Privacy Policy
1. General information
The Tourismus-Agentur Schleswig-Holstein GmbH, Wall 55, 24103 Kiel, is the controller responsible for data processing on this website as defined in the European General Data Protection Regulation (GDPR). We respect your personal rights. We understand the importance of the personal information we receive from you as a user of this website. We respect the privacy of your personal data and will collect, store or process all data obtained exclusively in accordance with the relevant data protection regulations within the scope of the purpose of our business.
2. Definitions
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
3. Legal basis of the processing
If and to the extent that we obtain your consent for the processing of personal data, Article 6 (1) 1 (a) of the European General Data Protection Regulation (GDPR) serves as the legal basis.
The processing of personal data required for the fulfilment of a contract with you is based on Article 6 (1) 1 (b) GDPR. This also applies to processing operations that are necessary for carrying out pre-contractual measures.
Where the processing of personal data is required for the compliance with a legal obligation to which our company is subject, Article 6 (1) 1 (c) GDPR serves as the legal basis for the data processing.
If the processing is necessary, in order to safeguard a legitimate interest of us (or a third party) and if your interests, fundamental rights and freedoms do not outweigh said legitimate interest, Art. 6 (1) 1 (f) GDPR will serve as the legal basis for the processing. If information is stored on your end device, e.g. by means of cookies (see also 5.2 and 5.6, in particular), the permissibility of data usage will also be governed by Section 25 (1) – consent – or, in the case of mandatory storage processes, by Section 25 (2) No. 1 – communication process – or No. 2 – provision of a telemedia service – of the German Telecommunications-Telemedia Data Protection Act (TDDDG). Provided nothing to the contrary is stated, the legitimate interest of our company is in continuously optimising our services and presentations in order to constantly improve our services while appropriately taking your interests into account.
4. Data erasure and duration of storage
Personal data will be erased or blocked from use as soon as the purpose of the storage ceases to apply. Any further storage may be carried out if this is stipulated. The data will also be blocked from use if any storage deadline stipulated by the specified standards expires, unless there is a requirement for the further storage of the data on other legal grounds, which we must prove, e.g. due to legitimate interests in the defence of legal claims.
5. Collection of personal data
During visits to our website we will only process personal data if this is necessary to provide a functional website as well as for our contents and services, or if we have obtained consent. This otherwise applies if it is necessary to process the data due to statutory regulations.
We would like to inform you below about the type, scope and purpose of our data processing within the scope of this website:
5.1 Hosting the website
The website is hosted by Mittwald CM Service GmbH & Co.KG (https://www.sh-tourismus.de & www.sh-business.de). The host receives the data specified above as a processor on the basis of an agreement in accordance with the requirements of Art. 28 GDPR.
5.2 Server log files
Every time you visit our website, the user's access data required for use and billing purposes are stored on our server in a log file which your browser automatically transmits to us.
These include:
- Browser type/ browser version
- Operating system used
- Referrer URL
- Date and time of the server request
- IP address of the computer requesting the website (anonymisation of the last three digits)
- Website from which the access was made (referrer URL)
- Files accessed; status code; logs
- Amount of data transferred.
The log file is stored for the following purposes:
- Analysing file retrieval for statistical purposes;
- System security and the stability of the website
- Checking for non-contractual or otherwise illegal use, provided that there are actual indications for this.
The legal basis for this data processing is Art. 6 (1) 1 (f) GDPR. Our legitimate interest results from the data collection purposes that are specified above. We will not use the data collected for the purposes of identifying you under any circumstances. We will not merge this data with other data sources. This data will be erased automatically within one month if there are no particular indications that a longer storage period applies in the individual case.
5.3 Required cookies
After the user logs on to our website, what are known as “cookies” will be stored on the user's computer. Cookies are small text files stored in a designated directory on your computer. This file is used to identify the user's computer for the duration of the session. Cookies cannot manipulates the relevant end device of the user and can be deleted manually at any time, most easily in the browser.
You can individually adjust the settings of your Internet browser so that cookies are rejected or only accepted after confirmation. The cookies, what are known as “session cookies” here, are used to expand the functions of our Internet service and to make your use as convenient as possible. Please note that if you reject the use of cookies, you may be unable to use all the features of our application properly.
Processing data with cookies is necessary for the purposes mentioned to protect our legitimate interests and, if applicable, those of third parties in accordance with Art. 6 (1) 1 (f) GDPR, and Section 25 (2) German Telecommunications-Telemedia Data Protection Act (TDDDG).
5.4 Data in connection with your contact
If you send us enquiries by filling out the contact form, we will store your details from the form or an e-mail address you provide solely to process the relevant enquiry and to enable us to address any follow-up questions. We will not pass on this data to third parties without your consent. The corresponding data use is based on Art. 6 (1) 1 (b) GDPR within the scope of processing your request.
5.5 Webshop
If you wish to place an order in our webshop, in order to conclude a contract it is necessary for you to provide the personal data that we require to process your order. Mandatory information required to process contracts is marked separately; the disclosure of any further information is voluntary. We will process the data you provide to process your order. The legal basis for this is Art. 6 (1) 1 (b) GDPR.
You may voluntarily create a customer account, through which we can save your data for future purchases. When you create an account under “My account”, the data you provide will be stored on a revocable basis. You may delete all other data – including your user account – at any time in the customer area.
We may also process the data you provide in order to inform you about other interesting products from our portfolio, or to send you e-mails that contain technical information.
Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, we will restrict processing after two years, i.e. your data will only be used to comply with legal obligations.
In order to prevent unauthorised access by third parties to your personal data – in particular, financial data – the order process is encrypted using TLS technology.
We will also transmit your address data to the shipping service providers we use for the purpose of processing your order. The legal basis for this is Art. 6 (1) 1 (b) GDPR, as shipping is not possible without the use of a shipping service provider. We may also transmit your e-mail address to the shipping service provider for the purpose of informing you about the shipping status. In this respect, the shipping service provider will be obliged to use the e-mail address exclusively for the purpose of notifying you. The legal basis for this is our legitimate interest in ensuring that you receive your shipment as easily as possible and receive the best possible service from us, Art. 6 (1) 1 (f) GDPR.
5.6 Services from third-party providers
The use of third-party services – in particular, tracking tools and the cookies set in this context – will be based on Art. 6 (1) 1 (a) GDPR / Section 25 (1) German Telecommunications-Telemedia Data Protection Act (TDDDG) through your consent, which may be revoked at any time. With this, we want to guarantee the appropriate design and constant optimisation of our website (by using statistical evaluations, improving the availability and presentation of the contents as well as by integrating requested services).
5.6.1 Use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street; Dublin 4, Ireland.
Google Analytics uses what are known as “cookies”, text files that are stored on your computer and facilitate analysis of your use of the website. The information generated by the cookie regarding your use of this website is, as a rule, transmitted to and stored on a Google server in the USA. However, if IP anonymisation is activated on this website, your IP address will first be abbreviated by Google in the member states of the European Union or in other member states of the EEA (European Economic Area) Agreement. Google will use this information on behalf of this website’s operator to evaluate your use of this website, to create reports about website activities, and to provide additional services connected with the website and Internet use to the website operator. The IP address transmitted from your browser as part of Google Analytics will not be brought together with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the functions of this website in full.
We use Google Analytics exclusively to analyse data from double-click cookies (cookies set by Google), as well as ads for statistical purposes. Google Analytics supports an optional browser add-on for the standardised deactivation of these cookies. By downloading and installing the browser plugin that is available at the following link http://tools.google.com/dlpage/gaoptout?hl=de you can prevent the data generated by the cookie during your visit to the website and that is related to your use of the website (including your IP address) from being collected by Google. However, the add-on will only deactivate data collection by Google.
Furthermore, as the provider of the website, we have no knowledge of the content of the transmitted data or its use by Google. You will find further information about this in the Privacy Policy and Terms of Service of Google at https://www.google.de/intl/de/policies/.
5.6.2 Use of YouTube DEplug-ins
Our website uses the plug-in function of the YouTubeDE platform of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Every time you visit our website, a connection to YouTube's servers will be established. The YouTube server will be informed of your visit to our website. To our knowledge, no personal data will be stored here. However, if you are logged into your YouTube account, you would allow YouTube to allocate your browser history directly to your personal profile.
You have the option to deactivate this allocation if you log out of your account beforehand.
You will find further information about this in the Privacy Policy of YouTube at https://policies.google.com/privacy/youtube.
5.6.3 Use of Vimeo-Plugins
Our website uses components from the provider Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA. Every time a website is called up on which the Vimeo service is installed, the service used on that website will cause your browser to download corresponding data from Vimeo. If you visit our website and while doing so you are logged into Vimeo with your user account, Vimeo will use the information collected by the service installed on that website to recognise which specific site you are visiting and will allocate this information to your personal account with Vimeo if you have one. The information that you have visited our website will also be relayed to Vimeo. This will happen irrespective of whether you use relevant Vimeo functions on our website.
If you wish to prevent data about you and your behaviour on our website being sent to and stored by Vimeo, you must log out of Vimeo before you visit our site.
You will find the Vimeo Privacy Policy, in particular with regard to the collection and use of data by Vimeo, here: https://vimeo.com/privacy.
5.6.4 Use of Google Tag Manager
We use Google Tag Manager on our website, a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a service with which we integrate (and manage) tracking codes and associated code fragments (known as “tags”) on our website. This allows us to configure website tags as tracking tools for analysis and marketing purposes via a user-friendly web-based interface, and to make these available immediately on our website. This allows us to optimise tag deployment, reduce tag configuration errors and instantly amend and deploy tags via a web-based user interface.
Google Tag Manager itself does not create any user profiles, it does not store any cookies and does not carry out any independent analyses. It is only used to integrate and manage website tags. However, Google Tag Manager records your IP address, which may be transmitted to Google’s parent company in the USA.
With the help of this tag management service, we can automatically track which button, link or personalised image you have clicked on based on the tags triggered. This enables us to optimise our website for you and anyone else who is interested in our products and services, and to remove irrelevant content.
The use of Google Tag Manager on our website will only take place with your consent (Art. 6 (1) 1 (a) GDPR). Please refer to our Consent Management Tool for details and setting options for your currently defined consents.
You will find further information in the Terms of Service for Google Tag Manager at https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/
5.6.5 Use of Podigee
General information
We use the platform and services of Podigee GmbH, Schlesische Str. 20, 10997 Berlin (hereinafter “Podigee”). Our corporate profile at Podigee serves a number of communications purposes, such as providing general information, announcing events and in particular, providing our podcasts. In this context, personal data from you as a listener to our podcast will also be processed in part.
Please note that it is not necessary to use this service to contact us or to receive information from us.
You use our Podigee podcasts on your own responsibility. Podigee is solely responsible for operating the platform.
Processing by Podigee
When listening to or accessing our podcast provided by Podigee on our website or through third providers, data processing by Podigee is unavoidable. This data processing is orientated on the corresponding requirements of the portal operator, which you can view here: https://www.podigee.com/de/ueber-uns/datenschutz and in addition, on the guidelines of any third parties that may also be involved, such as streaming service providers.
Podigee uses hosting and analysis services from other service providers in order to offer access to the audio contents. Podigee also uses the streaming service Spotify here. We have no influence over the data processing carried out by Podigee or by any other third providers that are used. The details of the data processing carried out by Podigee can be found in the Privacy Policy specified above.
Processing by us
Podigee provides us with statistical evaluations of the access figures for our podcasts made through our website or third providers, including any advertising that is provided. This is exclusively statistical/anonymous data that does not allow any conclusions to be drawn about natural persons.
If you listen to our podcast, your data will be automatically included in these statistical records.
Further information
Please take all additional data protection information, in particular about the rights to which you are entitled, from our General Privacy Policy, which you can view here: www.sh-tourismus.de/datenschutz.
5.6.6 Use of Maptoolkit
We use the map service Maptoolkit to create directions and to display maps on our website. Maptoolkit is provided by Toursprung GmbH, Mariahilfer Str. 93/20, 1060 Vienna, Austria. When you access our website’s content, you will be connected to the servers of Toursprung GmbH. Your IP address and possibly browser data such as your user agent will be transmitted. This data is processed exclusively for the above-mentioned purposes, and to maintain the security and range of functions associated with Maptoolkit. The IP address is already anonymised from a technical standpoint before any further processing. Tracing back to individual persons is not possible.
The aforementioned data will only be stored during the period of use. You will find further information about this in their Privacy Policy at https://www.maptoolkit.com/de/privacy/.
5.6.7 Use of Matomo
We use the open source software Matomo to analyse and statistically evaluate the use of the website. Cookies are used for this purpose (see above). The information generated by the cookie regarding website usage is transmitted to our servers and summarised in pseudonymous usage profiles. The information is used to analyse the use of the website, and to facilitate a needs-based design of our website. The information will not be passed on to third parties. The IP address will not be associated with other data relating to the user. IP addresses will be anonymised so that no attribution to an individual is possible (IP masking). Your visit to this website is currently recorded by Matomo web analytics. Click here (https://matomo.org/privacy/) so that your visit will no longer be recorded.
5.6.8 Use of Google Pixel
Google Ads conversion tracking
We use the service Google Ads (formerly Adwords), which is provided by Google Ireland Limited, Gordon House, Barrow Street; Dublin 4, Ireland, to draw attention to our attractive offers with the help of ads on external websites. We can identify how successful individual advertising measures are in relation to the advertising campaigns. Here, we are pursuing the interest of showing you advertising that is interesting to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs.
Google supplies this advertising material using what is known as “Ad Server”. We use Ad Server cookies (a convention tracking tag or code snipe) for thus purpose, which can measure certain parameters to assess success, such as displaying ads or user clicks. If you reach our website via a Google ad, Google Ads will store a cookie on your PC (mostly in the browser). These cookies generally lose their validity after 30 days, and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (indicating that the user no longer wishes to be contacted) are usually stored as analysis values for this cookie.
These cookies enable Google to recognise your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google (and the customer) are able to recognise that the user has clicked on the ad and has been redirected to this page. A different cookie is assigned to each Ads customer. As a result, cookies cannot be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the these advertising measures. We only receive statistical analyses from Google. Based on these analyses, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.
On the basis of the marketing tools used, your browser will automatically directly connect to the Google server. We have no influence over the scope and further use by Google of the data that is collected as a result of using this tool, and can inform you of what we know accordingly: By integrating Ads Conversion Google receives the information that you have accessed the corresponding part of our internet presence or have clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, the possibility exists that the provider will find out your IP address and store it.
You can prevent participation in this tracking procedure in a number of ways: a) by setting your browser software accordingly, in particular rejecting third cookies will mean you will not receive any ads from third providers; b) by deactivating certain ads at Google via the link https://support.google.com/ads/answer/2662922?hl=de, where this setting will be deleted if you delete your cookies; c) by deactivating the interest-related ads from the provider that is part of the self-regulation campaign “About Ads”, via the link http://www.aboutads.info/choices, where this setting will be deleted if you delete your cookies; d) by permanently deactivating Firefox, Internet Explorer or Google Chrome in your browser, as described at the link https://support.google.com/analytics/answer/181881?hl=de. We must point out that in these cases you may not be able to use all the functions of this service in full.
You will find further information about data protection at Google:
http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.
Remarketing (in addition to Ads Conversion)
In addition to Ads Conversion, we use the application Google Remarketing. This is a procedure that we want to use to appeal to you again. This application allows our advertising to be displayed to you when you carry on using the internet after you have visited our website. This is realised by means of cookies stored in your browser, which are used by Google to record and analyse your user behaviour when you visit various websites. This also allows Google to recognise your previous visit to our website. According to its own statements, Google does not merge the data collected in the context of Remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymisation is used for the purposes of Remarketing.
5.6.9 Use of Meta Pixel
Our website uses the visitor action pixel from Facebook/Instagram, Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“Meta”) to measure conversions. This allows the behaviour of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook/Instagram ad. This allows the efficacy of Facebook/Instagram ads to be evaluated for statistical and market research-related purposes, and for future advertising measures to be optimised. The data collected is anonymous to us as the operator of this website; we are unable to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook/Instagram, in order to enable a connection to the respective user profile and so that Facebook/Instagram can use the data for its own advertising purposes in accordance with the Facebook/Instagram Data Usage Policy. This allows Facebook/Instagram to enable the placement of adverts on Facebook/Instagram pages and outside of Facebook/Instagram. This use of the data cannot be influenced by us as the website operator.
The legal basis for data processing is your consent in accordance with Art. 6 (1) a GDPR.
You can find further information on protecting your privacy in the Facebook/Instagram privacy policy:
https://www.facebook.com/about/privacy/
https://privacycenter.instagram.com/policy/
You may also deactivate the remarketing function “Custom Audiences” in the section “Settings for adverts”. You must be logged in to Facebook/Instagram to do so.
If you do not have a Facebook/Instagram account, you can deactivate use-based advertising from Facebook/Instagram on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/
5.6.10 Use of Google Fonts
This website uses Google Fonts, a web service API of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
By using Google Fonts, we can provide website visitors with a standardised and user-friendly presentation of our website and online offers. Upon accessing our website, your browser automatically loads the required web fonts from the Google servers into your browser cache, in order to display our texts in a visually improved way. For this purpose, your browser must connect to the Google servers, whereby your IP address is automatically transferred to the Google server in the USA. This provides Google with the information that our website has been accessed via your IP address. If your browser does not support this function (or you prevent access to the Google servers), a standard font will be used by your computer to display the website texts.
IP addresses are neither logged nor stored on Google servers and are not analysed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent and referrer URL). Access to this data is restricted and subject to strict control measures. To our knowledge, Google does not use any of the information collected by Google Fonts to create profiles of end users or to place targeted adverts.
The use of Google Fonts on our website only takes place with your effective consent (Art. 6 (1) 1 (a) GDPR). Please refer to our Consent Management Tool for details and setting options for your currently defined consents.
You will find further information about Google Fonts at https://developers.google.com/fonts, in the Google Privacy Policy at https://www.google.com/policies/privacy/ as well as in the Terms of Service for Google API at https://developers.google.com/terms.
5.6.11 Use of our Consent Management Tool (CMT)
Our website uses the CMT “Usercentrics Consent Management”, a web service provided by Usercentrics GmbH, Sendlingerstrasse 7, 80331 Munich (hereinafter “Usercentrics”).
We use this data to ensure the full functionality of our website, to inform the user about the use of cookies on our website and to obtain and record the user’s consent in accordance with the law.
The following data is automatically transmitted to the provider / technical service provider of our CMT:
- Anonymised IP address of the user;
- Date, time of consent;
- User agent of the end user’s browser;
- Website from which the access was established (referrer URL);
- Anonymous, random and encrypted key;
- The cookies authorised by the user (cookie status), which serves as proof of consent.
A key automatically generated by the CMT for the management/proof of consents granted and the consent status are also stored in a cookie in the end user’s browser. This allows the website to automatically read (and adhere to) the end user’s consent on all subsequent page requests and future end user sessions for up to 12 months.
The legal basis for data processing is Art. 6 (1) 1 (c) GDPR in conjunction with Section 25 (2) No. 2 German Telecommunications-Telemedia Data Protection Act (TTDSG). Only with an appropriate mechanism for granting and managing consent are we able to comply with the legal requirements.
You can prevent the collection and processing of your data by our CMT by deactivating the execution of script codes in the settings of your browser or by installing a script blocker in your browser.
You will find further information about the scope of data processing carried out by CMT in the privacy policy of our CMT provider at https://usercentrics.com/de/datenschutzerklaerung.
5.6.12 Newsletter
In order to add you to our e-mail distribution list, we need your confirmation or consent that you are the owner of the e-mail address provided, and that you agree to receive the notifications.
We use what is called the double opt-in process to register you for our newsletter. This means that after you register we will send an e-mail to the e-mail address given in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be erased. The data collected will be used exclusively to send our newsletter and to document your consent. In addition, we will store the IP addresses you use and the dates of registration and confirmation. The purpose of this procedure is to prove your registration and, if necessary, to detect any possible misuse of your personal data.
This will not be passed on to third parties.
The granting of this consent is voluntary. The legal basis for your consent results from Art. 6 (1) 1 (a) GDPR.
You may revoke your consent to the mailing at any time with effect for the future. Your data entered above will then be deleted immediately, and no further notification will be sent.
6. Your rights
Insofar as we process your personal data on our website, you are a “data subject” as defined in the GDPR. You have the following rights vis-à-vis our company:
6.1 Right of access
You can request us to confirm whether we are processing your personal data. If this is the case, you can request the following information from us:
- the purposes for which the personal data is being processed;
- the categories of personal data that are being processed;
- the recipients or categories of recipient to whom your personal data has been or will be disclosed;
- the envisaged period for which your personal data will be stored, or, if no concrete disclosures are possible here, the criteria used to determine that period;
- the existence of the right to lodge a complaint with a supervisory authority;
- all available information regarding the origin of the data, if the personal data has not been collected from you;
- the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Furthermore, you have the right to request information about whether your personal data is transferred to a third country or to an international organisation. In this context, you can request to be informed about the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transfer.
6.2 Right to rectification
You have the right to correct and/or complete your personal data if your processed data is incorrect or incomplete. If this is the case we will make the correction immediately.
6.3 Right to restriction of processing
Under the following pre-conditions you have the right to demand the restriction of the processing of your personal data if:
- you are contesting the accuracy of your personal data for a period enabling us to verify the accuracy of the data;
- the processing is unlawful, and you oppose the erasure of your personal data and request the restriction of its use instead;
- we no longer require your personal data for the purposes of the processing, however, you require the personal data for the establishment, exercise or defence of legal claims, or
- you have objected to the processing in accordance with Art. 21(1) GDPR and it has not yet been determined whether our legitimate grounds override your grounds.
If you have requested that the processing of your personal data is restricted, such personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State. You will be informed by us before the restriction is lifted.
6.4 Right to erasure
You can ask us to erase your personal data without undue delay. We are obligated to erase the data without undue delay if one of the following reasons applies:
- Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- You withdraw any existing consent on which the processing was based according to Art. 6 (1) 1 (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
- You file an objection against the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing.
- In accordance with Art. 21 (2) GDPR, you file an objection against the processing by means of direct marketing.
- Your personal data has been unlawfully processed.
- Your personal data must be erased to comply with a legal obligation in accordance with EU law or the law of a Member State to which we are subject.
- Your personal data has been collected in relation to the services offered by an information society as per Art. 8 (1) GDPR.
If we have published your personal data and are obliged to erase it in accordance with Art. 17 (1) GDPR, we will take appropriate measures – considering the available technology and the implementation costs – to
inform the controller(s) responsible for data processing that you have requested the erasure by such controllers of all links to, or copies or replications of such personal data.
Your right to erasure does not apply if processing is required
- to exercise the right to freedom of expression and information;
- to comply with a legal obligation which requires processing in accordance with EU law or that of a Member State to which we are subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in us;
- For reasons of public interest in the area of public health as per Art. 9 (2) 1 (h) and (i) as well as Art. 9 (3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89 (1) GDPR insofar as the right referred to in (1) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- the establishment, exercise or defence of legal claims.
6.5 Right to information
If you have exercised the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom your personal data has been disclosed of the rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about the recipients.
6.6 Right to data portability
You have the right to receive your personal data which you may have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit such data to another controller without hindrance from us, if
- the processing is based on a declaration of consent in accordance with Art. 6 (1) 1 (a) GDPR, or Art. 9 (2) (a) GDPR, or on a contract in accordance with Art. 6 (1) 1 (b) GDPR and
- the processing is carried out using automated methods.
In addition, you have the right to request the transfer of your personal data directly from us to another controller, insofar as this is technically feasible. This should not impair any other person's freedoms or rights.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
We currently do not assume that the data which is subject to the right to data transferability will be processed within the scope of our website offer.
6.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) 1 (e) or (f) GDPR, including profiling based on these provisions.
We will no longer process your personal data unless we can demonstrate compelling legitimate grounds worthy of protection for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for such purposes; this also applies to any related profiling.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to object by automated means using technical specifications.
6.8 Right to revoke the declaration of consent under data protection law
You are entitled to revoke your declaration of consent under data protection law at any time. Revoking your consent will not affect the legality of any processing that took place before the revocation.
Renew or change your cookie consent in our Consent Management Tool.
6.9 Automated individual decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not carry out such processing.
6.10 Right to lodge a complaint with a supervisory authority
You are entitled to appeal to a supervisory authority, without prejudice to any other rights of appeal, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
7. Responsibility for linked content
This website may also use links to the websites of other providers. This Privacy Policy does not apply in this respect. If personal data is collected, processed or used when using the websites of other providers, please note the information on data protection of the respective providers. We are not responsible for their privacy policy.
8. Disclosure of personal data to third parties
Your personal data will only be stored on our servers or on servers used on our behalf. Access to and use of the data is only possible for authorised employees or service providers and is also limited to the data required to perform the respective task.
Your data will not be transmitted to third parties without your consent. A data transfer to third countries (countries outside the European Economic Area - EEA) will not take place, unless otherwise stated in this Privacy Policy, and is also not intended in the future.
9. Data security
To protect your personal data, we have taken technical and organisational measures to ensure that your data is protected against accidental or intentional loss, destruction or tampering as well as access by unauthorised persons. Our protective measures are reviewed at regular intervals and adapted to technical progress if necessary.
10. Data Protection Officer
If you have any further questions with regard to the processing of your personal data, please contact our Data Protection Officer: compolicy GmbH, Schwedenkai 1, 24103 Kiel, info@compolicy.de.
11. Amendments to this Privacy Policy
We reserve the right to amend this Privacy Policy at any time if necessary and in consideration of the data protection regulations applicable at the time of the change.
Version as of: September 2024