PRIVACY POLICY "ALBERTS.DE"

All personal data is treated confidentially. Our data protection practices comply with the German Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR). Below we inform you about the details of data protection.

Controller within the meaning of the GDPR and the BDSG

Gust. Alberts GmbH & Co.KG
Blumenthal 2
58849 Herscheid
Tel.: 02357/9070
Fax: 02357/907189
E-Mail: info@alberts.de

Data Protection Officer:
Contact details: bdsb@alberts.de

1. Reasons for data collection

We collect and process your data to provide our website and to give you the best possible service through convenient access to our services. These are described below.

2. Provision of our website

Our website is provided on our behalf by our service provider. Data processed on our website is therefore processed on our behalf on the servers of our service provider, with whom a contract for order processing exists. Processing on servers of other service providers only takes place if this is expressly stated in this privacy policy. Our service provider is located within a country of the European Union or the European Economic Area.

The legal basis for the provision of our website and the processing of the connection data generated during communication with your end device (this includes, for example, the IP address of your device, via which your device can be addressed by other devices on the Internet) is our legitimate interest in providing information about our company and the products we offer within the meaning of Art. 6 para. 1 lit. f) GDPR.

3. Contact forms

If you contact us via the contact form and choose to contact us by e-mail, you must provide your e-mail address and your message to us. If you choose to contact us by telephone, your telephone number and your message are mandatory. The mandatory information is marked with an asterisk. All other information is voluntary.

The data will be stored for the purpose of processing your request. We do not pass on this data without your consent. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. The legal basis for the processing of your personal data is our legitimate interest in responding to your request within the meaning of Art. 6 para. 1 lit. f) GDPR, unless your request constitutes the initiation of a contract or is a request in connection with an existing contract. In the latter cases, the legal basis for data processing is Art. 6 para. 1 lit. b) GDPR.

4. Consent management with Usercentrics

We use the consent management tool "Usercentrics", which is operated by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot). This enables us to obtain and manage your consent to data processing. The processing is necessary for compliance with a legal obligation (Art. 7 para. 1 GDPR) to which we are subject (Art. 6 para. 1 lit. c) GDPR). The functionality of the website is not guaranteed without the processing. The following data is processed for this purpose:

The type of browser used, the operating system used, the connection data of the computer used (shortened IP address), the pages you visit on our website and the date and duration of your visit. In addition, a cookie is stored to assign the consent given (see also the "Cookies" section of this privacy policy).

Cybot is the recipient of your personal data and our processor. The data will be deleted after 12 months. The processing takes place in the European Union. Further information on objection and removal options vis-à-vis Usercentrics can be found at: https://usercentrics.com/de/datenschutzerklaerung/

5. Cookies

Cookies are used to make the use of the website and the preferences of website visitors attractive. For example, your details for selecting a language are saved. Cookies are text files that are stored on your hard disk to enable the browser to be identified when you return to the website.

You can prevent the storage of cookies on your hard disk by making the appropriate browser settings. Cookies that have already been set can be deleted at any time. Please refer to the relevant browser instructions to find out how to delete cookies or prevent their storage. If you do not accept cookies, this may impair your use of our website.

5.1 Your current cookie settings

5.2 Necessary

Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies. The legal basis for the processing of necessary cookies is our legitimate interest in the technically flawless provision of our website within the meaning of Art. 6 para. 1 lit. f) GDPR. Insofar as the cookie "CookieConsent" is concerned, the legal basis is also our obligation to document any consent you may have given or to comply with any consent you have not given in the past within the meaning of Art. 6 para. 1 lit. c) GDPR.

5.3 Statistics

Statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. The legal basis for the processing is the consent you have given us to use these cookies, Art. 6 para. 1 lit. a) GDPR.

5.4 Preferences and marketing

We do not currently use cookies in these categories.

6. Use of Google Analytics

If you have given your voluntary consent, which you can withdraw at any time, we are authorized to use Google Analytics on this website. Google Analytics is a web analytics service offered to users in the EU/EEA and Switzerland by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Scope of processing

Google Analytics uses cookies, i.e. small text files that are stored on your computer and enable website traffic to be analyzed.
We would like to point out that we only use Google Analytics with IP address anonymization activated . In this case, your IP address is extended by the code "anonymizeIp", which ensures anonymized collection of IP addresses (IP masking). This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transmission. Only in exceptional cases (e.g. in the event of a technical defect within the European Union) will the full IP address be transmitted to a Google server outside the EEA and shortened there. The method used by Google to anonymize IP addresses does not write any IP addresses to the end device, as the anonymization takes place immediately after the request is received in the working memory. The IP address transmitted in the browser is also not merged with other Google data.

Data processing purposes

The data collected is used to evaluate the use of our website and to create reports on the activities on the website. These reports in turn enable us to analyze the performance of our website. Consent is only valid for the stated purposes. The data collected cannot be used or stored for any purpose other than those listed below.
 

Data collected

This list contains all (personal) data that may be collected by or through the use of this service.

• IP address
• Usage data
• Scrolls (when a user scrolls to the bottom of the page)
• Click path
• Click on external links
• Browser information
• Device information
• JavaScript support
• Visited pages
• Referrer URL
• Downloads
• Viewed / clicked ads
• Flash version
• Location information
• Buying activity
• Internet provider
• Widget interactions
• Date and time of the visit
• Dwell time
• Page search
• Logins
• Registrations

Legal basis

The legal basis for this data processing is/are:

• Art. 6 para. 1 lit. a GDPR (processing of the data categories listed here on the basis of your consent)

Storage period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes. The data sent by us and linked to cookies are automatically deleted after 2 months . The deletion of data whose retention period has been reached takes place at monthly intervals.

Data recipient

Recipients of the data are/may be

• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Transfer to third countries

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, there are EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. It cannot be ruled out that your data will be transferred from Google Ireland to the parent company's servers in the USA. From a data protection perspective, the USA is currently considered a third country with an adequate level of protection (EU-US Data Privacy Framework), see also section 14. of the privacy policy.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by not giving your consent to the setting of the cookie or by downloading and installing the browser add-on to deactivate Google Analytics HERE.
Further information on the terms of use of Google Analytics and data protection at Google can be found at and at https://policies.google.com/?hl=de. The privacy policy is available at https://policies.google.com/privacy.

7. Google Tag Manager

We use the "Google Tag Manager" service on our website, which is offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
The service enables us to manage website tags via an online interface. This allows us to centrally manage and set other services mentioned in this privacy policy and integrate them into our website or change their configuration without changing the source code. The service is played out via a domain that does not itself collect any personal data. Although the service ensures the integration of additional services, it does not receive access to this data.
The legal basis for the use of the Tag Manager is our legitimate interest in the simple and efficient management of services that are integrated on our website (in particular with your consent as described in this privacy policy). The legal basis for data processing is therefore Art. 6 para. 1 sentence 1 lit. f) GDPR.
The legal basis for the transfer of personal data to the USA is either standard data protection clauses concluded with Google within the meaning of Art. 46 para. 2 lit. c) GDPR or an adequacy decision of the EU Commission within the meaning of Art. 45 GDPR, which is compatible with the EU-U.S. Data Privacy Framework (DPF), for which Google is certified and which can therefore be used as a legal basis for data transfer to the USA. Further information on this can be obtained using the contact details above.

Google's privacy policy can be found under the following link:
https://policies.google.com/privacy?hl=de

You can find Google's cookie policy at this link:
https://policies.google.com/technologies/cookies?hl=de

8. LinkedIn Page

The LinkedIn service is a social network operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn Ireland") or LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA ("LinkedIn Corp."), if your place of residence or permanent residence is outside the European Union or the European Economic Area.
The data of social network users may be processed for market research and advertising purposes, in particular user profiles may be created that are used to place advertisements within and outside the networks. Furthermore, data may be stored regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processed data generally includes: contact data, content data, usage data (in particular websites visited, interest in content and access times) and so-called metadata such as device information and IP addresses of the end devices used.
The legal basis for the collection and processing of data is your consent within the meaning of Art. 6 para. 1 lit. a) GDPR, which you may have given to LinkedIn Ireland / LinkedIn Corp. You can revoke your consent to data processing at any time with effect for the future; to do so, please contact the operator of the network directly. The withdrawal of consent does not affect the lawfulness of the data processing carried out prior to the withdrawal.
In addition, legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR may be the legal basis for data processing. This is the case, for example, if the purpose of the data processing is the technically secure operation of the website.
For detailed information on the processing and use of data by LinkedIn on its own website as well as a contact option and your rights and settings options for protecting your privacy, please refer to LinkedIn's privacy policy, which you can find at the following link:
https://www.linkedin.com/legal/privacy-policy 
For the transfer of personal data to the USA, there is an adequacy decision by the EU Commission (EU-US Data Privacy Framework). If data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, there are EU standard contractual clauses with the service provider to establish an adequate level of data protection.
Data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR, which you can view under the following link:
https://legal.linkedin.com/pages-joint-controller-addendum. 

9. YouTube channel

The YouTube video platform is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
When you visit our channel on YouTube, your data may be automatically collected and stored for market research and advertising purposes. This data is used to create so-called user profiles using pseudonyms. These can be used, for example, to place advertisements inside and outside the video platform that presumably correspond to your interests. Cookies are usually placed on your device for this purpose. The function of cookies is explained in the data protection information there, so please note the relevant information there. Visitor behavior and user interests are stored in these cookies.
Furthermore, we receive a statistical evaluation from the data collected as to which groups of people are interested in our individual videos posted on YouTube. In particular, we are provided with the number of views and playing times of videos in this context. The data is provided in such an anonymized form that it is not possible to draw conclusions about individual persons. The information provided includes, for example, the approximate geographical location, age group and other summarized characteristics.
The legal basis for the collection and processing of data is your consent within the meaning of Art. 6 para. 1 lit. a) GDPR, which you may have given or give to Google when accessing its website. You can revoke your consent to data processing at any time with effect for the future; to do so, please contact Google directly. The withdrawal of consent does not affect the lawfulness of data processing carried out before the withdrawal.
For detailed information on the processing and use of data by Google on the YouTube website as well as a contact option and your rights in this regard and setting options for protecting your privacy, please refer to Google's data protection information, which you can find at the following link:
https://policies.google.com/privacy?hl=de&gl=de

An adequacy decision of the EU Commission (EU-US Data Privacy Framework) exists for the transfer of personal data to the USA. If data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, there are EU standard contractual clauses with the service provider to establish an appropriate level of data protection.

10. Facebook fan page and Instagram profile

Our presence on social networks and platforms, such as Facebook and Instagram, serves the purpose of active and up-to-date communication with our customers and interested parties. We use these platforms to provide information about our services, products and interesting special offers relating to our company.
We use the social networks "Facebook" and "Instagram", which are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta).
When you visit our online presence there, your data may be automatically collected and stored for market research and advertising purposes. This data is used to create so-called user profiles using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are usually placed on your device for this purpose. Information on the function of cookies can be found in the "Cookies" section of this privacy policy. Visitor behavior and user interests are stored in these cookies. The legal basis for the processing is Art. 6 para. 1 lit. a) GDPR.
The European Commission has issued an adequacy decision for the USA (EU-US Data Privacy Framework). If data is processed outside the EU/EEA and there is no data protection level corresponding to the European standard, there are EU standard contractual clauses with the service provider to establish an appropriate level of data protection. 
For detailed information on the processing and use of data by the providers on their websites, as well as a contact option and your rights in this regard and setting options to protect your privacy, in particular opt-out options, please refer to the providers' data protection notices linked below:
The privacy policy provided by Meta for the social networks Facebook and Instagram can be found at the following link https://privacycenter.instagram.com/policy/
You can find the objection and setting options as follows:

• Facebook: https://www.facebook.com/settings/?tab=privacy 
• Instagram: https://www.instagram.com/accounts/privacy_and_security/ 

Data processing for Facebook is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR, which you can view here:
https://www.facebook.com/legal/terms/page_controller_addendum

11. Facebook Pixel / Custom Audiences

We use the analysis service "Facebook Pixel" with the additional function "Custom Audiences", which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you have your registered office or place of residence in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). This function allows us to target visitors to the website with advertising by displaying personalized, interest-based Facebook ads to visitors to this website when they visit the Facebook social network. If the function is activated, a direct connection to a Facebook server is established when you visit this website. The Facebook server is informed which of our web pages you have visited. Facebook assigns this information to your personal Facebook user account, provided you have one with Facebook and are logged into the account.

The processed data includes:

• Viewed advertisements,
• Browser information,
• Respected content,
• Device information,
• Geographical location,
• Interactions with advertising,
• Services and products,
• the IP address of your end device,
• Marketing information,
• Pixel ID,
• Referrer URL,
• Success of marketing campaigns,
• Usage data,
• User behavior,
• the Facebook user ID, if applicable.

We only activate Facebook Pixel on our website if you have given your permission to do so. The basis for data processing is then your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which you may have given us when you first visited our website. You can revoke your consent at any time free of charge with effect for the future. To do so, you can use the button in the bottom left-hand corner to call up a tool in which you can manage your consent or contact our data protection officer. Further information on this can be found in the section on "Cookies and similar technologies" in this privacy policy. If you have consented to the use of cookies but do not want Facebook to assign the information collected directly to your Facebook user account, you can deactivate the function under this link. To do this, you must be logged in to Facebook. Further information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy can be found in Facebook's privacy policy at this link. There is an adequacy decision by the EU Commission (EU-US Data Privacy Framework) for the transfer of personal data to the USA. If data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, there are EU standard contractual clauses with the service provider to establish an appropriate level of data protection

12. Applications

We also collect and process personal data from applicants for the purpose of handling the application process we carry out. Processing may also take place electronically. This is always the case if the applicant submits application documents to us electronically, i.e. by e-mail or via a web form implemented on our website.
The applicant portal is operated by BITE GmbH, Resi-Weglein-Gasse 9, 89077 Ulm (BITE) on our behalf. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. However, if no employment contract is concluded between us and the applicant, the application documents will be deleted four months after notification of the rejection decision, provided that no other legitimate interests of the controller stand in the way of deletion. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). We would like to assess all applicants solely on the basis of their qualifications and therefore ask you to refrain from providing information on racial and ethnic origin, political opinions, religious or ideological beliefs or any trade union membership, genetic data, biometric data for the unique identification of a natural person, health data or data on sex life or sexual orientation in the application if possible.

13. Data security

We use technical and organizational measures to secure our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons. Depending on the browser used, data is transmitted using 128-bit to 256-bit SSL encryption. Despite regular checks and continuous improvement of our security measures, complete protection against all risks is not possible.

14. Deletion

Personal data will be deleted or blocked as soon as the purpose of storage no longer applies or you request deletion and there are no further storage obligations for us. The data will also be deleted if a storage period prescribed by the aforementioned standard expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract or you have given your consent to this.

15. Transfer of personal data to third countries

We use various service providers who provide us with technologies and/or products. Some of these use servers in third countries, i.e. outside the European Union or the European Economic Area, for which the EU Commission has established a level of data protection equivalent to European data protection law by means of an adequacy decision. The associated transfer of personal data must be permitted in accordance with Art. 44 et seq. GDPR must be permissible. To ensure compliance with the requirements for third country transfers, the standard data protection clauses issued by the EU Commission are in place with service providers that process personal data in a third country for which the EU Commission has not determined a sufficiently equivalent level of data protection law.
Some service providers also have so-called approved rules of conduct (Binding Corporate Rules - "BCR"), which ensure that the company complies with European data protection standards. Where these exist, we do not agree any separate standard contractual clauses with the service providers subject to the respective BCR. The BCRs are reviewed by one of the European data protection supervisory authorities and approved on a case-by-case basis.
This is particularly relevant in the case of intended data processing in the USA or the accessibility of data from the USA: Authorities and intelligence services there, such as the National Security Agency (NSA), may have access rights and read options in relation to personal data without us as the data exporter or you as the data subject being aware of this and without suitable legal remedies being available to prevent this or to take action against such access. However, some of our service providers undertake to exercise and exhaust legal remedies available to you under US law against any access to your data by public authorities. Some of them also publish transparency reports in which - as far as legally possible - official requests and responses are listed. In July 2023, the EU Commission also issued a new adequacy decision for data transfers to the USA in the form of the "EU-U.S. Data Privacy Framework" (DPF), which only applies to service providers that subject themselves to special rules and legal remedies for data subjects by means of self-certification. Whether a provider has certified itself under the DPF can be viewed on the DPF website at www.dataprivacyframework.gov/s/participant-search.
In this privacy policy, we indicate for the individual services whether we base the transfer of data to a third country on the standard contractual clauses, BCR, the DPF or other legal bases.

16. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

16.1 Right to information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the controller:

• the purposes for which the personal data are processed
• the categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
• the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period
• the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing the existence of a right to lodge a complaint with a supervisory authority
• all available information on the origin of the data if the personal data are not collected from the data subject

16.2 Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

16.3 Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

• if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
• the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
• if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

16.4 Right to erasure

16.4.1 Obligation to delete

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You withdraw your consent on which the processing is based according to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and where there is no other legal ground for the processing
• You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR
• The personal data concerning you has been processed unlawfully
• The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject
• The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR

16.4.2 Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

16.4.3 Exceptions

The right to erasure does not exist if the processing is necessary:

• to exercise the right to freedom of expression and information
• for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
• for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR
• for the assertion, exercise or defense of legal claims

16.5 Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

16.6 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

• the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
• the processing is carried out using automated procedures

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

16.7 Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the option, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures that use technical specifications.

16.8 Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

16.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

17. Updating this privacy policy

Our website is constantly being developed. We will therefore update this privacy policy from time to time. We therefore recommend that you visit this privacy policy regularly. You can see whether changes have been made by checking the status below.

Status: 15.07.2024