top of page

Privacy Policy

With the following Privacy Policy, we inform you, as a user of the Waltinger-Bergmann GbR website, which personal data we collect when you access our website and how this data is processed. Pursuant to Article 13 of the EU General Data Protection Regulation (GDPR), we inform you, as the data subject, about the type, scope, and purpose of the collection and processing of your data, as well as your rights and your options to lodge complaints and object.


1 - Data controller – name and address

The data controller within the meaning of the General Data Protection Regulation (GDPR), the other national data protection laws of the EU Member States, and other data protection provisions is:

Waltinger-Bergmann GbR
Platanenstraße 43
04329 Leipzig
GERMANY

represented by the partners Dipl.-Ing. Danny Waltinger und Dr. René Bergmann

Phone: +49 341 65876961
Email: kontakt@waltinger-bergmann.com
Web: www.waltinger-bergmann.com


2 - General information on data processing

a) Scope of processing of personal data

 

We process our users’ personal data only to the extent necessary to provide a functional website and our content and services. As a rule, we process personal data only with the user’s consent. An exception applies where obtaining prior consent is not possible for practical reasons and processing is permitted by law.

 

b) Legal basis for processing personal data

 

Where we obtain the data subject’s consent for processing operations, the legal basis is Art. 6(1)(a) GDPR. Where processing is necessary for the performance of a contract to which the data subject is party, or to take steps prior to entering into a contract, the legal basis is Art. 6(1)(b) GDPR. Where processing is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Art. 6(1)(c) GDPR. Where processing is necessary to protect the vital interests of the data subject or another natural person, the legal basis is Art. 6(1)(d) GDPR.

Where processing is necessary for the purposes of the legitimate interests pursued by our company or a third party and these interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis is Art. 6(1)(f) GDPR.

 

c) Deletion of data and storage duration

 

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may continue if provided for by European or national lawmakers in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned provisions expires, unless further storage is necessary for the conclusion or performance of a contract.


3 - Hosting

This website is operated using the “Wix Studio” website builder. The provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel. For the technical operation of the website, Wix uses various content delivery networks (CDNs) and server services that can be accessed from different regions.

Personal data are processed in the following countries:

 

  • Israel (EU adequacy decision under Art. 45 GDPR),

  • United States by Wix.com Inc. (certified under the EU–US Data Privacy Framework; adequate level of protection under Art. 45 GDPR),

  • Japan (EU adequacy decision under Art. 45 GDPR),

  • Ireland (within the EU; no special requirements).

 

For transfers to third countries without an adequacy decision, Wix uses the European Commission’s Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR, along with any additional technical, contractual, and organizational safeguards. Further information can be found in Wix’s official GDPR FAQs and Wix's Privacy Policy.

 

A data processing agreement pursuant to Art. 28 GDPR is in place with Wix.


4 - Provision of the website and creation of log files

a) Description and scope of data processing

 

Each time our website is accessed, the system of our web hosting provider, Wix.com Ltd. (see Hosting), automatically collects data and information from the user’s device and stores them in so-called server log files.

 

The following data are collected:

 

  • the name of the requested website/resource

  • referrer URL (previously visited page)

  • the user’s IP address

  • date and time of access

  • the user’s operating system

  • information about the browser type and version used

  • device type (e.g., desktop, mobile device)

 

These data and information are recorded in log files on the server of the web hosting provider. These data are not stored together with other personal data of users. No inferences about a specific individual are possible.

 

We have a data processing agreement with Wix pursuant to Art. 28 GDPR.

 

In addition, technically necessary cookies (including session IDs) are used. Their use is described in detail in the “Use of Cookies” section.

 

b) Legal basis for data processing

 

The legal basis for the temporary storage of the data and the log files is Art. 6(1)(f) GDPR.

 

c) Purpose of data processing

 

Temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer; for this purpose, the user’s IP address must be stored for the duration of the session. Storage in log files is carried out to ensure the website’s functionality. The data also serve to optimize the website and to ensure the security of our IT systems. The data are not evaluated for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing under Art. 6(1)(f) GDPR.

 

d) Storage duration

 

Data are deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of data collected to provide the website, this is the case when the respective session ends. In the case of storage in log files, this is after 7 days. The storage duration of cookies used is set out in the “Use of Cookies” section.

 

e) Right to object and removal

 

Collecting data for the provision of the website and storing data in log files is strictly necessary for operating the website. Consequently, users have no right to object.


5 - Use of cookies

a) Description and scope of data processing

 

Our website uses only technically necessary cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s device. These cookies are set automatically by the Wix system to provide the website’s basic functions. This includes, in particular, session management, security, as well as stability and error diagnostics. When using the online appointment booking, you will be redirected to Microsoft Bookings and leave our website. Microsoft is responsible for data processing on the booking page; Microsoft’s privacy and cookie policies apply there (see the section “Online appointment scheduling with Microsoft Bookings”).

 

b) Legal basis for data processing

 

The use of strictly necessary cookies is based on Art. 6(1)(f) GDPR in conjunction with Section 25(2) TDDDG (Germany). Our legitimate interest lies in the technically error-free and secure provision of our website.

 

c) Purpose of data processing

 

Strictly necessary cookies ensure the operation of the website, store user preferences (e.g., language settings), and enable security-relevant functions. The user data collected by strictly necessary cookies are not used to create user profiles.

 

d) Storage duration

 

Some of the cookies used are session cookies, which are automatically deleted after the session ends. Other cookies remain stored beyond the session and are automatically removed after a defined period.

 

The following cookies are used ((depending on the browser)):

e) Right to object and removal

 

You can delete or block cookies at any time via your browser settings. If strictly necessary cookies are disabled, the functionality of the website may be limited.


6 - Contacting us (postal mail, phone, email, social media)

a) Description and scope of data processing

 

If you contact us by email, phone, postal mail, or via social media, the personal data you provide will be processed. This includes, among other things, your name, email address, postal address, phone number, and any additional information you include in the communication. These personal data are stored for the purpose of handling your inquiry. No disclosure to third parties takes place. The data are used solely to process the conversation.

 

b) Legal basis for data processing

 

Where the user has given consent, the legal basis is Art. 6(1)(a) GDPR. The legal basis for processing data transmitted by email, phone, or postal mail is Art. 6(1)(f) GDPR. Our legitimate interest lies in properly handling your inquiry and, where applicable, contacting you again (e.g., for customer care or follow-up questions). If the contact aims at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR.

 

c) Purpose of data processing

 

The purpose of processing is to handle your inquiry and, where applicable, to continue communication in relation to a specific matter or a contractual relationship.

 

d) Storage duration

 

Data are deleted as soon as they are no longer necessary for the purpose for which they were collected and no statutory retention obligations apply. Personal data transmitted by email, phone, or postal mail are deleted when the respective conversation with the user has ended. The conversation is deemed ended when the circumstances indicate that the matter has been conclusively clarified. Contact details of inquirers and customers may be stored beyond the end of the conversation where there is a legitimate interest in later contact (e.g., customer care or follow-up on prior projects).

 

e) Right to object and removal

 

You may withdraw your consent to the processing of personal data at any time by email. If you contact us by email, you may also object to the storage of your personal data at any time. In such cases, the conversation cannot be continued. To withdraw consent or object to storage, please send an informal email to the address provided in the Legal Notice. All personal data stored in the course of the contact will then be deleted.


4 - Newletter

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.

 


4 - Blog

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.

 


4 - Analyse-Tools

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.

 


7 - Online appointment scheduling with Microsoft Bookings

a) Description and scope of data processing

 

We offer you the option to book online appointments for a non-binding initial consultation on our website. For this, we use the “Microsoft Bookings” service, a component of Microsoft 365. The provider is:

 

Microsoft Ireland Operations Limited

One Microsoft Place, South County Business Park

Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”).

 

Microsoft may also process data through other group companies, e.g., Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

 

The booking page is accessed via an external link. When you click this link/button, you are redirected to a Microsoft Bookings page. Only then is a connection to Microsoft’s servers established.

 

If you schedule an appointment via Microsoft Bookings, the following personal data—depending on the information you provide—will be processed in particular:

 

  • name

  • email address

  • phone number (if applicable)

  • selected appointment (date, time)

  • details of your inquiry in the free-text field

  • technical usage data (e.g., IP address, time of booking, browser information) required to provide the service.

 

The data you enter are transmitted to us via Microsoft Bookings and stored in our Microsoft 365 account and in the corresponding Outlook calendars. We generally use Microsoft Teams to conduct the online appointment; in doing so, additional data may be processed by Microsoft in accordance with Microsoft’s applicable privacy terms; see the section “Online meetings with Microsoft Teams.”

 

We have concluded a data processing agreement with Microsoft pursuant to Art. 28 GDPR. For certain processing operations conducted by Microsoft under its own responsibility (so-called “legitimate business operations” of Microsoft), Microsoft is itself the controller within the meaning of Art. 4(7) GDPR. Further information on Microsoft’s data processing can be found in Microsoft’s Privacy Statement at https://privacy.microsoft.com/de-de/privacystatement.

 

b) Legal basis for data processing

 

The legal basis for processing your data in connection with online appointment scheduling is generally Art. 6(1)(b) GDPR (taking steps prior to entering into a contract or initiation of a contractual relationship). Where the contact is merely of a general nature without a specific contractual reference, we additionally rely on Art. 6(1)(f) GDPR. Our legitimate interest lies in efficient, user-friendly appointment organization and the reduction of coordination effort. Where we obtain your consent in individual cases (e.g., by ticking a corresponding checkbox), the additional legal basis is Art. 6(1)(a) GDPR.

 

c) Purpose of data processing

 

The purpose of processing is the planning, execution, and follow-up of appointments with (potential) customers, as well as documentation of the respective discussions in the context of initiating or conducting a business relationship. Using Microsoft Bookings enables structured appointment management, avoidance of double bookings, and clear assignment of inquiries to the responsible contacts.

 

d) Storage duration

 

Personal data collected in the course of scheduling appointments are stored only as long as necessary for the preparation, execution, and follow-up of the respective appointment and, where applicable, for further communication in connection with a (pre-)contractual relationship. Calendar entries and the personal data they contain are stored in accordance with our general retention periods and then deleted or anonymized, unless statutory retention obligations or overriding legitimate interests (e.g., documenting business relationships or asserting legal claims) require otherwise.

 

e) Right to object and removal

 

Use of Microsoft Bookings for appointment scheduling is voluntary. You are not obliged to use this service. Alternatively, you can schedule appointments with us at any time by email or phone (see the “Contacting us” section).

 

You may object to the processing of your personal data for the future or withdraw any consent given at any time with effect for the future. In that case, online appointment booking via Microsoft Bookings will no longer be possible; data already stored will be deleted unless statutory retention obligations prevent this.


7 - Online meetings with Microsoft Teamsv

a) Description and scope of data processing

 

We use Microsoft Teams for online meetings (e.g., initial consultations, coordination meetings, workshops), a service provided by:

 

Microsoft Ireland Operations Limited

One Microsoft Place, South County Business Park

Leopardstown, Dublin 18, D18 P521, Ireland

 

Microsoft may also process personal data via other group companies, e.g., Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

 

If you participate in an online meeting with us, the following data are processed—depending on use and configuration in particular:

 

  • Basic data: name, contact details provided (e.g., email address), company affiliation (if applicable), role/function

  • Meeting data: subject, description, date, time, duration, participants

  • Connection data: IP address, device/hardware information, operating system used, client version, language settings (if applicable)

  • Content data: spoken contributions (audio) and video image after explicit prior consent, chat messages, and content you share (e.g., screen, presentations, files)

 

The data are processed within Microsoft 365 and stored in our corresponding Outlook calendars and Teams instances.

 

By default, we do not record online meetings. If, in exceptional cases, a recording or further use (e.g., for documentation or training purposes) is planned, we will inform you of this in advance and—where required—obtain your consent.

 

We have a data processing agreement with Microsoft pursuant to Art. 28 GDPR. For certain processing operations carried out by Microsoft under its own responsibility (“own business purposes”), Microsoft is the controller within the meaning of Art. 4(7) GDPR. Further information on Microsoft’s data processing can be found in Microsoft’s Privacy Statement: https://privacy.microsoft.com/de-de/privacystatement.

 

b) Legal basis for data processing

 

The legal basis for processing personal data in the context of online meetings is generally Art. 6(1)(b) GDPR (taking steps prior to entering into a contract and performance of a contract), insofar as the meeting serves the preparation, execution, or follow-up of a (potential) business relationship.

 

Where an online meeting cannot be assigned directly to a specific contractual relationship (e.g., a general introductory call), we additionally rely on Art. 6(1)(f) GDPR. Our legitimate interest lies in efficient, location-independent communication with (potential) customers and partners, reducing travel, and accelerating coordination processes. Where we obtain your consent for certain processing (in particular for recordings), the additional legal basis is Art. 6(1)(a) GDPR.

 

c) Purpose of data processing

 

The purpose of processing is to conduct and organize online meetings with (potential) customers, partners, and prospects, in particular to:

 

  • coordinate on projects and services,

  • conduct initial consultations and advisory meetings,

  • handle internal and external coordination in ongoing projects.

 

d) Storage duration

 

Personal data related to online meetings are stored only as long as necessary for the preparation, execution, and follow-up of the respective meeting and for further communication within the business relationship. Calendar entries and associated metadata are stored in accordance with our general retention and documentation periods and then deleted or anonymized, unless statutory retention obligations or overriding legitimate interests (e.g., documenting business transactions or establishing, exercising, or defending legal claims) require otherwise.

 

Recordings of online meetings (if made at all and only after prior notice/consent) are deleted no later than when the specific purpose ceases to apply.

 

e) Right to object and removal

 

Participation in online meetings via Microsoft Teams is voluntary. If you do not wish to use Microsoft Teams, we can offer alternative contact options by arrangement (e.g., a phone call without Teams or an in-person meeting).

 

You may object to the processing of your personal data related to the use of Microsoft Teams for the future or withdraw any consent given (e.g., for a recording) at any time with effect for the future. In such cases, participation in online meetings via Microsoft Teams may be limited or no longer possible; data already stored will be deleted in accordance with legal requirements unless retention obligations or overriding legitimate interests prevent deletion.


9 - Data security

Our website uses a secure HTTPS connection for encrypted data transmission. The current TLS (Transport Layer Security) encryption protocol is used. The technical infrastructure is provided by our service provider Wix.com Ltd. Wix implements extensive technical and organizational measures to protect personal data against loss, misuse, or unauthorized access. These include, among others, certified data centers (ISO 27001), firewalls, access controls, and regular security audits.

 

Further information on data security at Wix is available at:

https://de.wix.com/about/privacy


10 - Weitergabe von Daten

We only disclose your personal data to third parties where this is necessary for the following purposes.

 

Disclosure occurs only if:

 

  • you have given your explicit consent (Art. 6(1)(a) GDPR),

  • processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract (Art. 6(1)(b) GDPR),

  • there is a legal obligation to disclose (Art. 6(1)(c) GDPR), or

  • disclosure is necessary for the purposes of legitimate interests pursuant to Art. 6(1)(f) GDPR – particularly for the establishment, exercise, or defense of legal claims – and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed.


11 - Data transfers to third countries

In the course of operating this website, personal data may be transferred to so-called third countries outside the European Union (EU) and the European Economic Area (EEA). This applies in particular to our cooperation with our website provider Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel.

 

For Israel, there is an adequacy decision by the European Commission pursuant to Art. 45 GDPR, ensuring an adequate level of data protection. Where processing is carried out by Wix.com Inc. in the United States, the transfer is based on Wix’s certification under the EU–US Data Privacy Framework (DPF), which likewise ensures an adequate level of protection.

 

Where necessary, Wix also uses the Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of protection for processing in additional countries – such as Japan or Ireland. Supplementary technical, contractual, and organizational measures are also applied.

 

Further information on Wix’s data processing and the safeguards used can be found in Wix’s Privacy Policy and on the Wix Privacy Hub.


12 - Data subject rights

If we process your personal data, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller. To exercise these rights, a simple email to kontakt@waltinger-bergmann.com is sufficient.

 

a) Right of access

 

You may obtain confirmation from the controller as to whether personal data concerning you are being processed.

Where this is the case, you may request access to the following information:

 

  • the purposes for which the personal data are processed;

  • the categories of personal data concerned;

  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

  • the envisaged period for which the personal data concerning you will be stored or, if specific information is not possible, the criteria used to determine that period;

  • the existence of the right to request rectification or erasure of personal data concerning you, restriction of processing by the controller, or to object to such processing;

  • the right to lodge a complaint with a supervisory authority;

  • any available information as to the source of the data if the personal data were not collected from the data subject.

 

You also have the right to be informed whether personal data concerning you are transferred to a third country or an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

 

b) Right to rectification

 

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and/or completion of incomplete personal data.

 

c) Right to restriction of processing

 

You may request restriction of processing of personal data concerning you where one of the following applies:

 

  • you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

  • the controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise, or defense of legal claims; or

  • you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the controller’s legitimate grounds override yours.

 

Where processing has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

You will be informed by the controller before the restriction is lifted.

 

d) Right to erasure

 

Obligation to erase

 

You may obtain from the controller the erasure of personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay where one of the following grounds applies:

 

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  • you withdraw consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal ground for the processing;

  • you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;

  • the personal data have been unlawfully processed;

  • the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;

  • the personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

 

Information to third parties

 

Where the controller has made the personal data public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, those personal data.

 

Exceptions

 

The right to erasure does not apply to the extent that processing is necessary:

 

  • for exercising the right of freedom of expression and information;

  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  • for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;

  • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89(1) GDPR, insofar as the right referred to under (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

  • for the establishment, exercise, or defense of legal claims.

 

e) Right to notification

 

If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.

 

f) Right to data portability

 

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

 

  • the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract pursuant to Art. 6(1)(b) GDPR; and

  • the processing is carried out by automated means.

 

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected.

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

g) Right to object

 

You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

 

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing for such marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

 

h) Right to withdraw consent

 

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

i) Right to lodge a complaint with a supervisory authority

 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

 

For Saxony:

 

Saxon Data Protection Commissioner

Devrientstraße 5, 01067 Dresden

Phone: +49 351 85471-101

Fax: +49 351 85471-109

Email: saechsdsb@slt.sachsen.de

 

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

bottom of page