Disclaimer/Data Privacy

Data Protection Information

The protection of your personal data during its collection, processing and use on the occasion of your visit to our web-site is important to us. This document contains information about which item of personal data we process, its purpose, the basis on which we process it and for how long.

Name and contact data of the controller

The controller for the collection and use of personal data within the meaning of data protection legislation is

DOG Deutsche Ophthalmologische Gesellschaft e.V.

Offices:
Platenstrasse 1
80336 Munich
Phone: + 49 89 – 5505 7680
Fax: + 49 89 – 5505 76811

Managing Director:
Dr Philip Gass

Statutory registered office of the DOG in Heidelberg
Deutsche Ophthalmologische Gesellschaft e.V.
Klingenteich Strasse 2
D-69117 Heidelberg

Association registration number Heidelberg District Court, VR 33105
Value Added Tax registration number: DE143294894

E-Mail: geschaeftsfuehrer@dog.org
Website: www.dog.org

You can find further information about our Association in the Legal Notices section of our web-site http://www.dog.org/?page_id=1266.

General matters relating to our processing of personal data

The legal basis for the processing of personal data.

The following applies as a matter of principle to our processing of personal data:

  • In so far as we obtain the consent of the data subject for processing procedures of personal data, Article 6, Paragraph 1, Letter a) of the EU General Data Processing Regulation (GDPR) acts as the legal basis for the processing of personal data.
  • In the case of the processing of personal data which is needed for the performance of a contract to which the data subject is a party, Article 6, Paragraph 1, Letter b) of the GDPR acts as the legal basis. This also applies to processing procedures which are necessary for the performance of pre-contractual measures.
  • In so far as the processing of personal data is necessary for the performance of a legal obligation to which our Association is bound, Article 6, Paragraph 1, Letter c) of the GDPR acts as the legal basis.
  • In the event that the vital interests of the data subject or another natural person render the processing of personal data necessary, Article 6, Paragraph 1, Letter d) of the GDPR acts as the legal basis.
  • If the processing is necessary for the protection of a legitimate interest of our Association and the interests, fundamental rights and freedoms of the data subject do not override the legitimate interest of our Association, Article 6, Paragraph 1, Letter f) of the GDPR acts as the legal basis.

Note on a particular right to object

In so far as we process personal data on the basis of Article 6, Paragraph 1, Letter f) of the GDPR for reason of a legitimate interest, we expressly draw your attention to the fact that you can, for reasons arising from your particular situation, object at any time to our processing of the personal data relating to you. We will cease processing your data if we can demonstrate no compelling reasons worthy of protection for the further processing which override your interests, rights and freedoms or if we are processing your data for the purposes of direct advertising (cf. Article 21 of the GDPR).

A technical process which you use, for example an unambiguous statement sent by technical means by your browser (a “do not track” message) is also deemed to be an objection in this sense.

Data deletion and duration of archiving

The personal data is deleted or blocked as soon as the purpose of the archiving no longer applies. Data can also be archived if this was stipulated by the European or national legislative body in EU regulations, laws or other provisions to which we, as the controller, are subject. Data is also blocked or deleted if a retention period required by the above-mentioned regulations etc. expires unless it is necessary that the data continues to be archived for the conclusion or performance of a contract

In specific terms this means:

If we are processing the personal data on the basis of consent for data processing (Article 6, Paragraph 1, Letter a) of the General Data Protection Regulation (GDPR), the processing is ended when you revoke your consent unless a further legal basis for processing the data exists. This is the case if, at the time of the revocation, we are still entitled to process your data for the purpose of the performance of a contract, or if the data processing is necessary to protect our legitimate interests (on this point see also below).

If, by way of exception, we are processing the data by reason of our legitimate interests (Article 6, Paragraph 1, Letter f) of the GDPR as part of a previous assessment, we will save this data until the legitimate interest no longer exists, the assessment comes to a different conclusion, or you have lodged a valid objection pursuant to Article 21 of the GDPR (on this point see the highlighted “Note on a particular right to object”).

If we are processing the data for the purpose of the administration of a contract we will save the data until the contract has been finally performed and brought to a conclusion and no further claims can asserted under the contract, in other words until the matter becomes time-barred. The general period of prescription according to § 195 of the German Civil Code is three (3) years. However, certain claims, for example claims for compensation, only become time barred after 30 years. If there is a legitimate reason for assuming that this is relevant in a particular case, we will save the personal data during this period of time. The above-mentioned periods of prescription commence at the end of the year (therefore on December 31) in which the claim arose and the obligee becomes aware or should have become aware of the circumstances giving rise to the claim and the person of the liable party becomes or should have become aware of the foregoing without gross negligence.

We wish to point out that we are also subject to statutory retention obligations for reasons associated with taxation and book-keeping. These oblige us to archive certain data as evidence for our book-keeping which can include personal data for a period which can range from six (6) to ten (10) years. These retention periods take precedence over the above-mentioned deletion obligations. The retention periods also commence at the end of the year in question, and therefore December 31.

Sources of personal data

The personal data we process originates primarily from the data subject himself or herself, for example by these persons

  • as users of our web-site via their browser and terminal (e.g. a PC, smartphone, tablet or notebook) transmitting information such as their IP address to our web-server,
  • as interested parties requesting information material
  • as members of our Association informing us about their contact data or other items,
  • as representatives of the press asking for press releases, a statement or similar,
  • as suppliers delivering goods to us which we have ordered or performing services or similar for us,

As a rare exception, the personal data we process may also come from third parties, for example if a person is acting on behalf of another person.

Concrete categories, purposes and legal basis for processing personal data

We process the following categories of personal data:

  • users of our web-site,
  • interested parties,
  • representatives of the press
  • members, and
  • suppliers

Depending of the category of the data involved we process personal data for the following purposes on the legal basis specified in the General Data Protection Regulation (GDPR)

User data: We do not collect and process data about users of our web-site in personal form. We cannot attribute this data to a particular persons The IP address is only processed in an anonymised form. On the other hand in so far as personal data is involved in exceptional cases, we process this data for the protection of our legitimate interests on the basis of Article 6, Paragraph 1, Letter f) of the GDPR. Our legitimate interests in this sense are our interest in the security and integrity of our web-site and the data on our web-servers (particularly the detection of disturbances and malfunctions as well as the tracking of unauthorised access) plus marketing interests and interests in statistical surveys for the improvement of our web-site, our services and what we have to offer). After giving the matter our due consideration we came to the conclusion that the processing of data to protect the above legitimate interests is necessary and overrides your fundamental rights and freedoms requiring the protection of personal data.

Data of interested parties/data of representatives of the press: In so far as we process the data of parties interested in our services or of the representatives of the press, this is only done if they enter this data in an input field and send it to us or enter this data in an email for the purpose of a query which is then sent to us. These entries are voluntary. We then only process this data in order to deal with their enquiry. This data which is voluntarily sent to us for the purpose of the supply of information about our services is processed as pre-contractual processing in accordance with Article 6, Paragraph 1, Letter b) of the GDPR and/or on the basis of the consent you grant by sending the consent you give in accordance with Article 6, Paragraph 1, Letter a) of the GDPR.

Members’ data: We process our members’ data for the purposes of the management of the Association, support for members and the fulfilment of objectives as set out in the statutes of our Association in accordance with Article 6, Paragraph 1, Letter b) of the GDPR (this also applies to processing procedures which are necessary before the member is admitted to the Association, for example as part of an enquiry about new membership or processing an application for membership) and/or on the basis of a legitimate interest of the Association pursuant to Article 6, Paragraph 1, Letter f) of the GDPR if the Association has a legitimate interest in a particular item of data processing which overrides the fundamental rights and freedoms of the member.

Suppliers’ and business partners’ data: We process the data of the our suppliers and business partners for the purpose of the performance of a contract as set out in Article 6, Paragraph 1, Letter b) of the GDPR and/or on the basis of consent which is granted pursuant to Article 6, Paragraph 1, Letter a) of the GDPR. This also applies to processing procedures which are necessary for pre-contractual activities (for example as part of the preparation and negotiation of offers).

Recipients and categories of recipients of the personal data

Your personal data is only passed to third parties or others if this is necessary for the purpose of the performance of a contract (the administration of and support for your membership, or for the execution of an order) or for invoicing purposes (for example for executing a payment process during the purchase of goods or services) and if there is a legitimate interest in the transmission of the data which overrides your fundamental rights and freedoms, or you have previously and validly granted your consent.

The categories of recipients can be:

  • service-providers (publishing houses, print works, congress organisers and similar)
  • delivery service-providers, suppliers
  • payment service-providers, banks

Newsletter circulation for members

An Association Newsletter is sent free of charge to our members. The Newsletter contains information about the Association and its activities and events as well as pointers, tips and similar.

On joining the Association the member has the opportunity to consent explicitly to the transmission of the Newsletter. However, the member is not obliged to give his/her consent.

Subscribing to the Newsletter uses what is called a “double opt-in process”. This means that after subscribing, the member receives an email which asks for confirmation of the subscription This confirmation is necessary to ensure that we have recorded the correct email address.

The purposes of data processing: The purpose of collecting and processing the member’s email address is to send the Newsletter. We use the email address for the purpose of providing information about news, events and topics related to the Association.

The legal basis for the data processing: The legal basis for processing the data after the user subscribes to the Newsletter is the grant of consent by the member in accordance with Article 6, Paragraph 1, Letter a) of the GDPR.

Duration of the archiving: The user’s email address is archived as long as the subscription to the newsletter is active, that is to say that the member has not cancelled the subscription or the membership has been terminated.

The right to object and the right to erasure: The subscription to the Newsletter can be cancelled in any form, at any time and free of charge. There is a link for this purpose in every Newsletter.

The scope of the processing of personal data via our web-site

As a matter of principle we only collect and use the personal data of users during the use of our web-site in so far as this is necessary for the provision of a functioning web-site, its content and our services. Normally the personal data of our users is collected and used only after the user has granted his/her consent. The exception is such cases in which it is not factually possible to obtain consent in advance and/or the processing is permitted by the provisions of law.

Provision of the web-site and creation of log files

Every time the web-site is accessed our system automatically collects data and information for technical reasons. This is saved in the server’s log files. This information is:

  • the data and time of access,
  • the URL of the web-site from which access was made (the referrer),
  • the web-sites which were accessed by the user’s system via our web-site,
  • the user’s screen resolution,
  • the file(s) accessed and a report of the success of the access,
  • the amount of data sent,
  • the user’s Internet service-provider,
  • the browser, browser type and version, the browser engine and engine version,
  • the operating system, operating system version and type, and
  • the user’s anonymised IP address and Internet service-provider.

This data is processed separately from other data. This data is not processed in combination with the user’s other personal data. We cannot attribute this data to a particular person.

The purposes of data processing: The temporary processing of the data by the system is necessary so that it is possible to send the contents of our web-site to the user’s computer. The user’s IP address must be saved for the duration of the session to achieve this.

Data is saved in log files to ensure the functionality of the web-site. The data also enables us to optimise our offering and the web-site, and to protect the security of our computer system. The data is not evaluated for marketing purposes in this connection.

The legal basis for the data processing: The data and the log files are temporarily saved on the legal basis of Article 6, Paragraph 1, Letter f) of the GDPR Our overriding legitimate interest in this data processing is to be found in the purposes stated above.

Duration of the archiving The data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of data capture for the provision of the web-site, the data is deleted when the session is terminated. The data saved in the log files is deleted after no more than seven days. It is not possible to save the data for longer. In this case the users’ IP addresses are deleted or distorted so that it is no longer possible to attribute them to the client accessing the web-site.

The right to object and the right to erasure: The capture of data is essential for the provision of the web-site, and the saving of data in log files is necessary for the operation of the web-site. As a consequence the user has no right to object to this practice. However, the user may terminate the use of the web-site at any time and therefore prevent the continued collection of the data specified above.

Members’ log-in to the web-site

In our web-site we offer members the facility of logging into a protected members’ area by entering personal access data. By entering his/her name and membership number a new member can have information sent to him/her which enables the new member to enter the members’ area. During the course of this procedure, consent to the processing of this data for the purpose of checking the entitlement to enter the members’ area and for the management of the members’ area is obtained.

The data which is entered in this way is sent to us or our members’ data-base for checking and is processed for this purpose. If the information agrees with the member’s data we hold in our records, the member receives unique access data by email sent to the member’s email address in our records.

So that the member can log on, the access data is then entered into an input mask which is then sent to us to verify the access data and approve access to the members’ area. The data is not passed to third parties.

The members’ area is operated as a separate sub-domain (mydog.dog.org).

The member’s email address and password have to be entered to log onto the members’ area.

All the above data transmissions are, of course, encrypted.

The purposes of data processing: The purpose of registration is for the provision of certain content and services on our web-site which is intended exclusively for members of the Association.

The legal basis for data processing: The legal basis for processing the data is the grant of consent by the member in accordance with Article 6, Paragraph 1, Letter a) of the GDPR.

Duration of the archiving: The data is saved until the member revokes his/her consent or ceases to be a member.

The right to object and the right to erasure: You can terminate your registration for the members’ area at any time by revoking your consent. You can do this by informing us accordingly. You can also have the data we hold about you amended at any time.

Contact form and email contact

Our web-site contains a contact form which can be used for contacting us by electronic means. if you take advantage of this facility the data you enter in the mask is sent to us and saved.

This data consists of:

  • form of address, family name, given name, email (mandatory fields),
  • street, post code, town/city, country, phone number, fax number, subject heading, message (optional inputs)

The following data is also saved when the message is sent:

  • the user’s IP address,
  • the date and time of the transmission.

In order to process the data your consent is obtained as part of the transmission process and your attention is drawn at the same time to our legitimate interest in processing the data. At this time you are informed once again about the processing of data and referred to this Data Protection Statement.

Alternatively you can contact us via the email address we provide. In this case the personal data transmitted with the email is saved..

In this connection the data is not passed to third parties. The data is only used for the distribution of the Newsletter.

Please never send any form of personal data by email because the transmission is not encrypted.

The purposes of data processing: The only purpose for processing the personal data in the input mask is to be able to contact you and deal with your suggestion. Contacting you also constitutes the legitimate interest in processing the data.

The purpose of processing the other personal data during the transmission procedure is to prevent misuse of the contact form and to ensure that out information system remains secure.

The legal basis for data processing: If consent has been granted, the legal basis for processing the data is Article 6, Paragraph 1, Letter a) of the GDPR and also our legitimate interest in the data processing as set out in Article 6, Paragraph 1, Letter f) of the GDPR.

If the purpose of the contact or your request is the conclusion of a contract (for example membership), the additional legal basis for the processing is Article 6, Paragraph 1, Letter b) of the GDPR (execution of pre-contractual measures).

Duration of the archiving: The data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected.

For the personal data in the input mask of the contact form and the personal data sent by email, this is the case if the conversation in question with you is at an end. The conversation is at an end if it can be gathered from the circumstances that the matter in question has been definitely settled.

The additional data also collected during the transmission process is deleted after a period not exceeding seven days.

The right to object and the right to erasure: You may at any time revoke consent given for the processing of the personal data and object to further data processing because of a legitimate interest (cf. the above advice on a particular right to object). In such a case the conversation cannot be continued.

You can revoke the consent and object to further data processing without any need for a specific form (e.g. you can use email).

In this case all personal data which was saved in the course of the contact with you is deleted.

Use of cookies

When accessing individual web pages we use so-called cookies. Cookies are small text files which are installed on the terminal (PC, smartphone or tablet etc.). If a user accesses a web page a cookie may be saved in the user’s operating system. This cookie includes a characteristic sequence of characters which enable the browser to be unmistakeably identified if the page is accessed again.

It can also happen that cookies are used by third party service-providers. If this is the case, we inform you about this point separately in this Data Protection Information in the part dealing with the relevant third party service-provider tools (for example, analysis tools, plug-ins, or similar).

We use cookies to make our web-site more user-friendly. Some parts of our web-site require that the browser accessing our site can also be identified after switching to a different page. The following data is saved in the cookies and transmitted at this time:

  • the language settings:
  • in the members’ area: the user’s session is saved so that it is possible to allocate the data to the relevant user.

The purposes of data processing: The purpose of using cookies needed for technical reasons is to simplify the use of the web-site for users. Some of the functions of our web-site cannot be provided without the use of cookies. For these it is necessary that the browser is re-identified after switching to a different page.

We need cookies for the following application:

  • the transfer of language settings

The user data collected by the cookies needed for technical purpose is not used for creating user profiles.

The legal basis for the data processing: The legal basis for the processing of personal data by means of cookies is Article 6, Paragraph 1, Letter f) of the GDPR, and is therefore a legitimate interest on our part. Our legitimate interest is to be found in the purposes stated above.

Duration of the archiving: Some of the cookies we use are deleted again at the end of the browser session, in other words when you close your browser (these are called “session cookies”). Other cookies remain on your terminal and enable us to recognise your browser on your next visit (“permanent cookies”).

The right to object and right of erasure Cookies are saved on your computer and transmitted from there to our site. You therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies which have already been saved can be deleted at any time. This can also be done automatically. We understand a “Do not track” setting of your browser of this nature to be an objection to the further collection and use of your personal data. Note: If cookies for our web-site are deactivated, it is possible that all functions of the web-site can no longer be used to their full extent.

Use of the analysis tool “Matomo” (previously PIWIK) in the members’ area

In the members’ area of this web-site Matomo (Piwik), an open-source web analysis tool of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (https://matomo.org), is used to collect and save data for marketing and optimisation purposes. User profiles with a pseudonym can be compiled from this data. Cookies can be used for this purpose. Cookies are small text files which are saved in the cache of the Internet browser of the visitor to the site. The cookies enable the Internet browsers to be identified on a further visit. The data collected by Matomo (Piwik) is not used to identify the visitor to this web-site and is also not merged with personal data about the owner of the pseudonym without consent by the data subject given separately.

The purposes of data processing: Analysis tools and analysis cookies are used for the purpose of improving the quality of our web-site and its contents. In this way we learn how the web-site is used and can therefore continuously optimise our offering.

The legal basis for the data processing: The legal basis for the processing of personal data by means of cookies is Article 6, Paragraph 1, Letter f) of the GDPR, and is therefore a legitimate interest on our part. Our legitimate interest is to be found in the purposes stated above.

Duration of the archiving: The cookies are saved on the user’s computer from where they are transmitted to our site. The IP is anonymised immediately after processing and before it is saved. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies which have already been saved can be deleted at any time. This can also be done automatically. We understand a “Do not track” setting of your browser of this nature to be an objection to the further collection and use of your personal data. Note: If cookies for our web-site are deactivated, it is possible that all functions of the web-site can no longer be used to their full extent.

The right to object and the right to erasure: You can prevent the installation of cookies by making a corresponding setting in your browser software. If you do this we must point out that in this case you will not be able to use all functions of this web-site to their full extent. You can also prevent the capture of the data created by the cookie relating to your use of the web-site (including your IP address) and the processing of this data by us by using the opt-out option.

Use of Google reCAPTCHA

For protection during the transmission of forms (e.g. contact forms, registration for the internal members’ area) we use the services of reCAPTCHA of Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA in selected cases.
This service includes sending your IP address and, if appropriate, additional information needed by Google for the reCAPTCHA service. The data protection provisions of Google, which are different from our own, apply to this data.
By the use of Google reCAPTCHA information about your use of this web-site (including your IP address) can be sent to a Google server in the USA and saved there. Google may pass the information obtained by reCAPTCHA to third parties in so far as this is required by law or in so far as third parties process this data on behalf of Google. In no case will Google combine your IP address with other Google data. Nevertheless, it would be technically feasible that, based on the data it has received, Google could identify at least individual users. It would be possible that personal data and personality profiles of users of Google’s web-site could be processed for other purposes over which we neither have nor can have any influence.

The purposes of data processing: Google reCAPTCHA is also used for the purpose of excluding what are called bots which are small malware programs which compromise the security and integrity of our web-site and web servers. We wish to ensure the functionality of the web-site. The data also serves to underpin the security of our IT systems.

The legal basis for the data processing: The legal basis for the processing of personal data by means of reCAPTCHA is Article 6, Paragraph 1, Letter f) of the GDPR, and is therefore a legitimate interest on our part. Our legitimate interest is to be found in the purposes stated above. Google Inc. has joined the “EU-US-Privacy Shield“ so that data transmission to the USA is permitted.

The right to object and the right to erasure: You have the possibility of not using the services of Google reCAPTCHA by not clicking on the service’s button. You can then contact us by other means, for example by email or phone.

You can also deactivate Java Script and thus prevent the transfer of data to Google. In order to prevent the execution of Java Script code totally, you can also install a Java Script-blocker, for example the browser plugin NoScript (e.g. www.noscript.net or www.ghostery.com).

Note: If Java Script is deactivated, you cannot use the reCAPTCHA service, you are also unable to use our contact and web forms which use reCAPTCHA.

You will find Google’s data protection policy at https://policies.google.com/privacy?hl=de

Encryption of the web-site

All the protected areas and forms on the web-site and therefore the data transmissions using these forms are encrypted to the SSL standard.

Transmission of personal data to a third country (countries outside Germany but in the EU)

We intend to send personal data to the United States of America. There is an adequacy decision of the EU Commission which states that personal data may be sent to the USA if the recipient has joined the EU-US Privacy Shield. Therefore personal data is only sent to recipients in the USA which demonstrate that they have joined the EU-US Privacy Shield.

The specific intention relates to a transmission of data to the following company:

  • Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). als Anbieter des Dienstes reCAPTCHA.

The companies mentioned have joined the EU-US Privacy Shield and have submitted to a regulatory framework comparable to the EU data protection standard. The transmission of data to these companies is therefore unquestionably permitted. In addition, in the case of data processing, appropriate data processing contracts were concluded with these companies to protect the data and our rights to issue instructions.

Rights of data subjects

If your personal data is processed you are a “data subject” and you are entitled to the following rights in respect of us as the controller.

The right to be informed

You have the right to receive a confirmation from us free of charge whether we are processing personal data relating to you. In this case you have the right to information about this personal data and other information which you can see in Article 14 of the GDPR. You can contact us for this purpose by post or email.

The right to rectification

You have the right to require that we immediately correct inaccurate personal data relating to you. You also have the right, for the purposes set out above, to require additions to incomplete personal data, including by means of a supplementary declaration. You can contact us for this purpose by post or email.

The right to erasure

You have the right to require the immediate deletion of personal data relating to you if one of the conditions of Article 17 of the GDPR is met. You can contact us for this purpose by post or email.

The right to restrict processing

You have the right to require the restriction of processing if one of the conditions of Article 18 of the GDPR is met. You can contact us for this purpose by post or email.

The right to information

If you have asserted the right to the correction, deletion or restriction of the processing to the controller, the latter is obliged to inform all recipients to which the personal data relating to you was disclosed about the correction or deletion of the data or about the restriction of the processing unless this proves to be impossible or is associated with disproportionate effort.

You have the right to be informed by the Controller about these recipients.

The right to data portability

You have the right to receive the personal data you sent to us relating to you in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us if the conditions of Article 20 of the GDPR are met. You can contact us for this purpose by post or email.

The right to restrict processing because of our legitimate interest

In so far as we process personal data on the basis of Article 6, Paragraph 1, Letter f) of the GDPR (therefore for reason of a legitimate interest,) you have the right, for reasons arising from your particular situation, to object at any time to our processing of the personal data relating to you. We will cease processing your data if we can demonstrate no compelling reasons worthy of protection for the further processing which override your interests, rights and freedoms or if we are processing your data for the purposes of direct advertising (cf. Article 21 of the GDPR). You can contact us for this purpose by post or email. A technical process which you use, for example an unambiguous statement sent by technical means by your browser (a “do not track” message) is also deemed to be objections in within these meanings.

The right to revoke consent

You have the right at any time to revoke an agreement you have given for the collection and use of personal data with effect for the future. You can contact us for this purpose by post or email. The lawfulness of the processing undertaken by reason of the consent you gave up to the time of its revocation is not affected.

Automatic decision-making including profiling

You have the right not to be subject to a decision based exclusively on automated processing (including profiling) which has a legal effect on you or which is significantly to your detriment in a similar manner unless the decision is necessary for the conclusion of an agreement between you and us, is admissible by reasons of provisions of law of the European Union or member states to which we are subject and these provisions of law contain reasonable measures to protect your rights, freedoms and legitimate interests, or the decision is taken with your express consent.

We do not take automated decisions of this nature.

Voluntary provision of data

If the provision of the personal data is stipulated by law or a contract, we will always point this out when the data is collected. The data we collect is sometimes necessary for the conclusion of a contract, to be specific, if we are unable to meet our contractual obligation to you or cannot adequately meet them in any other way. You are under no obligation to provide personal data. However, the failure to provide such information can mean that we are unable to perform or offer the service, action, measure or similar you require, or that it is impossible to conclude a contract with you.

The right to complain to a supervisory authority

Notwithstanding other rights, if you are of the opinion that the processing of personal data relating to you infringes data protection law, you have the right at all times to complain to a supervisory authority for data protection, particularly in the member state where you reside, where you work or the place of the alleged infringement.