Privacy notice
1. Introduction
The "hiPanya" application collects personal data from its users."hiPanya" supports parents/guardians of children with recurring sleep problems through digitally guided parent training and other interventional tools that are used together with the child. The purpose is to improve the child's sleep and associated morning and evening routines together with the child. The aim of this Privacy Notice is to inform you about the scope and purpose of the personal data we collect, use and process.As the data controller, we have implemented numerous technical and organizational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps so that absolute protection cannot be guaranteed.
2. Data controller
The data controller, as defined by the GDPR, is:medigital GmbH
Medice-Allee 158638 IserlohnManaging Director:
Felix Lambrechtinfo-medigital[at]medice.de
3. Data protection officer
You can reach the data protection officer as follows:medigital GmbH
Medice-Allee 158638 IserlohnE-Mail: privacy-medigital[at]medice.de
4. Definitions
This Privacy Notice is based on the terminology used by the European legislature and legislature in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand, both for the public and for our customers and business partners. To ensure this, we would like to explain in advance the terminology used. Among other things, we use the following terms in this privacy policy.We use the following terms in this Privacy Notice, among others:1. Personal dataPersonal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subjectA Data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
3. Processing
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of processingRestriction of processing is the marking of stored personal data with the aim of limiting their future processing.5. Profiling
Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
6. Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.
7. Data processor
Data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
8. Recepient
A recipient is a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
9. Third partyThird party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorised to process the personal data.
10. ConsentConsent means any freely given specific and informed indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
5. Legal basis for processingArt. 6 (1) lit. a) GDPR and Art. 9 (2) lit. a) GDPR (icw § 25 (1) German Telecommunications-Telemedia Data Protection Act (TTDSG)) serves our company as the legal basis for processing operations where we obtain consent for a specific processing purpose.If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 (1) lit. b) GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services.If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 (1) lit. c) GDPR.In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result their name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. In this case, the processing would be based on Art. 6 (1) lit. d) GDPR.Finally, processing operations could be based on Art. 6 (1) lit. f) GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the protection of a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not overweigh. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European law. In this respect, the legislature took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47, Sentence 2 GDPR).
6 Type and location of data processing6. 1 Processing methods
The provider processes the user data in a proper manner and takes appropriate security measures to prevent unauthorized access and the unauthorized forwarding, modification or destruction of data.Data processing is carried out using computers or IT-based systems in accordance with organizational procedures and practices that are specific to the purposes indicated. In addition to the Data Controller, other parties may operate this Application and have access to the Data, either internally (e.g. Human Resources, Sales, Marketing, Legal Department, System Administrators, IT Department) or externally (such as providers of technical services, delivery companies, hosting providers, IT companies or communication agencies), appointed by the Data Controller as Data Processors where necessary. An up-to-date list of these parties can be requested from the provider at any time.
6.2 Processed data types and data categories
The following data is stored and processed:Data processing as a user:- Your profile and contact data (profile name, e-mail address, child's name (optional), child's age- Your correspondence with us (messages via the feedback form and chat)- Online identifiers (user IDs, IP address, cookie IDs, shortened IP address, device push token)- Net Promoter Score- Progress (articles, tool onboardings)- Health data (results of questionnaires, diagnostic suggestions)- User-generated input (answers for tools)- User behavior within the app- Tracking data (after separate consent)
6.3 Purpose of data collection:
Personal data about the user is collected so that the provider can provide the service and also comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of users or third parties), detect malicious or fraudulent activity. In addition, the data may be used for internal research purposes (e.g. to prove effectiveness or to develop further products). We also collect your data to permanently guarantee the technical functionality, user-friendliness and further development of the app and for our own marketing purposes.In rare cases, the data is stored for the defense of legal claims or for fraud prevention.
6.4 Hosting:
Deutsche Telekom Healthcare and Security Solutions GmbH (operator of the Telekom Healthcare Cloud) is responsible for hosting the application. Deutsche Telekom's infrastructure is subject to particularly high security standards. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Find out more about the Telekom Healthcare Cloud at https://www.telekom-healthcare.com/cloud-und-sicherheit/cloud-plattform-gesundheitswesen/healthcare-cloud
6.5 Other services used:
- Metabase: Metabase Inc. (660 4th Street Suite 557 San Francisco, CA 94107, United States) as an in-house used, self-managed business intelligence tool (pursuant to Art. 22 6 para. 1 sentence 1 lit. b) and f) GDPR (contract performance and protection of legitimate interests)). The privacy policy of Metabase Inc. can be found here: https://www.metabase.com/privacy- Functional Software, Inc. (operator of Sentry.io) Processing by Functional Software takes place on the basis of the "Data Protection Addendum". Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); You can find out more about Functional Software's protection measures at: https://sentry.io/legal/dpa/
6.6 Transfer of data to third parties
In the context of the processing operations described in this privacy statement, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly mentioned this in the privacy policy for the service providers concerned. In order to protect your data in all other cases, we have concluded commissioned processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Article 49 (1) a) of the GDPR may serve as the legal basis for the transfer to third countries. This sometimes does not apply in the case of a data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.
7. Technology7.1 SSL/TLS-encryption
This site uses SSL or TLS encryption to guarantee the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact enquiries that you send to us as the operator. You can recognize an encrypted connection by the fact that the address bar of the browser contains a "https://" instead of a "http://" and by the lock symbol in your browser bar. We use this technology to protect your transmitted data.
8. Contents of our application8.1 Registration as a user
You have the option of registering on our website by providing personal data.Which personal data is transmitted to us in this process can be seen from the respective input mask used for registration. The personal data you enter is collected and stored exclusively for internal use by us and for our own purposes. We may arrange for data to be passed on to one or more data processors.By registering on our website, the IP address assigned by your internet service provider (ISP), the date and the time of registration are also stored. This is done only for the purpose of preventing our services from being misused. If necessary, this data may be used to clarify the situation surrounding any crimes committed. In this respect, the storage of this data is necessary for our protection.Your registration, also serves us to offer you content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely erased from our database.Upon request, we will provide you at any time with information about which personal data is stored about you. Furthermore, we will correct or delete personal data at your request, insofar as this does not conflict with any statutory retention obligations. A data protection officer named in this Privacy Policy and all other employees are available to the data subject as contact persons in this context.The processing of your data is in the interest of a convenient and easy use of our application. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f) GDPR.
8.2 Data processing for identity verification
Where necessary, we verify your identity on the legal basis of Art. 6 (1) lit. b) and f GDPR by using information from service providers. The authorization to do so results from the protection of your identity and the prevention of fraud attempts at our expense. The circumstance and the result of our enquiry will be stored in your customer account for the duration of the contractual relationship.
8.3 Contact support
Personal data is collected when contacting us (via e-mail). This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b) GDPR. Your data will be deleted after final processing of your request; this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and the deletion does not conflict with any legal obligations to retain data.
9. Newsletters9.1 Information emails to registered users
If you have provided us with your e-mail address when registering, we reserve the right to send you regular information about the app. This may include, for example, welcome emails, presentations of the benefits of the app, subscription information and subscription vouchers. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f) GDPR. You are entitled to object to the use of your email address for the aforementioned advertising purposes at any time with effect for the future. You will only incur transmission costs for this in accordance with the basic rates. Upon receipt of your objection, the use of your e-mail address for advertising purposes will be discontinued immediately.
9.2 Brevo (formerly Sendinblue)
This application uses Brevo to send newsletters. Provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany.Brevo is a service that can be used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of receiving newsletters will be stored on Sendinblue's servers in Germany.If you do not want analysis by Brevo, it is necessary to unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.With the help of Brevo, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked. In this way, we can determine, among other things, which links have been clicked on particularly frequently.In addition, we can see whether certain previously defined actions were performed after opening/clicking (conversion rate). We can thus see, for example, whether you have made a purchase after clicking on the newsletter.Brevo also allows us to divide newsletter recipients into different categories (so-called "clustering"). In doing so, the newsletter recipients can be subdivided by age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.For detailed information about Brevo's features, see the following link: https://www.brevo.com/features/.The data you have deposited with us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Sendinblue after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remains unaffected by this.You can view the privacy policy of Brevo at: https://www.brevo.com/legal/privacypolicy/.
9.3 Mailgun
Transactional e-mails are sent via the mail service provider Mailgun. The provider isSinch Mailjet, Frankreich. 4 rue Jules Lefebvre, 75009 Paris.The purpose of the data processing is the sending of newsletters. In doing so, Mailgun may use your data in pseudonymous form (without attribution to a user), to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletters or for statistical purposes. You will not be contacted by Mailgun itself, nor will your data be passed on to third parties.The use of the dispatch service provider is based on Art. 6 (1) lit. f) GDPR and a data processing agreement according to Art. 28 GDPR.If you do not want any analysis via Mailgun, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.For more information about Mailgun's privacy policy, please visit: https://www.mailgun.com/de/rechtliches/datenschutzerklaerung/
10. Web analytics10.1 Meta Pixel (formerly Facebook Pixel)
This Application uses the "Facebook Pixel" of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Meta"). The Pixel allows the behavior of users to be tracked after they have seen or clicked on a Meta advertisement. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimize future advertising measures.The data collected is anonymous for us and therefore does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). Meta and its partners are thereby enabled to place advertisements on and outside of Facebook. A cookie may also be stored on your computer for the described purposes.These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 (1) lit. a) GDPR.This US company is certified under the EU-US Data Privacy Framework. There is hereby an adequacy decision pursuant to Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.
10.2 Matomo and Appsflyer
We have integrated the Matomo component of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, and the Appsflyer components of the provider AppsFlyer Germany GmbH, Kurfürstendamm 11, 10719 Berlin, (https://www.appsflyer.com/legal/processing-customer-data/)into this Application. Matomo ans Appflyer are software tools for web analysis, i.e. for elicitation, collection and evaluation of data on the behaviour of visitors to our websites. Among other things, data is collected about the website from which a data subject has accessed a website (so-called referrer), which sub-pages of the website have been accessed or how often and for how long a sub-page has been viewed. This is used to optimise the website and for cost-benefit analysis of internet advertising.The software is operated on the server of the controller, the data protection-sensitive log files are stored exclusively on this server.
Matomo and Appflyer store a cookie on your IT system. Setting the cookie enables us to analyse the use of our application. Each time one of the individual pages of this website is called up, the internet browser on your IT system is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical procedure, we obtain knowledge of personal data, such as the IP address of the person concerned, which we use, among other things, to trace the origin of visitors and clicks.By using the cookie, personal information such as the access time, the location from which an access originated and the frequency of visits to our application are stored. Each time you visit our website, this personal data, including the IP address of the internet connection you are using, is transmitted to our server. This personal data is stored by us. We do not pass on this personal data to third parties.These processing operations are only carried out when express consent is given in accordance with Art. 6 (1) lit. a) GDPR.Additional information on the service can be found at the following link: https://matomo.org/privacy/ abgerufen werden.
11. Advertising
11.1 Google Ads (AdWords) Remarketing/Retargeting
Our application uses the functions of Google Ads. We use these to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). For this purpose, Google sets a cookie in the browser of your terminal device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you have visited.Additional data processing will only take place if you have granted Google permission to link your internet and app browsing history to your Google Account and to use information from your Google Account to personalise the ads you view on the web. In this case, if you are logged into Google while visiting our application, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data in order to form said target groups.These processing operations are only carried out when express consent is given in accordance with Art. 6 (1) lit. a) GDPR.The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. There is hereby an adequacy decision pursuant to Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.Additional information on the service can be found at the following link: https://www.google.com/policies/technologies/ads/.
11.2 Google Ads with Conversion-Tracking
We have integrated Google Ads into this application. The operating company of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an Internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google Ads allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed on topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.The purpose of Google Ads is to promote our application by displaying interest-relevant advertisements ads on the websites of third-party companies and in the search engine results of the Google search engine and a display of third-party advertisements on our website.If you access our application via a Google ad, a so-called conversion cookie is stored on your IT system by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, for example the shopping cart of an online store system, have been called up on our website. Through the conversion cookie, both we and Google can track whether a user has reached our website via an AdWords ad, generated a turnover, i.e. completed or cancelled a purchase of goods.The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our application. These visit statistics are in turn used by us to determine the total number of users who were referred to us via ads, i.e. to determine the success or failure of the respective Ads ad and to optimize our Ads ads for the future. Neither our company nor other advertisers of Google Ads receive information from Google by means of which you could be identified.By means of the conversion cookie, personal information, for example the Internet pages visited by you, is stored. Each time you visit our application, personal data, including the IP address of the internet connection you use, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on these personal data collected via the technical procedure to third parties.These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 (1) lit. a) GDPR.The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. There is hereby an adequacy decision pursuant to Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.Additional information on the service can be found at the following link: https://www.google.de/intl/de/policies/privacy/.
12. Plugins and other service
s12.1 Salesforce CRM-System
We use the CRM system of the provider salesforce.com Inc. ("salesforce"), One Market Street, Suite 300, San Francisco, CA 94105, USA.
Salesforce is a cloud-based CRM solution for managing customer relationships. All departments, (including e.g. marketing, sales, customer service as well as online and stationary trade) work on a common CRM platform. This is used, among other things, for structured contract processing and documentation of contract initiation. In the process, Salesforce is given full access to the customer data processed by us and stored in the cloud. This can include names, addresses, e-mail addresses and telephone numbers.If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a) GDPR. In the context of an employee relationship, corresponding data processing is carried out on the basis of § 26 German Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG]). The legal basis for the use of the service in the context of existing contractual relationships or contractual relationships to be initiated is Art. 6 (1) lit. b) GDPR. In all other cases, the legal basis for processing your personal data is Art. 6 (1) lit. f) GDPR. Here, our interest is in the effective coordination of internal as well as external communication and the management of customer relationships.This US company is certified under the EU-US Data Privacy Framework. There is hereby an adequacy decision pursuant to Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.Additional information on the service can be found at the following link: https://www.salesforce.com/de/company/privacy/.
12.2 12.2 "LamaPoll" survey toolTo conduct online surveys, the technology of Lamano GmbH & Co. KG, Prenzlauer Allee 36G, 10405 Berlin, hereinafter referred to as LamaPoll, is used to conduct online surveys. In order to ensure data protection-compliant processing, we have concluded an order processing contract with LamaPoll. Further information on the purpose of processing can be found under 6.3 of this privacy policy.LamaPoll is a web service for creating and conducting surveys. LamaPoll provides technical infrastructures and software solutions that enable its customers to create, conduct and analyse secure online surveys. It is expressly not part of LamaPoll's business to trade in data, pass data on to third parties, sell it or use it in any other way.The personal data collected as part of the survey is stored on the servers of the survey provider LamaPoll. LamaPoll will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions in relation to this data.All connections from LamaPoll's systems are encrypted according to the current state of the art as standard - so all data transmission is protected against eavesdropping by third parties. Furthermore, LamaPoll attaches great importance to the secure storage of data - all LamaPoll servers are hardened, protected by firewalls, virus scanners etc. and always patched with the latest security updates. The survey tool is regularly subjected to security checks and penetration tests, including by the German Federal Office for Information Security (BSI). All servers are located in Germany and are subject to German data protection and security regulations: The data centres used have independent TÜV certification in accordance with DIN ISO 27001.When you access a survey, information of a general nature is automatically recorded in addition to the individual response content. This data (server log files) includes- Time of access (date & time)- Your web browser- Your operating system- the survey accessed- if applicable, the website from which you accessed the survey (referrer URL)- IP addressThis is exclusively data that does not allow any direct conclusions to be drawn about your person. This data is technically necessary in order to correctly deliver the surveys you have requested and is mandatory when using the Internet. It is required for the operation, maintenance, protection and monitoring of the proper functioning of the system. In the event of misuse, these logs are used to create reproduction scenarios and, if necessary, evidence to be provided by us. In the event of an error, these logs are used to enable the system to be updated as quickly as possible. We only use this data if necessary and only for protection, maintenance and to ensure the proper operation of the system.Your data will be deleted as soon as the purpose for which it was collected has been fulfilled and we have no legitimate interest in continuing to store it or there are no legal requirements to do so.
13. Your rights as a data subject13.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data relating to you will be processed.
13.2 Right to information (Article 15 GDPR)You have the right to obtain information about the personal data stored about you at any time, free of charge, as well as the right to access a copy of such data from us, in accordance with the statutory provisions.
13.3 Right to rectification (Article 16 GDPR)
You have the right to request the immediate rectification of incorrect personal data relating to yourself. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
13.4 Erasure (Article 17 GDPR)
You have the right to demand that we erase the personal data relating to you be deleted without delay, provided that one of the reasons provided by law applies and if processing or further storage is not required.
13.5 Restriction to processing (Article 18 GDPR)
You have the right to request that we restrict the processing of your data if one of the legal requirements is met.
13.6 Data transferability (Article 20 GDPR)
You have the right obtain personal data relating to you that you provided us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us, to whom the personal data was provided, provided that the processing is based on the consent pursuant to Art. 6 (1) lit. a) GDPR or Art. 9 (2) lit. a) GDPR or on a contract pursuant to Art. 6 (1) lit. b) GDPR, and the data are processed using automated procedures, unless processing is necessary to complete a task, is in the public interest or is carried out in the exercise of an official authority assigned to us.Furthermore, when exercising your right to data transferability pursuant to Art. 20 (1) GDPR, you have the right to have personal data transferred directly from one controller to another, provided this is technically feasible and does not impede the rights and freedoms of other persons.
13.7 Objection (Article 21 GDPR)
You have the right to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Art. 6 (1) lit. e) (data processing in the public interest) or lit. f) (data processing on the basis of the weighing of legitimate interests) GDPR.This also applies to profiling based on these provisions pursuant to Article 4 Number 4 GDPR.Should you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling and legitimate reasons for such processing that outweigh your interests, rights and freedoms, or where processing serves the assertion, exercise or defence of legal claims.In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling where this is connected to this kind of direct marketing. Should you object to the processing of your data for direct marketing purposes, we will no longer process your personal data for this purpose.In addition, you have the right to object to our processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR for reasons arising from your particular situation, unless such processing is necessary for the performance of a task in the public interest.You are free to exercise your right to lodge an objection in relation to the use of information society services, Directive 2002/58/EC notwithstanding, by means of automated procedures using technical specifications.
13.8 Revocation of consent regarding data protection
You have the right to revoke any consent to the processing of personal data at any time with future effect.13.9 Lodging a complaint with a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
14. Routine storage, erasure and blocking of personal data
We process and store your personal data only for the period of time necessary to meet the storage purpose or as required by the legal provisions to which our company is subject.If the storage purpose no longer applies or if a required retention period expires, personal data will be routinely blocked or erased in accordance with the statutory provisions.
15. Version and amendments to the Privacy NoticeThis Privacy Policy is currently valid as of: Januar 2024Due to the further development of our Internet pages and offers or due to changed legal or official requirements, it may become necessary to change this Privacy Policy.
12.2 12.2 "LamaPoll" survey tool
