are automatically deleted at the end of the respective session.

As a user, you therefore have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing your web browser settings. Cookies that have already been saved can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, it is possible that you may no longer be able to use all of its features.

V.2 Using the Google Analytics web analysis service

V.2.a Description and scope of data processing

This website uses Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’). Google Analytics uses ‘cookies’, which are text files that are saved on your computer and allow website use to be analysed. Information generated by the cookie about your use of this website may be sent to a Google server in the USA and saved there. Due to the activation of IP anonymisation on these web pages, your IP address is truncated by Google before it is sent within the European Union Member States or in other signatory states to the Agreement on the European Economic Area. A full IP address is only sent to a Google server in the USA and truncated there in exceptional cases. By order of the operator of this website, Google will use this information to evaluate the use of the website, to prepare reports about website activities and to provide other services to the website operator that relate to website and Internet use. The IP address sent from your browser as part of Google Analytics will not be merged with other Google data. Google Analytics data may not be shared without customer consent, except under certain limited circumstances, for example if this is required by law.

V.2.b Legal basis for data processing

The legal basis for the temporary storage of data is Article 6 (1) (f) of the GDPR. 

V.2.c Purpose of data processing

The purpose of using data and analysing it with Google Analytics is based on the interest in optimising our services.

V.3 Storage period and restricting the use of cookies

Cookies are stored on the user’s computer for up to two years and transmitted to our website from there.

As a user, you also have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing your web browser settings. Cookies that have already been saved can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, it is possible that you may no longer be able to use all of its features.

You can also prevent the data generated by the cookie for the use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de

For more information about how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

You can find more information on the collection and use of data by Google and your rights for protecting your privacy in the privacy policy available at www.google.de/intl/de/policies/privacy/.

VI Contacting us

VI.1 Description and scope of data processing

Our website refers to an e-mail address that you can use to contact us. If this option is used, the user’s personal data will be transmitted along with the e-mail, both of which will be stored.

The data will not be shared with third parties in this context. This data will be used exclusively to process the conversation.

VI.2 Legal basis for data processing

The legal basis for processing the data transmitted in the course of getting in contact with us is Article 6 (1) (f) of the GDPR. If the aim of contacting us by e-mail is to conclude a contract, then an additional legal basis for processing is Article 6 (1) (b) of the GDPR.

VI.3 Purpose of data processing

This data is exclusively stored and used for the purpose of responding to your request or for establishing contact and the technical administration associated with this.

VI.4 Data storage period

Data is erased as soon as it is no longer required to fulfil the purpose for which it was collected.

If statutory provisions stipulate retention requirements (e.g. six years for any commercial letters received, Section 257 [4] of the German Commercial Code [Handelsgesetzbuch, HGB]), erasure takes place after the relevant period has expired.

VII Data provided by you when concluding legal transactions

VII.1 Description and scope of data processing

In some areas, you may be asked to transmit personal data in order to use the fee-based offers or free features described in each case or to be able to participate in special campaigns (placing subscription orders, placing advertisements, creating a personal user profile, ordering editorial and/or promotional newsletters, participating in competitions or other promotions, opening a customer account). Here, you will be informed about what information you are required provide for these offers and what data you can provide on a voluntary basis.

In particular, the following data may be collected: name, address, bank details, password, date of birth, e-mail address, declarations of consent, information relating to the concluded legal transaction.

VII.2 Legal basis for data processing

If the aim of data collection is to conclude a contract, then the legal basis for processing is Article 6 (1) (b) of the GDPR. Data is also processed on the basis of your consent (Article 6 [1] [a] of the GDPR).

VII.3 Purpose of data processing

Data processing takes place for the purposes of enabling the use of respective offers and features. If you provide additional data on a voluntary basis, we will use this to tailor our services to your needs.

VII.4 Data storage period

Data is erased as soon as it is no longer required to fulfil the purpose for which it was collected. This is generally the case once the service you used (e.g. newsletter subscription, creation of a personal user profile) has been cancelled.

If statutory provisions stipulate retention requirements (e.g. six years for any commercial letters received, Section 257 [4] of the German Commercial Code [Handelsgesetzbuch, HGB]), erasure takes place after the relevant period has expired.

VIII Data processing for promotional purposes without consent

VIII.1 Description and scope of data processing

If you have concluded a contract with us to purchase goods or services, we will keep you as an existing customer using the data collected for this main purpose. In this case, we also process your postal address details (name and address) outside of the existence of specific consent in order to send you information about new products and services in this way. If we have received your e-mail address in connection with the sale of goods or services, we process the e-mail address in order to send you information about our own similar goods or services, without having been given specific consent. We use additional information provided on a voluntary basis to select and design any advertising that is appropriate for the target audience.

VIII.2 Legal basis for data processing

The legal basis for processing is Article 6 (1) (f) of the GDPR.

VIII.3 Purpose of data processing

Data processing takes place for the purpose of promoting our own similar goods or services.

VIII.4 Data storage period

The data storage period depends on the main purpose of collection (point VII.4.)

IX Comments feature

As part of the comments feature on this website, the time the comment was created and the chosen commenter name will be saved and published on the website in addition to your comment. Your IP address is also logged and stored. The IP address is stored for security reasons, and in the event that the data subject violates the rights of third parties or posts illegal content by posting a specific comment. We need your e-mail address in order to contact you if a third party objects to the published content on the basis of it being unlawful. The legal bases for the storage of your data are Article 6 (1) (b) and (f) of the GDPR. We reserve the right to delete comments if third parties object to them on the basis of them being unlawful.

As a user, you can subscribe to follow-up comments. You will receive a confirmation e-mail to ensure that you are the owner of the e-mail address provided (double opt-in procedure). The legal basis for data processing in the case of subscribing to comments is Article 6 (1) (a) of the GDPR. You can unsubscribe from ongoing comment subscriptions at any time with future effect; please refer to the confirmation e-mail for more information on how to unsubscribe.

X Scalable central measurement system; VG Wort

Our website uses the measurement system (‘SZMnG’) of INFOnline GmbH (https://www.infonline.de) in order to determine statistical key figures concerning the use of our website. The objective of use measurement is to determine the number of visits to our website, the number of website visitors and their surfing behaviour in a statistical way—based on a uniform standard procedure—and thus to obtain comparable values across the market. For all digital offerings that are members of the German Audit Bureau of Circulation (‘Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V.’, IVW—www.ivw.eu) or participate in studies by Arbeitsgemeinschaft Online-Forschung e.V. (AGOF—www.agof.de), usage statistics are routinely further processed by the AGOF and Arbeitsgemeinschaft Media-Analyse e.V. (agma—www.agma-mmc.de) for reach and published with a ‘unique user’ performance value, and published by the IVW with the performance values ‘page impression’ and ‘visits’. These reaches and statistics can be viewed on the respective websites.

X.1. Legal basis for data processing

Measurement using the SZMnG measurement system by INFOnline GmbH takes place based on legitimate interests under Article 6 (1) (f) of the GDPR. The purpose of processing personal data is to create statistics and to form user categories.

The statistics are used to understand and provide evidence of the use of our offering. User categories form the basis of the interest-based alignment of advertising material and advertising measures.

A use measurement which ensures comparability with other market participants is essential to market this website. Our legitimate interest is based on the economic usability of the findings resulting from the statistics and user categories and the market value of our website—including in direct comparison with third-party websites—which can be determined from the statistics. In addition, we have a legitimate interest in making pseudonymised data available to INFOnline, the AGOF and the IVW for the purposes of market research (AGOF, agma) and for statistical purposes (INFOnline, IVW).

Furthermore, we have a legitimate interest in providing pseudonymised data to INFOnline for the further development and provision of interest-based advertising material.

X.2. Type of data

INFOnline GmbH collects the following data which, under the EU GDPR is considered to be personal data:

IP address: on the Internet, each device needs a unique address to be able to transmit data, which is called an ‘IP address’. It is necessary to at least store the IP address on a short-term basis from a technical perspective due to the way in which the Internet works. IP addresses are truncated by 1 byte before any processing and are only processed anonymously. Untruncated IP addresses are neither stored nor processed.

A randomly generated client identifier: Reach processing uses either a third-party cookie, a first-party cookie, a ‘local storage object’ or a signature that is created from various automatically information transmitted from your browser in order to recognise computer systems. This identifier is unique to a browser as long as the cookie or local storage object is not deleted. Measurement of data and subsequent assignment to the respective client identifier is therefore also possible if you access other websites that also use the INFOnline GmbH measurement system (‘SZMnG’). The cookie’s validity is limited to a maximum of one year.

X.3. Using data

INFOnline GmbH’s measurement system, which is used on this website, identifies usage data. This is done in order to collect the performance values of page impressions, visits and clients, and to form further key figures (e.g. qualified clients). In addition, the measured data will be used as follows:

‘Geolocation’, which means mapping the location where a website is accessed, is exclusively based on anonymised IP addresses and only takes place down to the geographical level of federal states/regions. In no case can a conclusion be drawn as to the specific location of a user from the geographic information obtained in this way.

A technical client’s usage data (e.g. a browser on a device) is merged across web pages and stored in a database. This information is used for the technical assessment of the socio-information of age and gender, and is passed on to AGOF service providers for further reach processing.

As part of the AGOF study, social characteristics are estimated on the basis of a random sample, which can be assigned to the following categories: age, gender, nationality, occupation, marital status and children, general household data, household income, place of residence, Internet use, online interests, place of use, type of user.

X.4. Storage period for data

INFOnline GmbH does not store complete IP addresses. Truncated IP addresses are stored for a maximum of 60 days. The usage data relating to the unique identifier is stored for a maximum of 6 months.

X.5. Sharing data

IP addresses and truncated IP addresses are not shared. Data with client identifiers are shared with the following AGOF service providers in order to compile the AGOF study:

X.6. Data subject rights

Each data subject has the following rights:

  • Right of access (Article 15 of the GDPR)
  • Right to rectification (Article 16 of the GDPR)
  • Right to object (Article 21 of the GDPR)
  • Right to erasure (Article 17 of the GDPR)
  • Right to restriction of processing (Article 18 f. of the GDPR)
  • Right to data portability (Article 20 of the GDPR)

Please contact our data protection officer for enquiries regarding this at datenschutz[at]dlv.de.

Please note that we have to make sure that such enquiries are made by the actual data subject.

The data subject has the right to lodge a compliant with a data protection authority.

More information on data protection regarding the measurement system can be found on INFOnline GmbH’s website (https://www.infonline.de), which runs the measurement system, AGOF’s page on data protection (http://www.agof.de/datenschutz) and IVW’s site on data protection (http://www.ivw.eu).

X.7. Right to object

If you do not wish to participate in the measurement, you can object by clicking on the following link: https://optout.ioam.de

To guarantee exclusion from measurement, it is necessary to save a cookie for technical reasons. If you delete cookies in your browser, you will have to repeat the opt-out process by clicking on the above link.

The data subject has the right to lodge a compliant with a data protection authority.

XI Using your data for direct marketing

XI.1 Subscribing to our e-mail newsletter

If you subscribe to our e-mail newsletter, we will send you information about our offerings on a regular basis. The only mandatory information required to send the newsletter is your e-mail address. The provision of any other information is on a voluntary basis and is used to address you personally. We use the ‘double opt-in procedure’ to send newsletters. This means that we will only send you an e-mail newsletter if you have explicitly confirmed to us that you consent to newsletters being sent. We will then send you a confirmation e-mail asking you to confirm that you wish to receive future newsletters by clicking on a corresponding link.

By clicking on the confirmation link, you are giving us your consent to use your personal data in accordance with Article 6 (1) (a) of the GDPR. When you register for the newsletter, we store your IP address registered by the Internet service provider (ISP), as well as the date and time of registration, so that we can trace any potential misuse of your e-mail address at a later point in time. The data we collect when you register for the newsletter is used exclusively for the purposes of advertising in the form of the newsletter. You can unsubscribe at any time via the link provided in the newsletter or by sending a message about this to the controller referred to at the start of this privacy policy. After you unsubscribe, your e-mail address will be deleted from our newsletter mailing list immediately, unless you have explicitly consented to the further use of your data, or if we reserve the right to use data beyond this, which is permitted by law which we inform you about in this policy.

XI.2 Advertising by post

On the basis of our legitimate interest in personalised direct marketing, we reserve the right to store your first and last name, your postal address and—if we have received this additional information from you as part of the contractual relationship—your title, academic degree, year of birth and your professional, industry or business name in accordance with Article 6 (1) (f) of the GDPR, and to use it to send interesting offers and information about our products by post.

You can object to the storage and use of your data for this purpose at any time by sending a message to the controller.

XII Data processing for order processing

XII.1 Working with service providers

We work with the following service providers to process your order, who support us in executing concluded contracts either in whole or in part. Certain personal data is transmitted to these service providers in accordance with the information below.

The personal data we collect will be passed on to the transport company commissioned with delivery within the scope of processing the contract, insofar as this is necessary for delivering goods. We will pass on your payment information to the commissioned bank or financial institution within the scope of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will hereinafter explicitly inform you thereof. The legal basis for sharing data is Article 6 (1) (b) of the GDPR.

XII.2 Using payment service providers

XII.2.a ConCardis

If you have chosen credit card payment via the payment service provider ConCardis, payment processing takes place via the payment service provider ConCardis GmbH, Helfmann-Park 7, 65760 Eschborn, with which we share information about your order provided through the ordering process in accordance with Article 6 (1) (b) of the GDPR. Your data will only be shared for the purpose of payment processing with the payment service provider ConCardis and only insofar as it is necessary for this.

XII.2.b PAYONE

If you have chosen the payment service provider PAYONE as the payment method, payment processing takes place via the payment service provider BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, with which we share information about your order provided through the ordering process in accordance with Article 6 (1) (b) of the GDPR. Your data will only be shared for the purpose of payment processing with the payment service provider PAYONE and only insofar as it is necessary for this.

XII.2.c Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or—if available—‘Purchase on account’ or ‘Payment in instalments’ via PayPal, we will share your payment details with PayPal (Europe) Sarl et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter ‘PayPal’) within the scope of payment processing. Sharing takes place in accordance with Article 6 (1) (b) of the GDPR and only insofar as this is required for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods of credit card via PayPal, direct debit via PayPal or—if offered——‘Purchase on account’ or ‘Payment in instalments’ via PayPal. For this purpose, your payment details may be passed on to credit agencies on the basis of PayPal’s legitimate interest in determining your ability to pay, in accordance with Article 6 (1) (f) of the GDPR. PayPal uses the results of the credit check with respect to the statistical probability of payment default for the purpose of making a decision on providing the respective payment method. The credit check may contain probability values (‘score values’). If score values are included in the results of the credit check, they are based on a scientifically established mathematical and statistical method. Among others, address details are included in the calculation of score values, however these are not exclusively used. For further information on data protection, including on the credit agencies used, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, Paypal may still be entitled to process your personal data if this is required for contractual payment processing.

XIII Using social media: Videos

XIII.1 Using Vimeo videos

Our website includes plugins from the video portal Vimeo from Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. If you visit a page on our website that contains one of these plugins, your browser will establish a direct connection to Vimeo’s servers. Plugin content is sent directly to your browser by Vimeo and linked to the page. Using this link, Vimeo is notified that your browser has accessed it from the corresponding page on our website, even if you do not have a Vimeo account or are not currently signed into Vimeo. This information (including your IP address) is directly transmitted from your browser to Vimeo’s server in the USA and is saved there.

If you are signed into Vimeo, Vimeo can directly assign your visit to our website to your Vimeo account. If you interact with the plugins (for example by clicking on the start button for a video) this information will also be sent to Vimeo’s server and saved there.

The data processing operations described take place on the basis of Vimeo’s legitimate interest in market research and the needs-based design of its services, in accordance with Article 6 (1) (f) of the GDPR.

If you don’t want Vimeo directly assigning the data collected by our website to your Vimeo account, you must first sign out of Vimeo before visiting our website.

You can find the purpose and scope of data collection and further processing and use of the data by Vimeo as well as your rights and settings options for protecting your privacy in Vimeo’s privacy policy: http://vimeo.com/privacy

The Google Analytics tracking tool is automatically integrated into Vimeo videos embedded on our site. This is Vimeo’s own tracking system, to which we have no access and which cannot be influenced by our site. For tracking, Google Analytics uses ‘cookies’, which are text files that are saved on your computer that allow website use to be analysed. Information generated by the cookie relating to your use of this website is generally sent to a Google server in the USA and saved there.

This processing takes place on the basis of Vimeo’s legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes, in accordance with Article 6 (1) (f) of the GDPR.

XIII.2 Using Youtube videos

This website uses the YouTube embedding feature to display and play videos from the provider ‘YouTube’, which is owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’).

Privacy-enhanced mode is used here, which, according to the provider, does not start storing user information until the video(s) is/are played. If the playback of embedded YouTube videos is started, the provider uses ‘YouTube’ cookies to collect information about user behaviour. According to ‘YouTube’, these serve, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behaviour. If you are signed into Google, your data will be directly assigned to your account when you click on a video. If you don’t want this data to be assigned to your YouTube profile, you must sign out of Google before you click on the button. Google saves your data as user profiles and evaluates them (including for users who are not signed in). Such evaluation takes place in accordance with Article 6 (1) (f) of the GDPR in particular, on the basis of Google’s legitimate interest in displaying personalised advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, where you must contact YouTube to exercise this right.

Regardless of the playback of embedded videos, each time this website is accessed, a connection is established with Google’s ‘DoubleClick’ network, which can trigger further data processing operations without us having any influence over this.

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is certified under the ‘Privacy Shield’ US-European data protection agreement, which guarantees compliance with the level of data protection applicable in the EU.

You can find more information about data protection at ‘YouTube’ in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy

XIV Online marketing

XIV.1 Google AdSense

This website uses Google AdSense, a web advertisement service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’). Google AdSense uses ‘DoubleClick DART cookies’ (‘cookies’). These are text files that are saved on your computer that allow website use to be analysed. In addition, Google AdSense also uses ‘web beacons’ (small invisible graphics) to collect information, through the use of which simple actions such as visitor traffic on the website can be recorded, collected and evaluated. Information (including your IP address) generated by the cookie and/or web beacon relating to your use of this website may be sent to a Google server in the USA and saved there.

Google uses information received in this way to evaluate your user behaviour with respect to AdSense ads. The IP address sent from your browser as part of Google AdSense will not be merged with other Google data. The information collected by Google will also be sent to third parties if this is permitted by law and/or if third parties process this data by order of Google.

The processing of data described takes place in accordance with Article 6 (1) (f) of the GDPR for the purpose of advertising third parties addressing users in a targeted way for promotional purposes, where the ads are shown on the basis of evaluated user behaviour on this website. At the same time, the processing serves our financial interest in exploiting the economic potential of our website by displaying personalised third-party advertising content for a fee.

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is certified under the ‘Privacy Shield’ US-European data protection agreement, which guarantees compliance with the level of data protection applicable in the EU.

You can find out more information regarding Google’s privacy policy by clicking on the following link: http://www.google.de/policies/privacy/

You can permanently disable cookies for advertising preferences by disabling them in your browser software accordingly or by downloading and installing the browser plugin available via the following link: http://www.google.com/settings/ads/plugin?hl=de

Please note that certain features of this website may not be used or may only be used to a limited extent if you have disabled cookies.

XV Web analysis services

XV.1 Google (Universal) Analytics

- Google Universal Analytics

This website uses Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’). Google Analytics uses ‘cookies’, text files that are saved on your computer and allow website use to be analysed. The information generated by the cookie regarding your use of the website (including the truncated IP address) may be sent to a Google server in the USA and stored there.

This website exclusively uses Google Analytics with the extension ‘_anonymizeIp()’, which ensures that the IP address is anonymised through truncation and excludes any direct personal reference. This means that your IP address is truncated by Google within the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area before it is sent. A full IP address is only sent to a Google server in the USA and truncated there in exceptional cases. In these exceptional cases, this processing takes place in accordance with Article 6 (1) (f) of the GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.

We instruct Google to use this information to evaluate your use of the website, to compile reports about website activities and to provide other services to us that relate to website and Internet use. The IP address sent from your browser as part of Google Analytics will not be merged with other Google data.

You can block cookies from being saved by changing your browser settings; please note that in this case, you may not be able to use all of this website’s features properly. You can also prevent the data generated by the cookie relating to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plugin or within browsers on mobile devices, please click on this link to save an opt-out cookie which will prevent Google Analytics from collecting data on this website in the future (this opt-out cookie only works for this browser and only for this domain. If you delete your cookies in this browser, you will have to click on this link again): Disable Google Analytics

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is certified under the ‘Privacy Shield’ US-European data protection agreement, which guarantees compliance with the level of data protection applicable in the EU.

This website also uses Google Analytics to analyse visitor flows across devices, which is carried out using a user ID. You can disable the cross-device analysis of your use in your customer account under ‘Data & personalization’.

For more information about how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

XV.2 New Relic (New Relic Inc.)

This website uses the web analysis service New Relic, run by New Relic, Inc., 188 Spear St, San Francisco, CA 94105, USA. New Relic is used to collect, evaluate and store pseudonymised visitor data based on our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Article 6 (1) (f) of the GDPR. This data can be used to create and evaluate pseudonymised user profiles for the same purposes. New Relic uses ‘cookies’, which are small files that are stored locally in the site visitor’s web browser cache. Among other things, these cookies are used to recognise the browser, thus facilitating a more accurate determination of statistical data. The user’s IP address is part of the information collected, but is pseudonymised immediately after collection and before being stored in order to eliminate any potential personal references to an individual person.

New Relic Inc., based in the USA, is certified under the ‘Privacy Shield’ US-European data protection agreement, which guarantees compliance with the level of data protection applicable in the EU.

New Relic will under no circumstances associate your personal data with any other data held by New Relic. If you would like to object to the evaluation of user behaviour, you can change your browser settings so that you are informed about cookies being saved, and so that you can decide whether to accept each cookie or to reject cookies in certain cases or completely.

Alternatively, you can check whether New Relic saves advertising cookies in your browser and disable these by using the opt-out site for consumers from the EU: http://www.youronlinechoices.com/uk/your-ad-choices/.

You can access New Relic’s privacy policy via the following link: https://www.newrelic.de/cookie-policy

XVI Retargeting/remarketing/refer-a-friend advertising

XVI.1 Facebook Custom Audience via the pixel procedure

This website uses the ‘Facebook pixel’ from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter ‘Facebook’). If explicit consent is given, it can be used to track the behaviour of users after they have seen a Facebook ad or clicked on it. This process is designed to evaluate the effectiveness of Facebook ads for statistical and market research purposes and may help to optimise future advertising campaigns.

The data collected about you remains anonymous to us, so that it does not provide us with any information about the user’s identity. However, the data is stored and processed by Facebook, which may make a link to your Facebook profile and which may use the data for its own advertising purposes, as stipulated in the Facebook privacy policy (https://www.facebook.com/about/privacy/). You can enable Facebook and its partners to switch on advertising within and outside of Facebook. It can also save a cookie on your computer for these purposes. You explicitly consent to these processing operations under Article 6 (1) (a) of the GDPR.

Consent to the use of the Facebook pixel may only be given by users who are older than 13 years of age. If you are younger, we request that you ask your guardians for advice.

Facebook Inc., based in the USA, is certified under the ‘Privacy Shield’ US-European data protection agreement, which guarantees compliance with the level of data protection applicable in the EU.

To disable the use of cookies on your computer in general, you can set your web browser to reject the future storage of more cookies on your computer, and to delete cookies that have already been stored. However, disabling all cookies may result in it no longer being possible to execute some features on our site. You can also disable the use of cookies by third-party providers such as Facebook on the following Digital Advertising Alliance website: http://www.aboutads.info/choices/

XVI.2 Google AdWords remarketing

Our website uses Google AdWords remarketing features. This means we advertise this website via Google search results as well as third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’). For this purpose, Google saves a cookie in your end device browser, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. Processing takes place on the basis of our legitimate interest in the optimal marketing of our website in accordance with Article 6 (1) (f) of the GDPR.

Any additional processing only takes place if you have agreed with Google that your Internet and app browsing history will be assigned to your Google account and information from your Google account will be used to personalise ads you see online. If you are signed into Google whilst visiting our website, Google will use your data together with Google Analytics data to create and define target audience lists for cross-device remarketing. To do so, Google temporarily links your personal data with Google Analytics data to form target audiences.

You can permanently disable cookies being saved for advertising preferences by downloading and installing the browser plugin available via the following link: https://www.google.com/settings/ads/onweb/

Alternatively, you can read the information provided by the Digital Advertising Alliance about how cookies are saved and about cookie settings via www.aboutads.info. Finally, you can change your browser settings so that you are notified about cookies being saved on your machine and can decide whether to accept them, or you can change your settings so that you reject cookies in certain cases or generally. If you do not accept cookies, this can restrict the functionality of this website.

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is certified under the ‘Privacy Shield’ US-European data protection agreement, which guarantees compliance with the level of data protection applicable in the EU.

You can find further information and data protection regulations regarding advertising and Google via: https://www.google.com/policies/technologies/ads/

XVII Tools and miscellaneous

XVII.1 Google reCAPTCHA

We use the reCAPTCHA feature from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’) on this website. This feature is mainly used to distinguish whether the entry has been made by a natural person or whether abusive machine and automated processing takes place. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google, and is carried out in accordance with Article 6 (1) (f) of the GDPR based on our legitimate interest in determining the individual will-based nature of actions online and in avoiding abuse and spam.

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is certified under the ‘Privacy Shield’ US-European data protection agreement, which guarantees compliance with the level of data protection applicable in the EU.

More information about Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/

XVII.2 Google Maps

We use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’) on this website. Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually. Using this service will show you our location and make it easier for you to find us.

Even when accessing subpages which include a Google Maps map, information collected by the cookie about your use of this website (e.g. your IP address) may be sent to a Google server in the USA and saved there. This takes place regardless of whether you have a user account with Google that you are signed into or whether you don’t have a user account. If you are signed into Google, your data will be directly assigned to your account. If you don’t want this data to be assigned to your Google profile, you must sign out of Google before you click on the button. Google saves your data as user profiles and evaluates them (including for users who are not signed in). Such evaluation takes place in accordance with Article 6 (1) (f) of the GDPR in particular, on the basis of Google’s legitimate interest in displaying personalised advertising, market research and/or the needs-based design of its website. You have a right to object against this user profile being created, where you must assert this right against Google.

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is certified under the ‘Privacy Shield’ US-European data protection agreement, which guarantees compliance with the level of data protection applicable in the EU.

If you do not agree to the future transmission of your data to Google in the context of using Google Maps, it is also possible to completely disable the Google Maps web service by disabling the JavaScript application in your browser. In this case, Google Maps and hence the map display on this website cannot be used.

Google’s terms of use can be found at https://www.google.de/intl/de/policies/terms/regional.html and the additional terms of use for Google Maps at https://www.google.com/intl/de_US/help/terms_maps.html

Detailed information about data protection in connection with the use of Google Maps can be found on Google’s website (‘Google privacy policy’): https://www.google.de/intl/de/policies/privacy/

XVII.3 Trusted Shops Trustbadge

The Trusted Shops Trustbadge is embedded on this website to display our Trusted Shops seal of approval, as well as to offer Trusted Shops membership to buyers following an order.

This is used to safeguard our overriding legitimate interests in optimally marketing our goods and services pursuant to Article 6 (1) (f) of the GDPR, within the context of weighing all interests at stake. The trust badge and the services advertised through it are an offering from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

If the trust badge is clicked on, the web server automatically saves a ‘server log file’ that, as an example, stores your IP address, date and time of access, transferred volume of data and the requesting provider (access data), and documents the access. This access data is not evaluated and is automatically overwritten at the latest of seven days after your visit to the site has ended.

Additional personal data is only shared with Trusted Shops if you have chosen to use Trusted Shops products after placing an order, or are already registered for use. In this case, contractual agreements made between you and Trusted Shops apply.

XVII.4 Google Web Fonts

This website uses web fonts to display fonts. These are provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’) (http://www.google.com/webfonts/). To do this, your browser loads the required web font into your browser cache when you visit our site. This is necessary so that your browser can also display our texts in a way that is optically improved. If your browser does not support this feature, your computer will use a standard font.

You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq?hl=de-DE&csw=1 

You can find general information about data protection at Google at http://www.google.com/intl/de-DE/policies/privacy/

XVII.5 Playbuzz Quiz plugins

Plugins from the service ‘Playbuzz’ are integrated into our website, which are provided by Playbuzz Ltd., 3 Aluf Kalman Magen St., Building A, 1st Floor, Tel Aviv, 6107075, Israel (hereinafter ‘Playbuzz’). Using Playbuzz plugins, you can take part in quiz questions on our website. If you click onto a page on our website that contains such a plugin, your browser will establish a direct link with Playbuzz servers to access the embedded quiz. Please note that as the provider of this website, we do not know the content of the data sent, or how it is used by Playbuzz, and that we are not responsible for data collection and processing carried out by Playbuzz. You can find details on data collection, processing and use by Playbuzz in Playbuzz’s privacy policy: https://www.playbuzz.com/privacypolicy.

The legal basis for data processing is Article 6 (1) (f) of the GDPR. Our legitimate interests are based on the above-mentioned purposes for collecting data.

XVIII Advertising

With this type of service, this application can use user data to communicate advertising in the form of banners and other marketing methods—possibly based on user interests.

This does not mean that all personal data is used for this purpose. Further information and terms of use are detailed below.

Some of the services listed below may use cookies to identify users or use ‘behavioural retargeting’. This method can also be used to identify the interests and surfing behaviour of users, which does not take place via this application, in order to target advertisements accordingly. For further information, please refer to the privacy policy of the respective service.

In addition to the opt-out option which is offered by the services listed below, users are able to block third-party services from using cookies by visiting the Network Advertising Initiative’s website.

XVIII.1 AppNexus (AppNexus Inc.)

AppNexus is an advertising service from AppNexus Inc.

Personal data collected: cookie und usage data.

Place of processing: USA

Privacy policy

Opt out

XVIII.2 Criteo (Criteo SA)

Criteo is an advertising service from Criteo SA.

Personal data collected: cookie und usage data.

Place of processing: France

Privacy policy

Opt out

XVIII.3 DoubleClick for Publishers (Google Inc.)

DoubleClick for Publishers is an advertising service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’) which allows the owner to run advertising campaigns together with external advertising networks. The owner does not have a direct relationship with the third parties, unless otherwise stated in this document.

Users can use Youronlinechoices to opt out of tracking by various advertising networks. You can find more about how Google uses data in Google’s partner policy.

This service uses the ‘DoubleClick’ cookie to track how this application is used and how users respond to ads as well as any products and services offered.

Users have the option of disabling all DoubleClick cookies by clicking on the following link: www.google.com/settings/ads/onweb/optout?hl=de.

Personal data collected: cookie und usage data.

Place of processing: Ireland

Privacy policy

XVIII.4 Facebook Audience Network (Facebook, Inc.)

Facebook Audience Network is an advertising service from Facebook, Inc. You can find more information about how Facebook uses data in Facebook’s privacy policy.

This application uses identifiers for mobile devices (including Android Advertising ID or Advertising Identifier for iOS) and technology similar to cookies in order to run the Facebook Audience Network service. One of the ways Audience Network shows ads is by using the user’s ad preferences. The user can control this in Facebook ad settings.

Users may opt out of specific Audience Network targeting through the relevant device settings, such as the device advertising settings for mobile phones or by following the instructions in other sections of this privacy policy that relate to Audience Network, if available.

Personal data collected: cookie, unique device identification for advertising (Google ad ID or IDFA, for example) and usage data.

Place of processing: USA

Privacy policy

Opt out

XVIII.5 Google AdSense (Google Inc.)

Google AdSense is an advertising service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’). This service uses the ‘DoubleClick’ cookie to track how this application is used and how users respond to ads as well as any products and services offered.

Users have the option of disabling all DoubleClick cookies by clicking on the following link: google.com/settings/ads/onweb/optout.

Personal data collected: cookie und usage data.

Place of processing: Ireland

Privacy policy

Opt out

XVIII.6 Ligatus (Ligatus GmbH)

Ligatus is an advertising service from Ligatus GmbH.

Personal data collected: cookie und usage data.

Place of processing: Germany

Privacy policy

Opt out

XVIII.7 OpenX Ad Exchange (OpenX Technologies, Inc.)

OpenX Ad Exchange is an advertising service from OpenX Technologies, Inc.

This is an ad placement platform that facilitates the optimisation of media advertising investments from multiple advertising networks, which may be third parties with respect to OpenX and the owner.

Personal data collected: cookie und usage data.

Place of processing: USA

Privacy policy

Opt out

XVIII.8 Outbrain (Outbrain Inc.)

Outbrain is an advertising service from Outbrain Inc.

Personal data collected: cookies and various types of data as described in the service’s privacy policy.

Place of processing: USA

Privacy policy

Opt out

XVIII.9 PubMatic (PubMatic, Inc.)

PubMatic is an advertising service from PubMatic, Inc.

Personal data collected: cookie und usage data.

Place of processing: USA

Privacy policy

Opt out

XVIII.10 Rubicon Project (The Rubicon Project, Inc.)

Rubicon Project is an advertising service from The Rubicon Project, Inc.

Personal data collected: cookie und usage data.

Place of processing: USA

Privacy policy

Opt out

XVIII.11 Taboola Monetize Content (Taboola Inc.)

Taboola is an advertising service from Taboola Inc.

Personal data collected: cookie und usage data.

Place of processing: USA

Privacy policy

Opt out

XVIII.12 iq digital

We receive pseudonymous data belonging to users of our websites from iq digital for our marketing activities. We then combine this with plain data if you have given us a relevant declaration of consent. If data is processed by our partner iq digital, the data will only be processed pseudonymously.

iq digital sets out its activities below:

When accessing websites in its marketing portfolio (see portfolio here), iq digital saves cookies in a user’s browser. In order to avoid waste coverage when displaying advertising material, iq digital also compares its own cookies against cookies it receives from third-party companies, for example to avoid addressing the same user twice or to increase the degree of accuracy for advertising material. In some cases, iq digital also allows third-party companies to use their own cookies in the iq digital portfolio, based on corresponding contracts, or makes data segments collected through cookies available to third parties.
Users can control the use of cookies. Most browsers have an option to restrict or completely block cookies from being saved. As a result, users do not receive less advertising, but advertising that is less relevant to them. iq digital also provides the option of blocking or deleting individual cookies. iq digital sets out the cookies used below.
To make the overview of cookies used by iq digital easier, please refer to the overviews containing general information about their intended purpose, available at www.iqdigital.de/transparenz. For each cookie used, iq digital also uses a software tool to provide detailed information about the general purposes of the cookie (which can go beyond use at iq digital), the provider and opt-out options. You can find more information here.

iq digital uses the following types of cookies:

  • Campaign validation cookies—these are cookies that are used to check whether an iq digital advertising campaign was carried out in line with an advertising customer’s order. This includes
    • Cookies from iq digital and iq digital’s partners, which record whether an advertising banner has actually been placed on a website at the agreed frequency.
    • Cookies from the service provider, which displays the advertising material for iq digital from a technical perspective. These are used to adhere to and review additional campaign specifications agreed with a customer (e.g. agreed time at which advertising material is shown, geographical campaign area, repeated display of the same advertising material to a user, or whether the user has accessed an underlying format).

More information about the individual cookies for campaign validation can be found here.

  • Cookies to achieve a higher degree of accuracy: Cookies always only transmit pseudonymous data. A cookie cannot be used to identify gender or areas of interest, for example. The cookie does not know which user is currently accessing the browser. As such, cookies from iq digital are compared against cookies from other service providers in order to increase the probability of a hit in a certain segment (e.g. gender). iq digital uses the following cookies for such a comparison:
    • Cookies that are saved in the context of user surveys.
    • Cookies that are saved by service providers on behalf of iq digital when moving around online (pages accessed by a user).
    • Cookies that iq digital receives from third parties in order to compare them against its own segmentation.
    • Cookies saved by iq digital partners to achieve a higher degree of accuracy and compare against its own pseudonymous data.

 More information about the individual cookies for achieving a higher degree of accuracy can be found here.

The personal—pseudonymous—data is processed by iq digital on the basis of Article 6 (1) (f) of the GDPR. This permission allows the processing of personal data if there is a ‘legitimate interest’ for the controller and this does not conflict with a user’s overriding interests. Our legitimate interest is in providing website and app features. Both contain extensively researched information that we provide free of charge to a considerable extent. Marketing advertising space on our website allows us to continue to be able to keep large parts of these offerings available in this form for everyone, therefore making a significant contribution to the transfer of knowledge, informing the public and exchanging opinions. When it comes to the user-related display of advertising material, we are guided by selections that are also common in the print sector. Here, too, advertising material is booked based on the environment and the reader, and is reviewed for how it is perceived by the relevant target groups through reader reach analyses. This is because, unlike in the print sector—where reader structures are also to a large extent known because of the subscriptions taken out—only pseudonymous data is available and cookies are used to validate display segments.

Opt-out for agrarheute.com

Opt-out for forstpraxis.de

XVIII.13 Amazon

Amazon (aps.amazon.com) uses technology to show you adverts that are relevant to you. The provider of Amazon publisher services is Amazon publisher services, which has its registered office at Washington – 410 Terry Ave. North, Seattle, WA 98109-5210. If you do not want Amazon publisher services to continue collecting anonymised data, please click on the opt-out link below. This opt-out cookie deletes the information previously saved and prevents the further collection of information.

The processing of data described takes place in accordance with Article 6 (1) (f) of the GDPR for the purpose of advertising third parties addressing users in a targeted way for promotional purposes, where the ads are shown on the basis of evaluated user behaviour on this website. At the same time, the processing serves our financial interest in exploiting the economic potential of our website by displaying personalised third-party advertising content for a fee.

Personal data collected: cookie und usage data.

Place of processing: USA

Privacy policy

Opt out

XVIII.14 Improve Digital

Improvedigital International B.V. (improvedigital.com), 1013 AP Amsterdam, Danzigerkade 00215, Netherlands, (‘Improvedigital’) offers the auction-based sale of advertising space and saves pseudonyms for users. 

The processing of data described takes place in accordance with Article 6 (1) (f) of the GDPR for the purpose of advertising third parties addressing users in a targeted way for promotional purposes, where the ads are shown on the basis of evaluated user behaviour on this website. At the same time, the processing serves our financial interest in exploiting the economic potential of our website by displaying personalised third-party advertising content for a fee.

Personal data collected: cookie und usage data.

Place of processing: Netherlands

If you don’t want Improvedigital continuing to collect data, please click on the following link: https://www.improvedigital.com/platform-privacy-policy/. If you use the opt-out option, the information previously stored will be erased and the use of an opt-out cookie will prevent the further collection of information.

XIX Data subject rights

If personal data relating to you is processed, you are a data subject within the meaning of the GDPR and you have the following rights with respect to the controller:

XIX.1 Right of access

You can obtain confirmation from the controller as to whether or not personal data relating to you is being processed by us.

If such processing takes place, you can request the following information from the controller:

(1) the purposes for which personal data is being processed;

(2) the categories of personal data concerned;

(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;

(4) the envisaged period for which your personal data will be stored, or, if specific information is not available, the criteria for determining the storage period;

(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(6) the existence of the right to lodge a complaint with a supervisory authority;

(7) any available information regarding the origin of the data if the personal data has not been collected from the data subject;

(8) the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

You have the right to be informed as to whether your personal data will be transmitted to a third country or an international organisation. In this context, you may request to be informed about the appropriate safeguards relating to the transfer, pursuant to Article 46 of the GDPR.

XIX.2 Right to rectification

You have a right to obtain from the controller rectification and/or completion if the personal data processed concerning you is incorrect or incomplete. The controller must rectify the data without undue delay.

XIX.3 Right to restriction of processing

You have the right to obtain restriction of processing with respect to the personal data concerning you where one of the following conditions applies:

(1) if you contest the accuracy of your personal data, for a period enabling the controller to verify its accuracy;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) the controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims; or

(4) you have objected to processing pursuant to Article 21 (1) of the GDPR, pending verification as to whether the legitimate grounds of the controller override your grounds.

Where the processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with the your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted pursuant to the above conditions, you shall be informed by the controller before the restriction of processing is lifted.

XIX.4 Right to erasure

XIX.4.a Erasure obligation

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller is obliged to erase this data without undue delay where one of the following grounds applies:

(1) the personal data concerned is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

(2) you withdraw your consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, and where there is no other legal basis for the processing.

(3) you object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) of the GDPR.

(4) the personal data concerning you has been unlawfully processed.

(5) the personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law which the controller is subject to.

(6) the personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.

XIX.4.b Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17 (1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject has requested the erasure by such controllers of any links to, or copy or replication of, such personal data.

XIX.4.c Exceptions

There is no right to erasure if the processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) as well as Article 9 (3) of the GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR in so far as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defence of legal claims.

XIX.5 Right to be informed

If you have asserted the right to rectification, erasure or restriction of processing against the controller, they are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of data or the restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about these recipients by the controller.

XIX.6 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit such data to another controller without hindrance from the controller to which the personal data has been provided, where

(1) the processing is based on consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR; and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where this is technically feasible. This must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.

XIX.7 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions.

The controller will no longer process personal data relating to you unless it can prove that there are compelling legitimate grounds for processing that override your interests, rights and freedoms, or if processing serves the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

XIX.8 Right to withdraw declaration of consent under data protection law

You have the right to withdraw your consent given under data protection law at any time. By withdrawing your consent, the lawfulness of processing previously carried out on the basis of consent will not be affected by this.

XIX.9 Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and a controller;

(2) is authorised by Union or Member State law which the controller is subject to and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data referred to in Article 9 (1) of the GDPR, unless Article 9 (2) (a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

XIX.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant about the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.