Data Protection Declaration in Accordance with the EU General Data Protection Regulation (EU GDPR)

Our website can normally be used without disclosing personal data. If personal data are collected during a visit to our websites, we will process them solely according to the EU General Data Protection Regulation (Regulation (EU) 2016/679; EU GDPR), the German Data Protection Act of 30 July 2017 (BDSG as amended) and the German Telemedia Act (TMG). Personal data will be processed solely according to this data protection declaration.

This data protection declaration applies to the use of the web address at www.melles-stein.de. Linked content of other providers is covered by the data protection declarations on these linked websites.

We wish to point out that security gaps may occur while data are being transmitted via the internet. These gaps cannot be prevented by the technical design of this website. When using the internet, complete protection and security of personal data are not possible.

I. Name and Address of the Responsible Party
The party responsible as defined by the General Data Protection Regulation and other national data protection legislation of the EU member states and other data protection provisions is:

Melles & Stein Messe-Service AG
Bahnstraße 1
D-40699 Erkrath
Germany

Phone: 0211 / 24 08 77-0
Fax: 0211 / 24 08 77-77
E-mail: info@melles-stein.de
https://www.melles-stein.de/

II. Name and Address of the Data Protection Commissioner
The Data Protection Commissioner of the party responsible is:

Olaf Boehm
Radstädterweg 6
D-40789 Monheim
Germany

Phone: 02173 / 16 53 31 11
E-mail: datenschutz@datenschutz-boehm.de

III. Website Hosting

1. Website Hosting
Our website is operated on a web server of xserv in Germany. xserv is operated by xdot GmbH (xdot GmbH, Feldstiege 78, D-48161 Münster, Germany, www.x-serv.de).

2. Data Collected
When calling up our websites, data are collected automatically and stored in log files on the server of our host. These data may display personal references. The data collected includes:

•    the name of the website retrieved
•    the date and time it was retrieved
•    the quantity of data transmitted
•    a report on the successful retrieval
•    the type of internet browser
•    the version of internet browser
•    the operating system powering the browser including the patch level
•    any previously visited site/s
•    the provider making the enquiry
•    IP addresses in anonymised form

3. Purpose of Data Collection by the Host
The host uses the data collected to operate the website and to ensure IT security. The protocol data may be analysed retrospectively where appropriate.

4. Duration of Data Storage by the Host
Data stored by the host are automatically deleted after 14 days.

IV. Managing the Website

Our website is managed by bgp e.media (bgp e.media GmbH, Max-Planck-Ring 62a, D-46049 Oberhausen, North Rhine-Westphalia, Germany, Phone: + 49 208 - 409 630 0, Fax: + 49 208 - 409 630 29, e-mail: emedia@bgp-emedia.de, internet: www.bgp-emedia.de). Where appropriate, employees of bgp e.media will have access to the data entered by you on our site. This may include data in the following categories:

  • personal master data
  • communications data
  • logged data

Data is accessed solely on behalf of Melles & Stein Messe-Service AG as part of its technical management of the website. Your data will not be passed on under any circumstances. We have a legally valid agreement with bgp e.media concerning the secure contract processing of your personal data in the newsletter tool.

V. General Remarks on Data Processing
For reasons of security and in order to protect the transfer of confidential content such as the enquiries you send to us as the operators of this site, this site uses SSL encryption. You can recognise an encrypted link if the address line of the browser changes from "http://" to "https://" and by the padlock symbol in your browser line.

When SSL encryption is activated, the data you send us cannot be read by third parties.

1. Extent of Processing of Personal Data
Essentially, we collect and use our users' personal data only if this is necessary to provide our content, services and a functioning website. We collect and use our users' personal data only after we have obtained their permission. Exceptions apply only in those cases in which it is not possible to obtain consent beforehand for objective reasons and where processing of the data is not permitted by legislation.

2. Legal Basis for Processing Personal Data
If we obtain the consent of the person concerned to process personal data, Art. 6, Paragraph 1 (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.

When processing personal data in order to fulfil a contract or another legal agreement where the contractual party is the person concerned, Art. 6, Paragraph 1 (b) GDPR serves as the legal basis. This also applies to processing procedures required to carry out pre-contractual procedures.

If processing personal data is required to fulfil a legal requirement to which our company is subject, Art. 6, Paragraph 1 (c) GDPR serves as the legal basis.

Should vital interests of the person concerned or of another natural person make it necessary to process personal data, Art. 6 Paragraph 1 (d) GDPR serves as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party and the interests, basic rights and freedoms of the party affected do not outweigh the former interests, Art. 6, Paragraph 1 (f) GDPR serves as the legal basis for processing.

3. Deleting Data and Duration of Data Storage
The personal data of the affected person is deleted or blocked as soon as the reason for storage no longer applies. Data may also be stored if this is provided for by European or national legislatures in EU regulations, legislation or other regulatory provisions to which the party responsible is subject. Data is also blocked or deleted if a prescribed deletion deadline expires unless there is a need for continued storage of the data in order to conclude or to fulfil a legal agreement.

VI. Providing the Website and Developing Log Files

1. Description and Extent of Data Processing
Every time our internet site is called up, our system automatically records data and information from the computer system of the user calling our site.

In the process the following data are collected:

•   information on the browser type and the version used;
•   the user's operating system;
•   the user's IP address (in anonymised form)
•   the date and time accessed;
•   websites from which the user's system gained access to our internet site;
•   websites called up by the user's system through our website.

The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. The Legal Basis for Processing Data

The legal basis for the temporary storage of the data and the log files is Art. 6, Paragraph 1 (f) GDPR.

3. The Purpose of Processing Data
The system needs to store the IP address temporarily in order to transmit the website to the user's computer. To do this, the user's IP address must remain stored for the duration of the session.

Data is stored in log files in order to ensure the functionality of the website. We also use the data to optimise the website and to ensure that our information systems are secure. The data are not evaluated for marketing purposes in this context.

These purposes also include our legitimate interest in data processing in accordance with Art. 6, Paragraph 1 (f) GDPR.

4. Duration of Data Storage
The data are deleted as soon as they are no longer needed to achieve the purpose they were collected for. If the data were recorded to make the website available, the data are deleted when each session is terminated.

5. Options for Objection to Storage, Use and Removal of Data
Recording data in order to make the website available and storing the data in log files is absolutely necessary in order to operate the internet site. Users therefore have no opportunity to object to this.

VII. Use of Cookies
a) Description and Extent of Data Processing

Our website uses cookies. Cookies are text files that are stored in the internet browser, i.e. the internet browser stores these files on the user's computer system. If a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that makes it possible to clearly and unambiguously identify the browser if the website is called up again.

We use cookies in order to optimise our websites. To do this, we use so-called session cookies which make it possible to recognise a user's computer while visiting our sites. Session cookies are automatically deleted by your browser after a user's visit is ended.

The user's session ID is stored in the cookies.

We also use cookies that recognise your system again between sessions. Cookies stored on your system for this purpose are not deleted after the end of individual sessions. These are cookies that analyse surfing behaviour and make it possible to canvas users in a targeted manner.

This allows the following data to be transmitted:

1)   origin (country and town);
2)   language;
3)   operating system of the visiting computer;
4)   type of device (PC, tablet or smartphone);
5)   type of browser and add-ons used;
6)   the resolution of the computer;
7)   the origin of the visitor, e.g. Facebook, a search engine or referring site/page;
8)   search terms entered;
9)   frequency of site visits;
10)   use of website functions;
11)   overall visiting time and duration of visits to individual pages;
12)   the ultimate origin of the visitor;
13)   other websites visited.

The user data collected in this way are pseudonymised using technical methods. This means that it is no longer possible to assign the data to the visiting user. These data are not stored together with other personal user data.

When calling up our website, users are informed by means of an information banner about the use of cookies for purposes of analysis and are asked for their permission to process their personal data in this connection. In this context, reference is also made to this data protection declaration. You will find further information on this subject and related options for preventing website tracking in this data protection declaration.

b) The Legal Basis for Processing Data

The legal basis for processing personal data using cookies required for technical reasons is Art. 6, Paragraph 1 (f) GDPR.

The legal basis for processing personal data using cookies for purposes of analysis is Art. 6, Paragraph 1 (a) GDPR, provided the related consent has been obtained from users.

c) The Purpose of Processing Data

Cookies are required for technical reasons in order to simplify the use of websites for users. Some functions on our internet site cannot be offered without the use of cookies. To do this, it is necessary to be able to recognise the browser again after a change of page/site.

The user data collected by cookies required for technical reasons are not used to produce user profiles.

We use cookies from Google Analytics to carry out analyses of our website and to place targeted advertisements.

We use analysis cookies to improve the quality of our website and its content. The use of analysis cookies helps us find out how the website is used, which helps us to permanently optimise our offer.

It is for these reasons that we have a legitimate interest in processing personal data in accordance with Art. 6, Paragraph 1 (f) GDPR.

d) Duration of Data Storage; Options for Objection and Removal

Cookies are stored on users' computers where they are then transmitted to our site. This gives you the user full control over how cookies are used. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. However, if cookies for our website are deactivated, it may no longer be possible to use all functions on our website to their full extent.

VIII. Application and Registration in the Job Applicant Portal
1. Description and Extent of Data Processing

Our internet site offers users the opportunity to register their personal data when applying for jobs. The data are entered into an input mask and transmitted to us where they are stored. The following data may be collected as part of the registration process:

•    personal data: first and last names, date of birth, address, place of birth, citizenship, school qualifications, height, shoe size, clothing size (upper and lower body), hair colour, details of tobacco consumption, tattoos, piercings, public retirement insurance number (social security number), personal income tax ID number, bank account details; •    communication data: telephone number, mobile telephone number, e-mail address; •    vocational/professional training data: student status; •    details of other qualifications: driving licence, ownership of a car, foreign language knowledge, periods spent abroad, any other special knowledge or skills; •    job application photos; •    details of desired job deployment location and trade fair deployments; •    job application history.

At the time of registration, we also store the following data:
1)    date and time of registration;
2)    date and time registration is confirmed.
In the registration process, we obtain the user's consent to process this data. An applicant profile is then prepared on the basis of the data which is used to send out suitable job offers. As the jobs offered differ from season to season and are of short duration, the data are kept "in store" and used for sending out appropriate offers.

The data supplied can be managed both by the provider and by the user personally. After successfully registering, for example, users receive entry data by e-mail for the log-in area which is protected by a password at https://www.melles-stein.de/de/login.php. The master data stored at this location can be altered.

In order to manage applicant data, we use the software tool AG VIP from

Grutzeck-Software GmbH
Hessen-Homburg-Platz 1
D-63452 Hanau
Germany

Phone: +49 6181 / 97010
Fax: +49 6181 / 970166
E-mail: info@grutzeck.de
Internet: www.grutzeck.de

In the data management and updating process, your data are sent by the company App-Forge (Michael Gierczak, Harkortstr. 25, D-40880 Ratingen, Germany) to AG VIP. The applicant data are imported and exported via App Forge solely on behalf of Melles & Stein Messe-Service AG. Your data are not passed on under any circumstances. We have a legally valid contract processing agreement with App-Forge for the secure contract processing of your personal data.

1. The Legal Basis for Processing Data
The legal basis for processing data is the existence of consent from the user in accordance with Art. 6, Paragraph 1 (a) GDPR.

The legal basis for processing biometric data is the existence of consent from the user in accordance with Art. 9, Paragraph 2 (A) GDPR.

If registration is used to fulfil an agreement to which the user is a contractual party or to carry out pre-contractual procedures, the additional legal basis for processing the data is Art. 6, Paragraph 1 (b) GDPR.

2. The Purpose of Processing Data
Registration by the user is required for storing certain content and services on our website.

This applies in particular to the job applicant portal which forms the basis for checking suitability for jobs offered and making job offers. For this purpose, biometric data are also required, among other things, to provide appropriate job-related clothing such as uniforms etc.
Registration by users is required in order to fulfil agreements with users or to perform pre-contractual procedures. If a job placement is successful, the data given – such as tax ID and bank account details – are used to invoice the services provided as appropriate.

3. Duration of Data Storage
If a user registers on the job applicant portal, a confirmation e-mail is sent to this user. If the backlink contained in the mail is not confirmed, the data stored will be deleted after seven days. If, on the other hand, registration has been carried out completely, the data will be stored until they are deleted by the user.

The party responsible will then no longer process the personal data concerning you unless it can demonstrate compelling legitimate reasons for processing the data that outweigh your interests, rights and freedoms or if processing is used to assert, exercise or defend legal claims.

4. Options for Objection to Storage, Use and Removal of Data
As a user, you have the opportunity at any time to object to your data being stored. To object to storage or have your data deleted, please contact the following company:

Melles & Stein Messe-Service AG
Bahnstraße 1
D-40699 Erkrath
Germany

Phone: 0211 / 24 08 77-0
Fax: 0211 / 24 08 77-77
E-mail: info@melles-stein.de

If the data are required to fulfil an agreement or perform pre-contractual procedures, they can only be deleted in advance unless deletion is prohibited by contractual or statutory provisions.

5. Security

We take all technical and organisational security methods necessary for protecting your personal data from loss and/or misuse. For example, all data are transmitted in encrypted form and are protected using the appropriate technology.

6. Options for Objection to Storage, Use and Removal of Data

In accordance with Art. 15 GDPR, you are entitled to request information from us about the data stored with us about you, their origin, recipients and the categories of recipients to whom the data are sent. You are also entitled to request information on why your data are stored. You may object to the use of your data for the aforementioned purposes at any time with effect for the future.

Please address all requests for information, enquiries about information and objections to data processing by e-mail to:

Melles & Stein Messe-Service AG
Bahnstraße 1
D-40699 Erkrath
Germany

Phone: 0211 / 24 08 77-0
Fax: 0211 / 24 08 77-77
E-mail: info@melles-stein.de

IX. E-mail Contact
1. Description and Extent of Data Processing
You can contact us via the e-mail address provided. In this case, the personal data of the user sent with the e-mail will be stored.

No data are passed on to third parties in this connection. The data are used exclusively to process the conversation.

2. The Legal Basis for Processing Data
The legal basis for processing the data transmitted in an e-mail is Art. 6, Paragraph 1 (f) GDPR. If the e-mail contact is intended to conclude an agreement, the additional legal basis for processing data is Art. 6, Paragraph 1 (b) GDPR.

3. The Purpose of Processing Data
We process personal data obtained from e-mail contacts only in order to make this contact.

4. Duration of Data-Storage
Data is stored in accordance with the provisions of the law (including the German Guidelines for Data Access and Verifiability)

5. Options for Objection to Storage, Use and Removal of Data
Users have the option of cancelling their consent to having their personal data processed at any time. If users contact us by e-mail, they may object at any time to their data being stored. In such cases, contact cannot be continued.

If you wish to cancel your consent to having your data stored, please use the following contact data to contact us:

Melles & Stein Messe-Service AG
Bahnstraße 1
D-40699 Erkrath
Germany

Phone: 0211 / 24 08 77-0
Fax: 0211 / 24 08 77-77
E-mail: info@melles-stein.de
https://www.melles-stein.de/

In this case, all personal data stored when making contact will be deleted.

X. Using Google Services

We use services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereafter: Google) on our internet site. Google has subjected itself to the Privacy Shield Agreement, thereby guaranteeing its compliance with European data protection law.

(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)

Below you will find more information about the Google services used by Melles & Stein Messe-AG and the extent to which personal data are processed.

1. Google Services

a.) Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. („Google“). Google Analytics uses so-called "cookies" which are text files stored on your computer and which make it possible to analyse your use of the website. These are cookies from Google itself (Google Analytics cookies) and so-called third-party provider cookies ("double-click cookies"). The information generated by the cookie about your use of this website is normally transmitted to a server at Google in the United States and stored there. We would like to point out that the Google Analytics on this website was extended by the code "gat._anonymizeIp();" in order to guarantee the anonymised recording of IP addresses (so-called "IP masking"). If anonymisation is active, Google abbreviates IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, which is why it is not possible to draw any conclusions about your identity. The full IP address is only transmitted to a Google server in the United States in exceptional cases and is abbreviated there.

As part of our use of Google Analytics we have concluded a legally valid agreement on contract data processing with Google.

1. The Legal Basis for Processing Personal Data
The legal basis for the use of Google Analytics is Art. 15, Paragraph 3, of the German Telemedia Act and Art. 6, Paragraph 1 F GDPR.

2. The Purpose of Processing Data
On behalf of the operator of this website, Google will use the information collected to analyse your use of the website, compile reports on website activity and provide further services connected with your use of this website and the internet, in particular functions for display advertising, such as Google Analytics reports on performance in accordance with demographic characteristics and interests, to the website operator. If appropriate, Google will also transmit this information to third parties if this is prescribed by law or if third parties process these data on behalf of Google. Data obtained from Google on interest-related advertising and visitor data from third-party providers, such as age, sex and interests, will be included in the Google Analytics reports on performance in accordance with demographic characteristics and interests. Google will not link your IP address with other data from Google under any circumstances.

3. Duration of Data Storage
Sessions and campaigns are terminated after a certain period of time has elapsed. Normally sessions are terminated after 30 minutes and campaigns are terminated after six months. Such campaigns can last up to a maximum of two years. You can find more detailed information on conditions of use and data protection at:

https://www.google.com/analytics/terms/de.html and at https://policies.google.com/?hl=de

4. Options for Objection to Storage, Use and Removal of Data
You can prevent cookies from being stored by adjusting your browser software as required. However, we would point out that in this case, you will not be able to make full use of all functions on this website. You can also prevent the data generated by the cookie and the data obtained from your use of the website (including your IP address) being sent to Google and prevent these data from being processed by Google by downloading and installing the browser-plugin available from the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Opt-out cookies will prevent your data from being recorded in future when you visit this website.
In order to prevent your data from being recorded by Universal Analytics through various devices, you will need to carry out the opt-out process on all the systems you use. The opt-out cookie can be installed by clicking here: Disable Google Analytics.

b.) Google Maps

This website uses the Google Maps service from Google Inc. to display an interactive map. By using this website you declare that you agree to the recording, processing and use of the data collected automatically by Google Inc., its representatives and third parties.

Google will not under any circumstances connect your IP address with other of its data. However, Google may still be technically able to use the data collected to identify individual users. For example, it may be possible for personal data and personal profiles of users of Google's website to be processed for other purposes. We have no influence over this.

If you do not want your data to be stored by Google Maps, you can deactivate Google Maps by deactivating the JavaScript of your browser. However, we would point out that in this case, you will not be able to use the map as displayed.

By using this website and not deactivating the JavaScript function, you declare that you agree expressly to the data collected about you being processed by Google in the manner and for the purpose described above.

You can find more information on the conditions of use, legal information on Google Maps and the Google data protection declaration at: http://www.google.com/intl/de_de/help/terms_maps.html and https://www.google.com/intl/de/policies/privacy/index.html

c.) Google WebFonts

Third-party fonts ("Google Fonts") are used on these internet sites. Google Fonts is a service of Google Inc. ("Google"). These web fonts are integrated by calling up a server, usually a Google server in the United States. This tells the server which of our internet sites you have visited. The IP address of the browser of the visitor’s end device is also stored by Google. You can find more information in Google's data protection notes, which you can call up here:
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/

d.) Google ReCAPTCHA

In order to ensure sufficient data security in transmitting forms, we use the reCAPTCHA service from Google Inc. in certain cases. In particular, we use this to discern whether data is entered by a natural person or improperly by mechanical and/or automated processing. The service includes sending the IP address and, if appropriate, other data required by Google for the reCAPTCHA service to Google. For this purpose, the deviating data protection provisions of Google Inc. apply. You can find more information on Google Inc.'s data protection guidelines at http://www.google.de/intl/de/privacy

or https://www.google.com/intl/de/policies/privacy/.

 

2. Disabling Google Cookies You can permanently disable the use of cookies by Google by altering the following link and the settings for managing cookies: http://www.google.com/policies/technologies/managing/
http://www.google.com/policies/technologies/ads/

 

You can alter the display settings at https://www.google.de/settings/ads.

Alternatively, you can disable the use of cookies by third-party providers by calling up the disabling site of the Network Advertising Initiative at http://www.networkadvertising.org/choices/ and following the more detailed opt-out information there.


XI. Rights of the Person Affected

If you process personal data, you are an affected party within the meaning of the GDPR and you have the following rights with the parties responsible:

1. Right to Information

You can request confirmation from the party responsible as to whether personal data concerning you are processed by us. If we do process such information, you may request details of the following information:

(1)   the purposes for which the personal data are being processed;
(2)   the categories of personal data being processed;
(3)   the recipients and/or the categories of recipients to whom the personal data concerning you were or will be disclosed;
(4)   the planned storage period of the personal data concerning you or, if it is not possible to give actual details of this, the criteria used to stipulate the storage period;
(5)   the existence of a right to correction or deletion of the personal data concerning you, a right to restrict processing by the party responsible or a right to object to this processing;
(6)   the existence of the right to appeal to a regulatory authority;
(7)   all available information about the origin of the data if the personal data are not obtained from the person concerned;
(8)   the existence of an automated decision-making process, including profiling in accordance with Art. 22, Paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the extent and the desired effects of such processing for the person concerned.

You are entitled to request information as to whether the personal data concerning you will be transmitted to a third-party country or to an international organisation. In this connection, you may ask to be informed about the suitable guarantees in accordance with Art. 46 GDPR concerning such transmission.

2. Right to Correction of Data
You have the right to have your personal data corrected and completed by the party responsible if the processed personal data concerning you are incorrect or incomplete. The party responsible is required to carry out correction immediately.

3. Right to Restriction of Processing
Under the following conditions you can request the restriction of the processing of personal data that affects you:

(1)   if you contest the correctness of the personal data concerning you for a period that enables the party responsible to verify the correctness of the personal data;
(2)   if processing is illegal and you decline to have your personal data deleted and instead request that use of the personal data be restricted;
(3)   if the party responsible no longer requires the personal data for processing purposes but you still require them in order to assert, exercise or defend legal claims; or
(4)   if you have objected to the data being processed in accordance with Art. 21, Paragraph 1 GDPR and it has not yet been established whether the legitimate reasons of the party responsible outweigh your reasons.

If processing of the personal data concerning you has been restricted, these data may – apart from being stored – only be processed with your consent or in order to assert, exercise or defend legal claims or to protect the rights of another natural person or legal entity or for reasons of important public interest of the European Union or one of its member states.

If processing has been restricted in accordance with the above-mentioned restrictions, you will be informed by the party responsible before the restriction is lifted.

4. Right to Deletion
a)   Obligation to Delete Data
You can request the party responsible to immediately delete personal data concerning you. In such a case, the party responsible is obliged to delete these data immediately if one of the following reasons applies:

(1)   the personal data concerning you are no longer required for the purposes for which they were obtained or for which they were otherwise processed;
(2)   you revoke your consent on which processing in accordance with Art. 6, Paragraph 1 (a), or Art. 9, Paragraph 2 (a) GDPR was based and there is no other legal basis of any other kind for processing;
(3)   you object to your data being processed in accordance with Art. 21, Paragraph 1 GDPR, and there are no other overriding legitimate reasons for processing or you object to processing in accordance with Art. 21, Paragraph 2 GDPR;
(4)   the personal data concerning you were processed illegally;
(5)   it is necessary to delete the personal data concerning you in order to fulfil a legal requirement in accordance with EU law or the law of one of its member states to which the party responsible is subject;
(6)   the personal data concerning you were collected in reference to services offered by the information society in accordance with Art. 8, Paragraph 1 GDPR.

b)   Informing Third Parties
If the party responsible has made public the personal data concerning you and if it is required to delete them in accordance with Art. 17, Paragraph 1 GDPR, it will take appropriate steps, including of a technical nature, taking into account the available technology and the costs of implementation, to inform the parties responsible for processing your personal data that you as the person concerned have requested them to delete all links to this personal data or have requested copies or duplicates of these personal data.

c)   Exceptions
You are not entitled to have your personal data deleted if processing is necessary:

(1)   for exercising the right to freedom of expression and information;
(2)   to fulfil a legal requirement under the law of the European Union or the EU member state to which the party responsible is subject or to fulfil a task in the public interest or to exercise public authority conferred on the party responsible;
(3)   for reasons of public interest in the field of public health in accordance with Art. 9, Paragraphs 2 (h) and 2 (i) and Art. 9, Paragraph 3 GDPR;
(4)   for archiving, scientific or historical research purposes or for statistical purposes in the public interest in accordance with Art. 89, Paragraph 1 GDPR, if the right referred to in Section (a) were to probably make implementation of the aims of this processing impossible or seriously impair these aims; or
(5)   to assert, exercise or defend legal claims.

5. Right to be Informed
If you have asserted your right to the party responsible to have your personal data corrected, deleted or the processing thereof restricted, this party is required to inform all recipients to whom the personal data concerning you have been disclosed of the correction or deletion of the data or the restriction of processing unless this proves impossible or incurs a disproportionate effort or expense.
In your dealings with the party responsible you are entitled to be informed as to who these recipients are.

6. Right to Portability of Data
You are entitled to have the personal data concerning you and which you have provided to the party responsible, given (back) to you in a structured, conventional and machine-readable format. You are also entitled to transmit these data to another responsible party without hindrance by the party responsible to whom you have provided your data if:

(1)   processing is based on consent in accordance with Art. 6, Paragraph 1 (a) GDPR or Art. 9, Paragraph 2 (a) GDPR or is based on an agreement in accordance with Art. 6, Paragraph 1 (b) GDPR and
(2)   processing is carried out in an automated process.

In exercising this right, you are also entitled to have the personal data concerning you transmitted by a party responsible directly to another party responsible if this is technically possible. Freedoms and rights of other persons may not be impaired by this.

The right to data portability does not apply to the processing of personal data that is required for the performance of a task in the public interest or involves the exercise of public authority conferred on the party responsible.

7. Right to Appeal
In accordance with Art. 6, Paragraph 1 (e) or (f) GDPR, you are entitled for reasons based on your particular situation to object at any time to the personal data concerning you being processed. This also applies to profiling based on these provisions.
The party responsible will no longer process the personal data concerning you unless it is able to show compelling legitimate grounds for processing these data that outweigh your interests, rights and freedoms or if processing them is intended for asserting, exercising or defending legal claims.
If the personal data concerning you are processed for the purposes of direct advertising, you will be entitled at any time to appeal against processing of the personal data concerning you for this purpose. This also applies to profiling if it is connected with such direct advertising.

If you object to your data being processed for the purposes of direct advertising, the personal data concerning you will no longer be processed for this purpose. You will be entitled at any time in connection with the use of services of the information society and regardless of Directive 2002/58/EC, to exercise your right to appeal by automated means using technical specifications.

8. Right to Revoke Your Declaration of Consent under Data Protection Law
You are entitled to revoke your consent to the protection of your personal data under data protection law at any time. Such revocation will not affect the legality of processing based on your consent to have your data processed up to the time you have revoked such consent.

9. Automated Decisions in Individual Cases, including Profiling
You are entitled not to be subjected to a decision based solely on automated processing – including profiling – that affects you legally or which considerably impairs you in a similar manner. This will not apply if the decision

(1)   is required in order to conclude or fulfil an agreement between you and the party responsible;
(2)   is permitted further to legal provisions of the European Union or of the EU member states to which the party responsible is subject and these legal provisions include appropriate measures for protecting your rights, freedoms and legitimate interests; or
(3)   is carried out with your express consent.

However, these decisions may not be based on special categories of personal data in accordance with Art. 9, Paragraph 1 GDPR unless Art. 9, Paragraphs 2 (a) or (g) apply and appropriate measures have been taken to protect rights, freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the party responsible will take appropriate steps to safeguard rights, freedoms and your legitimate interests, which will include at least the right to procure or obtain the intervention of a person by the party responsible, to present your own case and to contest the decision.

10. Right to Lodge a Complaint with a Regulatory Authority
Regardless of any other administrative or judicial remedy, you are entitled to lodge a complaint with a regulatory authority, in particular in the member state in which you, your place of work or the alleged breach is/are located if you are of the opinion that the processing of the personal data concerning you breaches the GDPR.

The regulatory authority where the complaint was lodged will inform the complainant of the status and the results of the complaint, including the possibility of judicial remedy in accordance with Art. 78 GDPR.

The responsible regulatory authority is the

North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information

Helga Block
Kavalleriestraße 2-4
D-40213 Düsseldorf
Germany

Phone: 02 11/384 24-0
Fax: 02 11/384 24-10

E-mail: poststelle@ldi.nrw.de