Privacy
Privacy policy
Thank you for your interest in our website. As a member in Association of safe and reputable internet shop operators e. V the protection of your personal data is very important to us. Below we inform you, transparently and in understandable language, about the data collection and its scope, what your data is used for and what rights you have.
You have the right to receive information about the origin, the recipient(s) and the purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. If you have any questions about this or anything to do with data protection, you can contact the person responsible for data processing at any time. The person responsible for data processing is named under point 1 of this data protection declaration. You also have the right to lodge a complaint with the competent supervisory authority. You can find your rights in detail and detailed explanations under point 6 of this data protection declaration.
Your data will be collected, stored and processed in compliance with the relevant legal regulations. Personal information is any type of information that can be used to identify you as an individual.
1.) Who is responsible for data processing?
Within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations, the responsible body is a natural or legal person who alone or together with others is responsible for the purposes and means of processing personal data (names, contact details etc.) decides.
Responsible for data processing on this website is:
Carnival Store GmbH
Lower Wiesenstrasse 1
32120 Hiddenhausen
Telephone: +49 (0)176 - 4717 8423
Email: [email protected]
2.) What data is collected and processed on our website?
2.1 Automated collection of data:
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer in so-called server log files. Some of this data is technically necessary to display our website to you. It is not merged with data from other sources. The following data is collected:
- The pages called up
- Browser types and versions used
- The operating system used by the accessing system
- The website from which an accessing system reaches our site
- The date and time the page was accessed
- The Internet service provider of the accessing computer
- The Internet Protocol address (IP address) used
- The legal basis for data processing is Article 6 Paragraph 1 Letter f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is the reliable and error-free functioning of our website. There is no other processing of this data.
2.2 Collection of Personal Information
2.2.1 Data collection and processing when opening a customer account and when processing a contract
If you open a customer account on our website, this is done voluntarily. Registration is not a prerequisite for the conclusion of a contract. Data is only collected to the minimum required, the mandatory information can be recognized by the correspondingly marked input fields. The customer account can be deleted at any time and free of charge. If you wish to delete your data, please contact the person responsible for data processing. This is mentioned under point 1 of this data protection declaration.
We only use your data for the purpose for which you registered or to process the contract. The legal basis for data processing is Article 6 Paragraph 1 Letter b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary to fulfill a contract with you or to carry out a pre-contractual measure.
The collected customer data will be blocked after completion of the order, after termination of the business relationship or after deletion of your customer account and deleted after expiry of tax and commercial law retention periods, unless you have consented to further use of your data.
2.2.2 Data collection and processing when using our email address or contact function
In the case of emails or messages via the contact form, we store your data until your message has been processed. The mandatory information in the mask of the contact form can be recognized by the correspondingly marked input fields. The data will only be used to process your request. Your data will be deleted after processing is complete. The legal basis for data processing is Article 6 Paragraph 1 Letter f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is to answer your message or process your request.
2.2.3 Newsletter function, data processing and possibility of objection.
2.2.3.1 You have registered for our newsletter subscription:
If you subscribe to our free newsletter, data from the registration mask will be sent to us. The mandatory information can be recognized by the correspondingly marked input fields and is limited to the minimum required (email address). For the processing of your data, consent is obtained during the registration process and reference is made to this data protection declaration. The legal basis for data processing is Article 6 Paragraph 1 Letter a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing.
The data will not be passed on to third parties, but will only be used to send newsletters. Subscription to the newsletter (your consent) can be revoked at any time for the future. To revoke your consent, there is a link in each newsletter to unsubscribe from the newsletter, but you can also optionally unsubscribe directly via our website. The wish to unsubscribe from the newsletter can of course also be sent directly to the person responsible for data processing. This is mentioned under point 1 of this data protection declaration. After unsubscribing from the newsletter, the data will be deleted unless you have agreed to further use, or we reserve the right to further use (as explained below under 2.2.3.2), which is permitted by law.
2.2.3.2 When we send newsletters to our existing customers
If you have purchased goods or services on our website and have deposited your e-mail address, this can be used by us to send a newsletter, provided you have not objected to this. In such a case, only direct advertising for similar goods or services from our range will be sent via the newsletter. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG. The legal basis for data processing is Article 6 Paragraph 1 Letter f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is to send you personalized advertising. You can object to the use of your data for this purpose at any time with effect for the future. To object, please contact the person responsible for data processing. This is mentioned under point 1 of this data protection declaration.
2.3 Disclosure of data to third parties to fulfill the contract
2.3.1 Passing on to shipping service providers in general and banks
For payment transactions and, if necessary, for the delivery of goods, we pass on personal data to service providers (third parties) to the minimum extent necessary, insofar as this is necessary for the execution of the contract.
If we pass on your data to a shipping service provider (such as DHL, DPD, UPS Hermes or GLS), the legal basis for this is Article 6 Paragraph 1 Letter b of the General Data Protection Regulation (GDPR), which allows us to process the data made possible if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.
If we pass on your payment data to the commissioned bank, the legal basis for this is Article 6 Paragraph 1 Letter b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary to fulfill a contract with you or is required to carry out a pre-contractual measure.
2.3.2 Disclosure of email address and/or telephone number to shipping service providers
On our website you have the choice to agree to the transfer of your email address and/or telephone number in order to enable the selected shipping service provider to announce the delivery or to coordinate it with you. In the following we will inform you about which data is passed on to which shipping service provider and the legal situation on which this is based:
2.3.2.1 DPD
If your goods are delivered by the shipping service provider DPD and you have expressly consented to the transfer of your email address and/or your telephone number during the ordering process, this will be sent to DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg) to announce the delivery or to coordinate it of the delivery date. The legal basis for data processing is Article 6 Paragraph 1 Letter a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing. If you do not agree to the forwarding of the email address, delivery will take place in accordance with the conditions of paragraph 2.3.1 of this data protection declaration. It is then not possible for DPD to announce the delivery or coordinate the delivery date.
A given consent to the use of data can be revoked at any time for the future. To do this, please contact the person responsible for data processing (this is named under point 1 of this data protection declaration), or the shipping service provider directly.
A given consent to the use of data can be revoked at any time for the future. To do this, please contact the person responsible for data processing (this is named under point 1 of this data protection declaration), or the shipping service provider directly.
2.3.2.3. Send cloud
The dispatch takes place via the dispatch portal "SendCloud" (SendCloud GmbH, Kanalstr. 10, 80538 Munich). In accordance with Article 6 (1) (b) GDPR, we only pass on your data to SendCloud for the purpose of processing your online order. Data will only be passed on if this is actually necessary for processing. Details on data protection at SendCloud are available on the SendCloud website at www.sendcloud.de/datenschutz/visible.
2.3.3 Payment Providers
On our website you can choose from various payment service providers. In the following, we will inform you about which data is passed on and the legal situation on which this is based:
2.3.3.1.KLARNA
If you choose this payment service provider, the order data and your personal data will be passed on to Klarna (Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden). Order data is data about the items, the delivery method and the invoice amount. Your personal data is your first name, last name, address, telephone number, email address and IP address. The data is used to determine your identity and creditworthiness without any doubt and on the legal basis of Article 6 Paragraph 1 Letter a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing. You have the right to revoke your declaration of consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
If you would like to object to the use of your data or if you want to notify us of changes to the stored data, you can contact Klarna directly. At the following Internet address you will find further information about Klarna's data protection regulations and information about the credit agencies with which Klarna carries out credit checks:
https://www.klarna.com/de/datenschutz/
A credit report can contain scoring values (=probability values). The so-called scoring values are based on a scientifically recognized mathematical-statistical process. Your address data is also (but not exclusively) included in the calculation of the score values.
2.3.3.2 PayPal
If you choose this payment service provider, the data required for payment will be passed on to PayPal (PayPal Europe, S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg). The legal basis for this is Article 6(1)(a) of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing and Article 6(1)(b) of the General Data Protection Regulation (DSGVO), which enables us to process the data if this is necessary to fulfill a contract with you or to carry out a pre-contractual measure. You have the right to revoke your declaration of consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
If you choose the PayPal Plus payment methods by "credit card", "invoice", "direct debit" or "PayPal installment payment", PayPal reserves the right to obtain credit information about you. A credit report can contain scoring values (=probability values). The so-called scoring values are based on a scientifically recognized mathematical-statistical process. Your address data is also (but not exclusively) included in the calculation of the score values.
The legal basis for data processing is Article 6 Paragraph 1 Letter f of the General Data Protection Regulation (GDPR), which enables data to be processed in the event of a legitimate interest. In this case, the legitimate interest is to determine your identity or solvency.
You can object to the processing of your personal data at any time. However, PayPal may still be entitled to process, use and transmit the personal data if this is necessary for contractual payment processing by PayPal, is required by law, or is required by a court or an authority.
If you wish to object to the use of your data or if you want to notify us of changes to the stored data, you can contact PayPal directly. You can also find more information about PayPal's data protection regulations at the following Internet address:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
2.3.3.3 Immediate payment (instant transfer)
If you choose this payment service provider, the payment-related data and your personal data will be passed on to Sofort GmbH (Sofort GmbH, Theresienhöhe 12, 80339 Munich). Your personal data are first name, last name, address, telephone number, email address and IP address. This data transfer is necessary to establish your identity beyond doubt and thus to prevent possible attempts at fraud. In addition, you send your PIN and a TAN to Sofort GmbH, which uses them to log into your bank account and make a transfer to us. After logging in by Sofort GmbH, the account transactions, the scope of the overdraft facility and the existence of other accounts and their statuses are automatically checked. After completing the transfer, we will be informed of the successful payment.
The legal basis for this is Article 6(1)(a) of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing and Article 6(1)(b) of the General Data Protection Regulation (DSGVO), which enables us to process the data if this is necessary to fulfill a contract with you or to carry out a pre-contractual measure. If you would like to object to the use of your data or if you want to notify us of changes to the stored data, you can contact Sofort GmbH directly. You can obtain further information about the data protection regulations of Sofort GmbH at the following Internet address. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation:
3.) What are cookies and what data is processed?
3.1 Cookies set by our website
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and the associated consents, we use the “Real Cookie Banner” consent tool. Details on how “Real Cookie Banner” works can be found at https://devowl. io/rcb/data-processing/ .The legal basis for the processing of personal data in this context is Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the associated consents. The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we cannot manage your consents.
Our website uses so-called cookies. Cookies are text files that are stored in the internet browser or by the internet browser on your computer. We use cookies to make our website more user-friendly for you. Some elements of our website require that the calling browser can be identified even after a page change. For example, to save and transmit the items in your shopping cart or your login information. Most of the cookies we use are so-called “session cookies”, which are automatically deleted after the browser is closed. Some cookies remain stored on your device and allow you to be recognized the next time you visit the site (so-called persistent cookies). These are automatically deleted after a specified period of time. You can find more detailed information on individual cookies in the settings of your browser.
The legal basis for data processing is either Article 6 Paragraph 1 Letter a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing, or Article 6 Paragraph 1 Letter a of the General Data Protection Regulation (GDPR). b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary to fulfill a contract with you or to carry out a pre-contractual measure, or Art. 6 Para. 1 lit. f of the General Data Protection Regulation ( GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is to offer you a technically error-free and functionally optimized website.
If we store other cookies (e.g. from partner companies or to analyze your surfing behavior) on your device, we will inform you about this in detail below.
You can set your browser so that you are informed about the setting of cookies and then only allow these cookies in individual cases. You can also generally exclude the acceptance of cookies or only accept them in certain cases. You can also set your browser so that cookies that have been set are deleted after the browser window is closed.
The setting options differ depending on the browser. You can find help on the possible settings (for the most common browsers) under the following links:
- Firefox: https://support.mozilla.org/en/kb/cookies-allow-and-dispose
- Safari: https://support.apple.com/en-us/guide/safari/sfri11471/12.0/mac/10.14
- Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Opera: https://help.opera.com/latest/web-preferences/#cookies
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that if cookies are not accepted, the functionality of our website may be significantly restricted
3.2 Comment functions on our website
Are not used by us.
3.3 Web Analysis/Marketing
3.3.1 Google Analytics
Here you can deactivate the Google tracking function:
Click here to disable Google Analytics tracking
We use the analysis tool Google Analytics on our website. The provider of this analysis tool is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called "cookies". Cookies are small text files that are stored on your computer and thus enable an analysis of your use of the website. This analysis data is usually transmitted to a Google server in the USA and stored there.
The legal basis for data processing is Article 6 Paragraph 1 Letter f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is to analyze user behavior in order to optimize our offer and our advertising.
We would like to point out that on this website Google Analytics has been expanded to include the code "gat._anonymizeIp();" in order to ensure that IP addresses are recorded anonymously (so-called IP masking). By activating IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage.
The IP address transmitted by your Internet browser as part of Google Analytics will not be merged with other Google data.
You can prevent cookies from being saved by setting your internet browser accordingly. However, we would like to expressly point out that in this case you may not be able to use all the functions of this website to their full extent.
You can prevent data collection by Google Analytics by clicking on the following link and downloading the tool offered there:https://tools.google.com/dlpage/gaoptout?hl=de
You can also prevent data collection by Google Analytics by clicking on the following link, which sets an opt-out cookie that prevents your data from being collected on future visits to this website: Disable Google Analytics.
You can also find more information about Google's data protection regulations at the following Internet address:
3.3.2 Google AdWords
We use Google AdWords Remarketing on our website. This function is used to advertise our website in Google search results and on third-party websites. The provider of this analysis tool is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google sets a cookie in your device's browser, which then enables interest-based advertising. The legal basis for data processing is Article 6 Paragraph 1 Letter f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is the optimal marketing of our website.
You can prevent the setting of cookies by setting your internet browser accordingly. However, we would like to expressly point out that in this case you may not be able to use all the functions of this website to their full extent.
You can permanently disable the setting of cookies for advertisements by downloading and installing the following browser plugin:
https://www.google.com/settings/ads/onweb/
You can also set your browser so that you are informed about the setting of cookies and thus decide whether to accept them. Likewise, the acceptance of cookies for certain cases, or generally be excluded.
Please note that if cookies are not accepted, the functionality of our website will be restricted.
You can find more information about data protection regulations regarding advertising and Google at the following Internet address:
http://www.google.com/policies/technologies/ads/
3.4 Social Media/Plugins
Using social plugins from Facebook, Twitter, Google, Instagram, Pinterest using the Shariff solution
In our online shop, so-called plugins of the social networks mentioned below are used. The operators are:
Facebook - Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA Twitter - Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA Google+1 - Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA Instagram - Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA Pinterest - Pinterest Inc., 808 Brannan Street, San Francisco, CA, 94103, USA
For increased protection of your data when you visit our online shop, these plugins are not unrestricted, but only integrated into the corresponding shop page using an HTML link (so-called "Shariff solution" from c't). This ensures that when you access a page of our online shop with such a plugin, no connection is established with the servers of the provider of the respective social network. If you click on one of the buttons, a separate browser window opens and calls up the page of the respective provider, on which you can, for example, press the Like or Share button. For more information on the scope of the collection and the handling of your data, please refer to the respective detailed data protection declaration of the provider:
Facebook: http://www.facebook.com/policy.php Twitter:https://twitter.com/privacy Google+1: http://www.google.com/intl/de/+/policy/+1button.html Instagram: https://help.instagram.com/155833707900388 Pinterest:https://about.pinterest.com/de/privacy-policy
3.5 using Google Maps
This website uses Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of map features by visitors. You can find more information about Google's data processing the Google Privacy Notice remove. There you can also change your personal privacy settings in the privacy center.
Detailed instructions on how to manage your own data related to Google products here.
4.) How is the data backed up?
The transmission of personal data is exclusively encrypted via an SSL or TLS connection. This applies to messages via our contact function as well as to data about your order and payment transactions. Encryption prevents your sensitive personal data from being intercepted and viewed by unauthorized third parties. You can recognize an encrypted connection by the fact that the address line of the browser starts with "https://" (and by the lock symbol in the browser line).
The data stored in the systems on our website are protected by passwords and cannot be viewed by unauthorized third parties.
Data transmission on the Internet, for example when sending an email, is not 100% secure and in some cases there may be security gaps.
5.) How long will the personal data be stored?
How long your personal data is stored by us depends on the respective statutory retention period. The commercial and tax law retention periods are 10 years from the end of the calendar year in which the data was collected. After the deadlines have expired, the data are regularly deleted, unless they are still required for the initiation or fulfillment of the contract or we have a legitimate interest in continuing the storage.
6.) What rights do you have vis-à-vis the person responsible for data processing?
Below we list the rights that you have under the General Data Protection Regulation (GDPR) vis-à-vis the data controller. The person responsible is named under point 1 of this data protection declaration. If your personal data is processed, you are "data subject" within the meaning of the General Data Protection Regulation (GDPR).
6.1 Your right to information in accordance with Article 15 of the General Data Protection Regulation (GDPR)
You can request information from the person responsible for data processing as to whether your personal data is being processed. If such processing is available, you can also request information about the following information:
6.1.1 for what purposes this personal data is processed;
6.1.2 the categories of personal data being processed;
6.1.3 the recipients or categories of recipients to whom your personal data has been or will be disclosed;
6.1.4 the planned storage period of the personal data concerning you or, if no specific information is possible, the criteria for determining the storage period;
6.1.5 the existence of a right to correction or deletion of the personal data concerning you, the existence of a right to restriction of processing by the person responsible for data processing or a right to object to this processing;
6.1.6 the existence of a right of appeal to a supervisory authority (responsible is the state data protection officer of the federal state in which we are based - addresses and links can be found here);
6.1.7 all available information about the origin of the data if the personal data is not collected from the data subject (i.e. you);
6.1.8 the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Article 46 of the General Data Protection Regulation (GDPR) in connection with the transmission.
6.2 Your right to rectification in accordance with Article 16 of the General Data Protection Regulation (GDPR)
You have the right to immediate correction and/or completion from the person responsible for data processing if the processed personal data concerning you is incorrect or incomplete.
6.3 Your right to erasure in accordance with Article 17 of the General Data Protection Regulation (GDPR)
You can request that the person responsible for data processing delete the personal data concerning you immediately, and the person responsible is obliged to delete this personal data immediately if one of the following reasons applies:
6.3.1 Obligation to Erasure
6.3.1.1 The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
6.3.1.2 You revoke your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
6.3.1.3 You object to the processing of the data in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR .
6.3.1.4 The personal data concerning you have been unlawfully processed.
6.3.1.5 Erasure of your personal data is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject.
6.3.1.6 The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
6.3.2 Information to Third Parties
If the person responsible for data processing has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, in order to To inform those responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.
6.3.3 Exceptions
The right to erasure does not exist if the processing is necessary
6.3.3.1 to exercise the right to freedom of expression and information;
6.3.3.2 to fulfill a legal obligation that requires processing under Union or Member State law to which the data controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to those responsible;
6.3.3.3 for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 lit. h and i and Article 9 Paragraph 3 GDPR;
6.3.3.4 for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Para
6.3.3.5 to establish, exercise or defend legal claims.
6.4 Your right to restriction of processing in accordance with Article 18 of the General Data Protection Regulation (GDPR) Right to restriction of processing
You have the right to request the person responsible for data processing to restrict the processing if one of the following conditions is met:
6.4.1 if you contest the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
6.4.2 the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
6.4.3 the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
6.4.4 if you have lodged an objection to the processing pursuant to Art. 21 Para. 1 GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, the person responsible will inform you before the restriction is lifted.
6.5 Your right to information in accordance with Article 19 of the General Data Protection Regulation (GDPR)
If you have asserted the right to correction, deletion or restriction of processing to the person responsible for data processing, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless because this proves to be impossible or involves a disproportionate effort.
You have a right to the person responsible to be informed about these recipients.
6.6 Your right to data portability in accordance with Article 20 of the General Data Protection Regulation (GDPR)
You have the right to receive the personal data concerning you that you have provided to the person responsible for data processing in a structured, common and machine-readable format, and you have the right to transfer this data to another person responsible without hindrance by the person responsible for data processing, to which the personal data was provided, if
6.6.1 the processing is based on consent pursuant to Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a or on a contract pursuant to Article 6 Paragraph 1 Letter b and
6.6.2 the processing is carried out using automated procedures.
When exercising your right to data portability, you also have the right to obtain that the personal data be transmitted directly from one data controller to another, where this is technically feasible.
This right to data portability does not apply to processing that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the data controller.
The right to data portability must not affect the rights and freedoms of others.
6.7 Your right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
6.8 Automated individual decision-making including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
6.8.1 is necessary for the conclusion or performance of a contract between you and the controller,
6.8.2 is permitted on the basis of legal provisions of the European Union or the Member States to which the person responsible is subject and these legal provisions contain appropriate measures to protect your rights and freedoms and your legitimate interests or
6.8.3 is done with your express consent.
However, these decisions may not be based on special categories of personal data under Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a or g DSGVO applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases mentioned in 6.8.1 and 6.8.3, the person responsible for data processing shall take appropriate measures to protect your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to present your own position and to challenge the decision.
6.9 Your right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the DSGVO violates.
The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 General Data Protection Regulation (GDPR).
+++++++++++++++++++++++++++++
6.10 OPPOSITION RIGHT
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 (1) (e) or (f) GDPR, with effect for the future ; this also applies to profiling based on these provisions.
The person responsible for data processing no longer processes the personal data relating to you, unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You have the option, in the context of the use of information society services - regardless of the 2002 / 58 / EC directive - of exercising your right of opposition through automated procedures using technical specifications.
+++++++++++++++++++++++++++++
Document created, checked and continuously updated by the Association of safe and reputable internet shop operators e. V