With the following information, we would like to give you as a visitor to our website an overview on the processing of your personal data by us and your rights under data protection law. Which data is processed in detail depends to a large extent on your specific usage behaviour. Therefore, not every element of this information may be applicable to you.
1. Controller and contact details of the Data Protection Officer
The controller in terms of data processing on this online offering is
pei tel Communications GmbH
Rheinstraße 15 A
(hereinafter also referred to as the "Company")
You can reach our external Data Protection Officer under: email@example.com
2. Processing of personal data in connection with your use of our websites, applications and online platforms
a. Data categories, purpose of processing and legal basis
In the context of the use of our websites, applications or online tools (in the following sum-marised as “online offering"), we process the following personal data:
- Personal data that you yourself enter voluntarily in the context of an online offering (such as during registration, requests to contact you or in the context of participation in surveys, etc.), such as first and last name, E-mail address, telephone number, in-formation provided in the context of a support request, comments or forum posts and
- Information that is automatically sent to us by your web browser or terminal device, such as your IP address, device type, browser type, previously visited web pages, sub-pages visited or the date and time of each visitor request.
We will process your personal data for the following purposes:
- Technical administration of the website (Prevention and detection of fraudulent or similar acts including attacks on our IT infrastructure, enabling user authentication)
The legal basis for the processing of personal data for these purposes is Article 6 paragraph 1 lit. f) GDPR, regardless of whether a contractual relationship exists with you.
- Online and other services (Enabling the use of the services and functions of our online offerings, processing of enquiries, sending marketing information upon re-quest)
The legal basis for processing personal data for the purpose specified above is Arti-cle 6 paragraph 1 lit. b) and lit. f) GDPR. The visit to our online offering establishes a legal relationship similar to a contract in the sense of Article 6 paragraph 1 lit. b) GDPR. Without the processing of personal data, we cannot offer our online services as intended. In particular, the transmission of personal data such as the IP address is necessary for establishing the connection.
In some cases we will ask you expressly for your consent to the processing of your per-sonal data. In such a case, the legal basis for processing your personal data is the consent you have given in accordance with Article 6 paragraph 1 lit. a) GDPR in con-junction with Article 7 GDPR.
Within the framework of our online offering we also use so-called cookies. Cookies are small text files that are stored by your browser on your end device when you visit our website. Cookies contain information that is related to the context of use and your ter-minal device.
More information about cookies and similar technologies can be found here.
c. Google Analytics
This website uses functions of the web analysis service "Google Analytics". This ser-vice is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. Google Analytics enables us to analyse the usage behaviour of our online offering. The data obtained from this (hereinafter "Usage data") are used to op-timise our website and advertising measures.
During your visit to the website, the following usage data is recorded, among other things:
- Web pages called up
- Your activities on the websites
- Your approximate location (country and city)
- Your IP address (in anonymised form, see (i))
- Technical information such as browser, Internet provider, terminal device and screen resolution
- Source of origin of your visit (i.e. via which website or advertising medium you came to us)
Google Analytics stores cookies in your web browser for its services. These cookies contain a randomly generated user ID by means of which you will be recognised on fu-ture visits to the website. The recorded data is stored together with the randomly gen-erated user ID, which enables the evaluation of pseudonymous user profiles.
Google Analytics cookies are stored on the basis of Art. 6 paragraph 1 lit. a) GDPR in conjunction with Art. 7 GDPR. We will obtain the necessary consent from our users through our cookie banners as soon as they have called up our website.
(i) IP anonymisation
This website uses the function of a so-called "IP anonymisation" which means that your IP address is truncated by Google before your data is transferred to the USA from the EU or the EEA. Your full IP address will be transmitted to Google's servers only in exceptional cases; Google will then truncate the IP addresses af-ter transmission on its servers. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity. The IP address transferred by Google Analytics from your browser will not be combined with other data collected by Google.
(ii) Browser plug-in
You can prevent the storage of cookies by adjusting your browser software ac-cordingly. In that case, however, you will not be able to use all the functions of this website to their full extent. You can also prevent collection and processing of the data generated by the cookie relating to your use of the website (including your IP address) by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaopout?hl=de.
(iii) Objection to data collection
You can prevent collection of your data by Google Analytics by clicking on the fol-lowing link. An opt-out cookie is then set to prevent the collection of your infor-mation on future visits to this website: Disable Google Analytics.
For additional information on the handling of user data at Google Analytics, please refer to the data protection declaration of Google here.
If you would like to receive the newsletter mentioned on the website, we need an E-mail ad-dress and information that allows us to verify that you really are the owner of the E-mail ad-dress and agree to receiving the newsletter (double opt-in method). For personalisation of the newsletter, we will store personal data such as the first name, last name and company name. These data will exclusively be used for sending the requested information and for documenting your consent. To document your consent, we also store the IP address of the Internet connection from which you access our website, as well as the date and time of your registration. You may revoke your consent to storing data, the E-mail address and its use for mailing the newsletter at any time with an effect for the future, for example by clicking on the link “Unsubscribe” in the newsletter.
The legal basis for this processing is Art. 6 paragraph 1 lit. a) GDPR (consent).
We use an external provider for the administration and mailing of your newsletter. It goes without saying that this provider was selected carefully and committed to complying with all data protection rules pursuant to Article 28 GDPR.
e. Contacting us
Contact forms which can be used for electronic contact are available on our website. If a us-er takes advantage of these options, the data entered in the input mask is transmitted to us and part of the data is stored.
In this context, no data will be passed on to third parties outside the Company. The data will be used exclusively for processing the correspondence.
The legal basis for processing data transmitted in connection with sending an E-mail is Article 6 paragraph 1 sentence 1 lit. f) GDPR. If the aim of the E-mail contact is conclusion of a con-tract, Article 6 paragraph 1 sentence 1 lit. f) GDPR is a further legal basis for processing.
Processing the personal data from the input mask serves us to make contact and to prevent improper use of the contact form.
The data will be erased as soon as it is no longer necessary for achieving the purpose of col-lection. For the personal data from the input mask of the contact form and that sent by E-mail, this will be the case when the respective correspondence ends.
Users have the possibility to object to the processing of their personal data at any time. In such a case, the correspondence cannot be continued. Please send us your deletion re-quest via E-mail to firstname.lastname@example.org. In this case, all personal data stored in the course of the contact will be deleted.
3. Processing of personal data for customer satisfaction surveys and direct marketing
If you have given us your consent or if we are entitled to do so within the framework of exist-ing customer relations, your contact data will also be used for the purposes of direct market-ing (e.g. trade fair invitations, newsletters) or for conducting customer satisfaction surveys. You have the right to object to the use of your contact details for these purposes at any time. If you wish to exercise your right of objection in this respect, please write us an E-mail to email@example.com or follow the relevant instructions which you have received from us in any advertising mail. The legal basis for processing your data for advertising purposes is Article 6 paragraph 1 lit. f) GDPR in the case of existing customer relationships or Article 6 paragraph 1 lit. a) GDPR if you have given us your consent.
4. Processing of personal data of Business Partners
a. Data categories, purpose of processing and legal basis
Within the scope of cooperation with Business Partners, the Company processes personal data of contact persons at customers, suppliers, interested parties, sales partners and co-operation partners (hereinafter referred to as “Business Partners"):
- contact details such as first and last name, business address, business telephone number, business mobile number, business fax number and business E-mail ad-dress,
- payment information such as details required for processing payment transactions or preventing fraud, including credit card details and card verification numbers,
- other information, the processing of which is necessary within the framework of a contractual relationship and which is voluntarily provided by Business Partners, such as orders, inquiries or details of projects,
- we will also store your IP address and the date of your registration when you regis-ter for a customer account,
- personal data collected from publicly available sources, information databases or credit agencies, and
- as far as legally required in the context of compliance screenings: date of birth, identity card and ID numbers, information on relevant legal proceedings or other le-gal disputes involving Business Partners.
Personal data is also processed for the following purposes:
- Communication with Business Partners on products, services and projects, for ex-ample to process inquiries from the Business Partner or to provide technical infor-mation on products,
- Performance of contracts,
- Planning, execution and management of the contractual business relationship, for example to process orders for products and services, collect payments, for account-ing and billing purposes and to carry out deliveries, maintenance activities or re-pairs,
- Processing of registration for a customer account,
- Management of a customer account for pre-contractual services, for the fulfilment of the contract or for the purpose of customer cultivation (e.g. in order to provide you with an overview of your previous orders with us or in order to be able to offer you the so-called memo function),
- Conducting customer surveys, marketing campaigns, market analyses, competi-tions, etc.,
- Maintenance and protection of the safety of our products and our websites, pre-vention and discovery of safety risks, fraudulent activities or other criminal offences or acts carried out with the intent to cause damages;
- Comparison of personal data with US sanctions lists based on the European regu-lations 2580/2001 and 881/2002,
- Compliance with (i) legal requirements (e.g. tax and commercial retention require-ments), (ii) existing obligations to conduct compliance screenings (to prevent white-collar crime or money laundering), and (iii) policies and industry standards; and
- Settling legal disputes, enforcing existing agreements as well as asserting, exercis-ing and defence against legal claims.
Processing personal data is necessary to achieve the aforementioned purposes. Unless expressly stated otherwise at the time of collection of personal data, the legal basis for da-ta processing is
- the execution and performance of a contract with you or for carrying out pre-contractual measures under Article 6 paragraph 1 lit. b) GDPR,
- the fulfilment of legal obligations to which the undertaking is subject under Article 6 paragraph 1 lit. c) of the GDPR, or
- safeguarding legitimate interests under Article 6 paragraph 1 lit. f) GDPR. The legit-imate interest lies in the initiation, implementation and handling of the business re-lationship in commercial transactions.
If you have expressly given your consent to processing your personal data in individual cases, this consent is the legal basis for processing in accordance with Article 6 paragraph 1 lit. a) GDPR.
5. Processing of personal data of applicants
a. Categories of data and purpose of data processing
Within the framework of the application procedure, we process the following categories of personal data:
- personal data (first and last name, date of birth, address, school-leaving certificate)
- communication data (telephone number, mobile number, fax number, E-mail address)
- data on assessment and evaluation in the application procedure
- data on education (school, vocational training, civilian / military service, university edu-cation, doctorate)
- data on the previous professional career, training and work certificates
- information on other qualifications (e.g. language skills, PC skills, voluntary work)
- application photo
- details of the desired salary
- application history
- Social media links (link to Xing or LinkedIn profile, if data transfer from these profiles was selected)
Personal data that you provide us with in the context of your application will be stored and used exclusively for the purpose of processing your application and, if applicable, for the purpose of the subsequent employment.
b. Legal basis of data processing
The processing of your personal data in the context of the application procedure is based on Article 6 paragraph 1 lit. b) GDPR (establishment and execution of a contract) as well as Sec. 26 (1) sentence 1 German Data Protection Act (BDSG).
Any further processing of applicant data will take place only on the basis of an explicit decla-ration of consent. This is particularly the case if we are unable to offer you a current vacancy in the Company, but consider your application suitable for future positions. The storage and processing of your data in this respect will then be based on your consent in accordance with Article 6 paragraph 1 lit. a) GDPR).
The storage and processing of your data for forwarding to other companies of the group is also based on your consent in accordance Article 6 paragraph 1 lit. a) GDPR.
c. Transfer of data
Your data will be made available to the relevant members of the Human Resources Depart-ment and to the employees or managers of the department(s) responsible for the position for which you have applied.
In the case of an unsolicited application, your documents will be made available to the rele-vant members of the Human Resources Department and to the responsible employees or superiors of the relevant departments for whom your application might be of interest.
We will not forward your application data to affiliated subsidiaries or parent companies un-less your application also relates to these companies or is kept open for this purpose. We also use contract processors (e.g. IT service providers). Your data will be passed on to them in strict compliance with the obligation of secrecy and the requirements of the GDPR. The processors commissioned by us may process the data only for us and not for their own pur-poses. Responsibility for data processing in these cases remains with us.
Data will also be passed on if we are obliged to do so by law and/or official or court orders.
d. Transfer of personal data to third countries
Our Company is part of a group of companies in which personnel responsibilities may ex-tend beyond national borders. For this reason, responsible superiors in other countries may also have access to your application data. These data processing operations are necessary for the decision on the establishment of an employment relationship. In addition, data trans-fer to third countries also takes place when your data is included in the Talent Pool. This means that our affiliated foreign units also have access to your application data.
When data are transferred to a body in a third country, relevant guarantees for the protec-tion of your personal data ensure that the data protection level of the European Union is observed.
e. Erasure periods for application data
If no employment is established, the application documents will be erased six months after a candidate has been turned down. The legal basis for storage in this respect is Article 6 par-agraph 1 lit. f) GDPR. Our legal interest in this respect is the defence against any claims arising from the German General Equal Treatment Act (“AGG”). In all other respects, the general erasure periods and notes under Clause 8 apply.
f. data protection and privacy with Bridge
For all PTC5 and Platform6 generation phones, an online service called “Bridge” is available for configuration and management of phone books and for location tracing. This document discloses which data are stored in order to perform the services and where, along with how secure transfer is ensured.
Bridge is a virtual computer hosted by MITTWALD (https://www.mittwald.de/) at a data center in Germany. This provider provides the technical infrastructure, while the design and imple-mentation of the service are performed exclusively by the company pei tel.
When Bridge is used, phones connect to Bridge and share data. The phone always logs in to Bridge for the first time using the IMEI (worldwide unique ID of the built-in modem) and will transmit the following data to bridge upon request:
- important current configuration settings, including SIM settings, but never the
- online password, PINs, etc.;
- some statistics, such as version information, connected hardware, connection quality;
- phone book data; and
- periodically, the phone’s current position (can be adjusted in settings).
In turn, Bridge can do the following:
- transmit configurations to the phone, thereby changing the way the phone works;
- transmit data for the phone book; and
- provide update data (if the phone requests this).
This transfer takes place only if:
- the phone is registered with Bridge with a valid user (who does not have to be online) and
- the phone and Bridge can confirm each other’s identity (not in the pre-release).
The phone can receive and process a de-registration from Bridge if a user has deleted their account while the phone was offline. All data transfers take place with basic encryption (TLS). In addition, however, data content is always encrypted with a personal “preshared key” between Bridge and the device using SHA128/CBC (not in the pre-release). This re-places checking of certificates, which is highly problematic in the embedded segment, and closes potential security gaps for PTC5 devices that only support TLS1.0. The “preshared key” is located in the device’s flash and can never be read out, but can be deleted by re-storing the device to factory settings. On Bridge, this key is centrally assigned in encrypted format to the device (this means there is exactly one key for each device for the implementa-tion).
Bridge manages the data transferred in a database, MariaDB, which is also encrypted and whose key is requested externally when the system is started. Consequently, an external backup of the system cannot be used to read out data. These data are actively processed for display by the Web server, which can only be contacted via TLS (lock symbol in browser). To this end, users are required to authenticate themselves on the server (e-mail address as user name and password). Alternative login methods (such as Google ID) are not imple-mented. The user is required to activate access to their device using the device’s IMEI and the online password (which the user can change after registering the device for the first time and is never stored in the database) one time via SMS service (alternative data path linked to phone number). Since there are also hardware without MMI (voice box) and fleet users, manual interaction on the device (entering a pre-set key) was deliberately not used. This means it is even more important for the customer to personalize their online password, which is also used, in particular, for SMS-based services.
To provide customer services, selected parts of the device configuration are visible to em-ployees of pei tel outside of Bridge. Specifically, these are:
- version information, including historical version information;
- status information on help in case of errors; and
- during the pre-release phase, location information (eliminated after release).
Bridge administrators (pei tel developers) have full access to all data in keeping with their function, but have received relevant instructions and undertaken an obligation to safeguard secrecy.
There is no further processing or sharing of data outside of Bridge.
As a result of log mechanisms, personal data may be present in log areas for a limited time during procedures on Bridge. These data are subject to automatic erasure rotation and are systematically reduced in the course of the further development and evolution of Bridge. In the absence of publicly accessible alternatives, the Bridge server is used under an alterna-tive domain name (virtual host) with a second developer database for further development.
6. Social media
We use links on our website to some social networks to draw attention to our services and products and to engage with you as a visitor and user of these social media sites and our online offering.
The legal basis for data processing in these cases is Article 6 paragraph 1 sentence 1 lit. f) GDPR. Insofar as the use of social media results in a transfer to a so-called third country, the legal basis is Article 6 paragraph 1 lit. a) GDPR in conjunction with Article 7 GDPR (see Clause 8). You provide the relevant declaration of consent in the context of our cookie ban-ner.
You will recognise the specific links by the logo of the respective social network. By clicking on the logo, a direct connection will be established between your browser and the server of the respective service and you will be redirected to the website of the service provider.
These are not so-called social PlugIns which establish a connection and data transfer to the respective social network as soon as our website is called up. We point out that you use the following services and their functions at your own risk. Please also note that the terms and conditions and data processing guidelines of the respective networks and platforms apply when calling up the respective networks and platforms. In detail, these are the following third-party providers:
This website uses the YouTube video platform which is operated by YouTube, LLC, (herein-after "YouTube"). YouTube is a platform that allows uploading and playing back video files.
When you call up a corresponding page of our offer, the embedded YouTube player estab-lishes a connection to the YouTube servers so that video and audio files can be transmitted and played back. In the course of this, data will also be transferred to YouTube as the con-troller. We are not responsible for the processing of such data by YouTube.
For additional information on the scope and purpose of the collected data, further pro-cessing and use of the data by YouTube, your rights and the data protection options you may select, please consult the privacy information of YouTube.
This online offering also establishes a link to the services of the company "Facebook Ireland Ltd." (hereinafter "Facebook").
When you visit our Facebook fan page, Facebook especially records your IP address and, if applicable, other information that is available on your PC in the form of cookies. This infor-mation is used to provide us as the owner of the Facebook fan page with statistical infor-mation about the usage of the Facebook page.
In addition, Facebook provides us with so-called page insights data. We are jointly respon-sible with Facebook for this processing of data. The insights data page is anonymous statis-tics that we use to evaluate the quality of our Facebook page and our content. These statis-tics are compiled on the basis of usage data that Facebook collects about your interaction with our Facebook page; we do not have access to this usage data. Facebook has commit-ted itself to us to take primary responsibility for the processing of the insights data page and compliance with your rights according to the EU General Data Protection Regulation and to provide you with the essentials of the applicable agreement. For more information on page insights, see: www.facebook.com/legal/terms/information_about_page_insights_data
Our web pages also contain links to the Instagram service. These are offered and operated by Instagram Inc. based in the USA.
For further information, please refer to the data protection declaration of Instagram: http://instagram.com/about/legal/privacy/.
d. Google AdWords
We use the "Google AdWords" service on our website and, in this context, also the so-called conversion tracking. Google Conversion Tracking is an analysis service of Google Inc. based in the USA (hereinafter "Google“). If you click on an ad placed by Google, a conver-sion tracking cookie will be filed on your device. These cookies have only limited validity. If you visit certain pages of our website and the cookie in question has not yet expired, Google and we will be able to see that you have clicked on the ad and have been redi-rected to our website.
The information that is collected with the help of the conversion cookie is used to create so-called conversion statistics. This tells us the total number of users who clicked on one of our ads and were redirected to a page tagged with a conversion tracking tag.
You can prevent the storage of cookies by selecting the appropriate technical settings in your browser software. However, we would like to point out that, in this case, you may not be able to use all the functions of this website to their full extent. In that case, you will not be included in the conversion tracking statistics.
There is a link to Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A., on the short messaging service subpage of our website. The data controller for indi-viduals living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.
By using Twitter, you agree that your personal data is collected, transferred, stored, dis-closed and used by Twitter Inc. and transferred to, and stored and used in the United States, Ireland and any other country in which Twitter Inc. does business, regardless of your country of residence.
First, Twitter processes any information you voluntarily provide, such as your name and user ID, E-mail address, phone number, and the contacts in your address book when you upload or sync it. Furthermore, Twitter also evaluates the content you share to determine what top-ics you are interested in and may store and process confidential messages.
f. Google Maps
This website uses Google Maps to display interactive maps and to create directions. Google Maps is a mapping service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using the Google Maps services, information about the use of this website, including your IP address and the (starting) address entered as part of the route planner function, may be transmitted to Google in the USA. When you visit our web-site, your browser establishes a direct connection with Google's servers. The map content is then transmitted directly to your browser and integrated into our website by it.
We have no influence on the further processing and use of the data by Google.
For further information on the scope of data processing by Google Inc., please consult the data protection notice of Google.
g. Adobe Typekit Web Fonts
Our online offering uses so-called web fonts from Adobe Typekit for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When you call up our pages, your browser loads the required fonts directly from Adobe in order to be able to display them correctly on your terminal device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This allows Adobe to know that your IP address has been used to access our website. According to Adobe, no cookies are stored when providing the fonts.
The use of Adobe Typekit Web Fonts is necessary to ensure a consistent typeface on our website. This constitutes a legitimate interest as defined in Article 6 paragraph 1 lit. f) GDPR.
7. Recipients and categories of recipients
Within our Company, access to your data is granted to those bodies that need it to fulfil their contractual and legal obligations. Service providers and agents appointed by us may also receive the data for these purposes if they commit to protecting confidentiality and integrity. These are companies in the IT services, telecommunications and sales and marketing cate-gories.
As far as passing on data to recipients outside our company is concerned, it must first be kept in mind that we will pass on only necessary personal data, observing all regulations on data protection. As a matter of principle, we may pass on information about you only if this is required by law, you have given your consent or we have otherwise been granted authority. Under these circumstances, recipients of personal data may, for example, be:
- public authorities and institutions (such as authorities prosecuting criminal acts) if based on a statutory or regulatory obligation,
- other group-affiliated companies for risk management purposes due to legal or regulatory obligations,
- service providers whom we involve in connection with contract data processing relationships.
Within the scope of contract processing, we pass on your data to the transport company commissioned with the delivery of the goods or to the financial service provider on the basis of Art. 6 paragraph 1 lit. b) GDPR insofar as the transfer is necessary for the delivery of the goods or for payment purposes.
8. Transfer to third countries
Data transfer to bodies in states outside the European Union (so-called third countries) will take place to the extent
- this is required for performance of the contractual relationship (such as shipment or-ders),
- it is required by law (such as obligatory reporting under tax law), or
- you have given us your consent.
Furthermore, the transmission of data to third countries for the purpose of maintaining and ensuring the IT operation and IT security of the Company cannot be ruled out.
The use of our range of social media and map services may result in data transmissions and subsequent processing of usage data by the respective services in the U.S. The basis for any processing activities is your explicit declaration of consent which you have given via the cookie banner. Your declaration of consent justifies such data processing by way of excep-tion and on a case-by-case basis pursuant to Article 49 paragraph 1 lit. a) GDPR. Please note that data protection which would be comparable to the level in the EU and EEA does not exist in the United States. In particular, it is possible that state authorities may access your personal data on the basis of legal authorisations without us or you being informed. There are no comparable opportunities for enforcing the law of another country in the U.S. so that this does not appear promising.
Possible data transmissions exclusively take place in automated form in connection with the use of our social media offerings and Google's map services and with the help of cookies.
9. Retention period
We process and store your personal data as long as is necessary for the fulfilment of our contractual obligations and the exercise of our rights.
The revocation of any consent given previously will be stored for three years (accountability). The administrative cookie will be deleted 6 months after the last visit. Server log data is de-leted or anonymised after seven days at the latest, unless further storage is required for ev-identiary purposes. Data on newsletters and invitations will be deleted as soon as you un-subscribe.
In individual cases, longer storage of data for the purpose of providing evidence may be jus-tified in legitimate individual cases. According to Secs. 195 et seqq. German Civil Code (BGB), this statute of limitations may be up to 30 years, the regular statute of limitations be-ing 3 years.
10. Data security
For reasons of security and to protect the transmission of confidential contents such as or-ders or inquiries that you send to us as the site operator, this website with our online offer-ing has implemented SSL or TLS encryption. You will recognise an encoded connection by the change in the address line of the browser from “http://” to “https://” and the lock symbol in your browser line.
Our staff and the providers we have hired are committed to confidentiality and compliance with the provisions of the applicable data protection laws. The Company takes adequate technical and organisational security measures to protect your personal data against loss, modification, destruction, access by unauthorised persons or unlawful transfer. Our security measures are being improved on an ongoing basis in accordance with technological devel-opment.
11. Rights of data subjects
Every data subject has the right to information pursuant to Article 15 GDPR, the right to rec-tification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to limitation of processing pursuant to Article 18 GDPR, and the right to data portability pursuant to Article 20 GDPR.
As far as the right to obtain information and the right to erasure are concerned, the re-strictions pursuant to Secs. 34 and 35 BDSG are applicable. Moreover, there is a right to appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Sec. 19 BDSG).
Your consent to the processing of personal data granted to us may be withdrawn at any time by informing us accordingly. This also applies to the withdrawal of declarations of con-sent given to us before the effective date of the GDPR, i.e. before 25 May 2018. Note that this withdrawal will be valid only for the future.
You also have the right to object at any time, for reasons arising from your particular situa-tion, to the processing of personal data concerning you, in particular on the basis of Article 6 paragraph 1 lit. f) of the GDPR. If you do object, we will no longer process your personal da-ta unless we have compelling justified reasons for such processing which override your in-terests, rights and freedoms. This will especially be the case where processing is required for asserting, exercising or defending legal rights.
In accordance with Article 22 GDPR, you also have the right not to be subject to fully auto-mated decision-making. As a matter of principle, we do not use fully automated decision-making processes to establish, perform or terminate a business relationship. In the event that we should use such processes in individual cases (for example to improve our products and services), we will inform you of this and of your rights in this respect separately if pre-scribed by law.
For more information and explanations regarding the above rights, please visit the website "Rights for citizens“ of the European Commission.
12. Obligation to provide data
Within the scope of our online service, we rely on the processing of such usage data that is necessary for the implementation and termination of the service and for the fulfilment of the associated obligations. Without the collection of usage data, we and our service providers are not able to provide you with our online offering.
We do not automatically process your personal data in such a way that it has a legal effect on you or significantly affects you in a similar manner.