Privacy Policy

This trans­la­tion of the ger­man pri­va­cy pol­i­cy is for infor­ma­tion­al pur­pos­es only; in case of doubt, the ger­man ver­sion shall apply.

We are very hap­py with your inter­est in our com­pa­ny. Data pro­tec­tion is espe­cial­ly impor­tant to PHYSEC GmbH. The use of the Web­site of PHYSEC GmbH is in prin­ci­ple pos­si­ble with­out giv­ing per­son­al data. In case a data sub­ject wants to make use of par­tic­u­lar ser­vices from our com­pa­ny by using our web­site, a pro­cess­ing of per­son­al data might get nec­es­sary. Is the pro­cess­ing of per­son­al data nec­es­sary and there is no legal basis for such a pro­cess­ing, we gen­er­al­ly obtain con­sent from the data sub­ject.

The pro­cess­ing of per­son­al data, for exam­ple the name, the address, the e-mail address or the phone num­ber of a data sub­ject, always hap­pens in accor­dance with the Gen­er­al Data Pro­tec­tion Reg­u­la­tion and in com­pli­ance with the coun­try-spe­cif­ic data pro­tec­tion reg­u­la­tions apply­ing to PHYSEC GmbH. Using this pri­va­cy pol­i­cy our com­pa­ny wants to inform the pub­lic about the nature, extent and the pur­pose of the per­son­al data col­lect­ed, used and processed by us. Fur­ther­more, data sub­jects are informed of their rights under this pri­va­cy pol­i­cy.

The pro­cess­ing of per­son­al data, for exam­ple the name, the address, the e-mail address or the phone num­ber of a data sub­ject, always hap­pens in accor­dance with the Gen­er­al Data Pro­tec­tion Reg­u­la­tion and in com­pli­ance with the coun­try-spe­cif­ic data pro­tec­tion reg­u­la­tions apply­ing to PHYSEC GmbH. Using this pri­va­cy pol­i­cy our com­pa­ny wants to inform the pub­lic about the nature, extent and the pur­pose of the per­son­al data col­lect­ed, used and processed by us. Fur­ther­more, data sub­jects are informed of their rights under this pri­va­cy pol­i­cy.

1. Def­i­n­i­tions

The pri­va­cy pol­i­cy of PHYSEC GmbH is based on the ter­mi­nol­o­gy used by the Euro­pean direc­tive and reg­u­la­to­ry author­i­ty in the adop­tion of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR). Our pri­va­cy pol­i­cy should be easy to read and under­stand for the pub­lic as well as for our cus­tomers and busi­ness part­ners. To ensure this, we would like to explain in advance the ter­mi­nol­o­gy used.

Amongst oth­ers, we use the fol­low­ing terms in this pri­va­cy pol­i­cy:

• a)    per­son­al data

Per­son­al data is any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (here­inafter the “data sub­ject”). A nat­ur­al per­son is con­sid­ered to be iden­ti­fi­able who, direct­ly or indi­rect­ly, in par­tic­u­lar by asso­ci­a­tion with an iden­ti­fi­er such as a name, an iden­ti­fi­ca­tion num­ber, loca­tion data, an online iden­ti­fi­er or one or more spe­cial fea­tures express­ing the phys­i­cal, phys­i­o­log­i­cal, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­ti­ty of this nat­ur­al per­son, can be iden­ti­fied.

• b)    data sub­ject

Data sub­ject is any iden­ti­fied or iden­ti­fi­able nat­ur­al per­son whose per­son­al data is processed by the con­troller.

• c)    Pro­cess­ing

Pro­cess­ing means any process or series of oper­a­tions, with or with­out the aid of auto­mat­ed pro­ce­dures, relat­ed to per­son­al data, such as col­lect­ing, record­ing, orga­niz­ing, sort­ing, stor­ing, adapt­ing or mod­i­fy­ing, read­ing, query­ing, using, dis­clo­sure by sub­mis­sion, dis­sem­i­na­tion or oth­er form of pro­vi­sion, rec­on­cil­i­a­tion or asso­ci­a­tion, restric­tion, era­sure or destruc­tion.

• d)    Restric­tion of the pro­cess­ing

Restric­tion of the pro­cess­ing is the mark­ing of stored per­son­al data with the aim to lim­it their future pro­cess­ing.

• e)    Pro­fil­ing

Pro­fil­ing is any kind of auto­mat­ed pro­cess­ing of per­son­al data that con­sists in using that per­son­al infor­ma­tion to eval­u­ate cer­tain per­son­al aspects relat­ing to a nat­ur­al per­son, in par­tic­u­lar to analyse or pre­dict aspects relat­ing to job per­for­mance, eco­nom­ic sit­u­a­tion, health, per­son­al pref­er­ences, inter­ests, reli­a­bil­i­ty, behav­ior, where­abouts or relo­ca­tion of that nat­ur­al per­son.

• f)     Pseu­do­nymi­sa­tion

Pseu­do­nymi­sa­tion is the pro­cess­ing of per­son­al data in such a way that per­son­al data can no longer be attrib­uted to a spe­cif­ic data sub­ject with­out the need for addi­tion­al infor­ma­tion, pro­vid­ed that such addi­tion­al infor­ma­tion is kept sep­a­rate and sub­ject to tech­ni­cal and orga­ni­za­tion­al mea­sures to ensure that the per­son­al data is not assigned to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son.

• g)    Con­troller

The con­troller is the nat­ur­al or legal per­son, pub­lic author­i­ty or body that, alone or in con­cert with oth­ers, decides on the pur­pos­es and means of pro­cess­ing per­son­al data. Where the pur­pos­es and means of such pro­cess­ing are deter­mined by Union law or the law of the Mem­ber States, the con­troller or the spe­cif­ic cri­te­ria for his des­ig­na­tion may be pro­vid­ed for under Union or nation­al law.

• h)    Proces­sor

The proces­sor is a nat­ur­al or legal per­son, pub­lic author­i­ty, agency or oth­er body that process­es per­son­al data on behalf of the con­troller.

• i)      Recip­i­ent

Recip­i­ent is a nat­ur­al or legal per­son, agency, agency or oth­er enti­ty to whom Per­son­al Data is dis­closed, whether or not it is a third par­ty. How­ev­er, author­i­ties which may receive per­son­al data under Union or nation­al law in con­nec­tion with a par­tic­u­lar inves­ti­ga­tion are not con­sid­ered as recip­i­ents.

• j)      Third par­ty

Third par­ty is a nat­ur­al or legal per­son, pub­lic author­i­ty, body or body oth­er than the data sub­ject, the con­troller, the proces­sor and the per­sons autho­rized under the direct respon­si­bil­i­ty of the con­troller or the proces­sor to process the per­son­al data.

• k)    Con­sent

Con­sent is any vol­un­tar­i­ly giv­en and unam­bigu­ous­ly expressed state­ment of intent in the form of a dec­la­ra­tion or oth­er unam­bigu­ous con­fir­ma­to­ry act by the data sub­ject for the par­tic­u­lar case, by which the data sub­ject indi­cates that they con­sent to the pro­cess­ing of the per­son­al data con­cern­ing him / her.

2. Name and address of the con­troller

Con­troller as defined by the Gen­er­al Data Pro­tec­tion Reg­u­la­tion, oth­er data pro­tec­tion laws in the Meme­ber States oft he Euro­pean Union and oth­er pro­vi­sions with a data pro­tec­tion char­ac­ter is the:

PHYSEC GmbH

Uni­ver­sitätsstraße 142

44799 Bochum

Deutsch­land

Tel.: 0234 544 28224

E-Mail: info@physec.de

Web­site: www.physec.de

3. Cook­ies

The web­sites of PHYSEC GmbH use cook­ies. Cook­ies are text files that are stored on a com­put­er sys­tem via an Inter­net brows­er.

Many web­sites and servers use cook­ies. Many cook­ies con­tain a so-called cook­ie ID. A cook­ie ID is a unique iden­ti­fi­er of the cook­ie. It con­sists of a string through which Inter­net pages and servers can be assigned to the spe­cif­ic Inter­net brows­er in which the cook­ie was stored. This allows vis­it­ed web­sites and servers to dis­tin­guish the individual’s brows­er from oth­er inter­net browsers that con­tain oth­er cook­ies. A par­tic­u­lar web brows­er can be rec­og­nized and iden­ti­fied by the unique cook­ie ID.

Through the use of cook­ies, PHYSEC GmbH can pro­vide users of this web­site with more user-friend­ly ser­vices that would not be pos­si­ble with­out the set­ting of cook­ies.

By means of a cook­ie the infor­ma­tion and offers on our web­site can be opti­mized in the sense of the user. Cook­ies allow us, as already men­tioned, to rec­og­nize the users of our web­site. The pur­pose of this recog­ni­tion is to make it eas­i­er for users to use our web­site. For exam­ple, the user of a web­site that uses cook­ies need not re-enter their cre­den­tials each time they vis­it the web­site, as this is done by the web­site and the cook­ie stored on the user’s com­put­er sys­tem.

By means of a cook­ie the infor­ma­tion and offers on our web­site can be opti­mized in the sense of the user. Cook­ies allow us, as already men­tioned, to rec­og­nize the users of our web­site. The pur­pose of this recog­ni­tion is to make it eas­i­er for users to use our web­site. For exam­ple, the user of a web­site that uses cook­ies need not re-enter their cre­den­tials each time they vis­it the web­site, as this is done by the web­site and the cook­ie stored on the user’s com­put­er sys­tem.

4. Col­lec­tion of gen­er­al data and infor­ma­tion

The web­site of PHYSEC GmbH col­lects a series of gen­er­al data and infor­ma­tion every time the web­site is accessed by an affect­ed per­son or an auto­mat­ed sys­tem. This gen­er­al data and infor­ma­tion is stored in the log files of the serv­er. The (1) brows­er types and ver­sions used, (2) the oper­at­ing sys­tem used by the access­ing sys­tem, (3) the inter­net page from which an access­ing sys­tem access­es our web­site (so-called refer­rers), (4) the sub web pages which were accessed on our web­site, (5) the date and time of access to the web­site, (6) an Inter­net Pro­to­col address (IP address), (7) the Inter­net ser­vice provider of the access­ing sys­tem and (8) oth­er sim­i­lar data and infor­ma­tion used in the event of attacks on our infor­ma­tion tech­nol­o­gy sys­tems can be col­lect­ed.

When using this gen­er­al data and infor­ma­tion, PHYSEC GmbH does not draw any con­clu­sions about the per­son con­cerned. Rather, this infor­ma­tion is required to (1) cor­rect­ly deliv­er the con­tents of our web­site, (2) to opti­mize the con­tent of our web­site and the adver­tise­ment for it, (3) to ensure the con­tin­ued func­tion­ing of our infor­ma­tion tech­nol­o­gy sys­tems and the tech­nol­o­gy of our web­site, and (4) to pro­vide law enforce­ment author­i­ties with the infor­ma­tion nec­es­sary for law enforce­ment in the event of a cyber­at­tack. This anony­mous­ly col­lect­ed data and infor­ma­tion is eval­u­at­ed by the PHYSEC GmbH on the one hand sta­tis­ti­cal­ly and fur­ther with the aim to increase the data pro­tec­tion and data secu­ri­ty in our com­pa­ny, in order to ensure an opti­mal lev­el of pro­tec­tion for the per­son­al data processed by us. The anony­mous data of the serv­er log files are stored sep­a­rate­ly from all per­son­al data pro­vid­ed by a data sub­ject.

5. Sub­scrip­tion to our newslet­ter

On the web­site of PHYSEC GmbH, users are giv­en the oppor­tu­ni­ty to sub­scribe to the newslet­ter of our com­pa­ny. Which per­son­al data are trans­mit­ted to the con­troller when the newslet­ter is ordered results from the input mask used for this pur­pose.

PHYSEC GmbH informs its cus­tomers and busi­ness part­ners at reg­u­lar inter­vals by means of a newslet­ter about the company’s lat­est news. The newslet­ter of our com­pa­ny can only be received by the data sub­ject if (1) the data sub­ject has a valid email address and (2) the data sub­ject sub­scribes to the newslet­ter. For legal rea­sons, a con­fir­ma­tion e-mail will be sent to the e-mail address entered by an affect­ed per­son for the first time for newslet­ter mail­ing using the dou­ble-opt-in pro­ce­dure. This con­fir­ma­tion email is used to check whether the own­er of the e-mail address as the data sub­ject autho­rized the receipt of the newslet­ter.

When sub­scrib­ing to the newslet­ter, we also store the IP address of the com­put­er sys­tem used by the per­son con­cerned at the time of reg­is­tra­tion, as assigned by the Inter­net Ser­vice Provider (ISP), as well as the date and time of reg­is­tra­tion. The col­lec­tion of this data is nec­es­sary in order to recon­struct the (pos­si­ble) mis­use of an affect­ed person’s e-mail address at a lat­er date and there­fore serves as legal safe­guards for the con­troller.

The per­son­al data col­lect­ed in the con­text of reg­is­ter­ing for the newslet­ter will be used exclu­sive­ly to send our newslet­ter. Sub­scribers to the newslet­ter may also be noti­fied by e-mail if this is nec­es­sary for the oper­a­tion of the newslet­ter ser­vice or reg­is­tra­tion, as might be the case in the event of changes to the newslet­ter or tech­ni­cal changes. There will be no trans­fer of the per­son­al data col­lect­ed as part of the newslet­ter ser­vice to third par­ties. Sub­scrip­tion to our newslet­ter may be ter­mi­nat­ed by the data sub­ject at any time. The con­sent to the stor­age of per­son­al data that the data sub­ject has giv­en us for the newslet­ter dis­patch can be revoked at any time. For the pur­pose of revok­ing the con­sent, there is a cor­re­spond­ing link in each newslet­ter. It is also pos­si­ble to unsub­scribe from the newslet­ter at any time, direct­ly on the controller’s web­site, or to inform the con­troller in a dif­fer­ent way.

6. Newslet­ter-Track­ing

The newslet­ters of PHYSEC GmbH con­tain so-called count­ing pix­els. A count­ing pix­el is a minia­ture graph­ic that is embed­ded in such emails that are sent in HTML for­mat to enable log file record­ing and log file analy­sis. This allows a sta­tis­ti­cal eval­u­a­tion of the suc­cess or fail­ure of online mar­ket­ing cam­paigns. On the basis of the embed­ded pix­el, PHYSEC GmbH can detect whether and when an e-mail was opened by a data sub­ject and which links in the e-mail were called up by the data sub­ject.

Such per­son­al data col­lect­ed via the count­ing pix­els con­tained in the newslet­ters will be stored and eval­u­at­ed by the con­troller in order to opti­mize the deliv­ery of newslet­ters and to bet­ter adapt the con­tent of future newslet­ters to the inter­ests of the data sub­ject. This per­son­al data will not be dis­closed to third par­ties. Data sub­jects are at any time enti­tled to revoke the sep­a­rate dec­la­ra­tion of con­sent made via the dou­ble-opt-in pro­ce­dure. After revo­ca­tion, this per­son­al data will be delet­ed by the con­troller. The PHYSEC GmbH auto­mat­i­cal­ly inter­prets a can­cel­la­tion of the receipt of the newslet­ter as a revo­ca­tion.

7. Con­tact via the web­site

Due to legal reg­u­la­tions, the PHYSEC GmbH web­site con­tains infor­ma­tion that enables fast elec­tron­ic con­tact to our com­pa­ny as well as direct com­mu­ni­ca­tion with us, which also includes a gen­er­al address of the so-called elec­tron­ic mail (e-mail address). If a data sub­ject con­tacts the con­troller by e-mail or through a con­tact form, the per­son­al data pro­vid­ed by the data sub­ject will be auto­mat­i­cal­ly saved. Such per­son­al data, vol­un­tar­i­ly trans­mit­ted by an indi­vid­ual to the con­troller, is stored for the pur­pose of pro­cess­ing or con­tact­ing the data sub­ject. There is no dis­clo­sure of this per­son­al data to third par­ties.

8. Rou­tine dele­tion and block­ing of per­son­al data

The con­troller shall process and store the per­son­al data of the data sub­ject only for the peri­od nec­es­sary to achieve the pur­pose of the stor­age or, as the case may be, for the peri­od intend­ed by the Euro­pean direc­tives or reg­u­la­tions or by any oth­er leg­is­la­tor in laws or reg­u­la­tions which the con­troller is sub­ject to.

If the stor­age pur­pose is omit­ted or if a stor­age peri­od pre­scribed by the Euro­pean direc­tives and reg­u­la­tions or any oth­er rel­e­vant leg­is­la­tor expires, the per­son­al data will be rou­tine­ly blocked or delet­ed in accor­dance with the statu­to­ry pro­vi­sions.

9. Rights of the data sub­ject

• a)    Right of con­fir­ma­tion

Each data sub­ject has the right, as grant­ed by the Euro­pean Reg­u­la­tors and Reg­u­la­tors, to require the con­troller to con­firm whether per­son­al data relat­ing to him / her is being processed. If a data sub­ject wish­es to make use of this right of con­fir­ma­tion, they can con­tact an employ­ee of the con­troller at any time.

• b)    Right to infor­ma­tion

Any data sub­ject con­cerned by the pro­cess­ing of per­son­al data shall have the right, grant­ed by the Euro­pean Direc­tive and Reg­u­la­to­ry Author­i­ty, at any time to obtain from the data con­troller infor­ma­tion free of charge on the per­son­al data stored about him and a copy of that infor­ma­tion. Fur­ther­more, the Euro­pean Direc­tive and Reg­u­la­to­ry Author­i­ty has pro­vid­ed the data sub­ject with the right to the fol­low­ing infor­ma­tion:

• the pro­cess­ing pur­pos­es
• the cat­e­gories of per­son­al data being processed
• the recip­i­ents or cat­e­gories of recip­i­ents to whom the per­son­al data have been dis­closed or are yet to be dis­closed, in par­tic­u­lar to recip­i­ents in third coun­tries or to inter­na­tion­al orga­ni­za­tions
• if pos­si­ble, the planned dura­tion for which the per­son­al data will be stored or, if that is not pos­si­ble, the cri­te­ria for deter­min­ing that dura­tion
• the exis­tence of a right to rec­ti­fi­ca­tion or era­sure of the per­son­al data con­cern­ing him or of a restric­tion of the pro­cess­ing by the con­troller or of a right to object to such pro­cess­ing
• the exis­tence of a right to rec­ti­fi­ca­tion or era­sure of the per­son­al data con­cern­ing him or of a restric­tion of the pro­cess­ing by the con­troller or of a right to object to such pro­cess­ing
• if the per­son­al data are not col­lect­ed from the data sub­ject: All avail­able infor­ma­tion on the source of the data
• the exis­tence of auto­mat­ed deci­sion-mak­ing includ­ing pro­fil­ing accord­ing to Arti­cle 22 (1) and (4) of the GDPR and — at least in these cas­es — mean­ing­ful infor­ma­tion on the log­ic involved and the scope and intend­ed impact of such pro­cess­ing on the data sub­ject

In addi­tion, the data sub­ject has a right of access as to whether per­son­al data has been trans­mit­ted to a third coun­try or to an inter­na­tion­al orga­ni­za­tion. If that is the case, then the data sub­ject has the right to obtain infor­ma­tion about the appro­pri­ate guar­an­tees in con­nec­tion with the trans­fer.

If an inter­est­ed par­ty wish­es to exer­cise this right to infor­ma­tion, they may at any time con­tact an employ­ee of the con­troller.

• c)    Right to rec­ti­fi­ca­tion

Any data sub­ject con­cerned by the pro­cess­ing of per­son­al data has the right grant­ed by the Euro­pean leg­is­la­tor to demand the imme­di­ate cor­rec­tion of inac­cu­rate per­son­al data con­cern­ing him / her. Fur­ther­more, the data sub­ject has the right to request the com­ple­tion of incom­plete per­son­al data, includ­ing by means of a sup­ple­men­tary dec­la­ra­tion, tak­ing into account the pur­pos­es of the pro­cess­ing.

If an affect­ed per­son wish­es to exer­cise this right of rec­ti­fi­ca­tion, they may, at any time, con­tact an employ­ee of the con­troller.

• d)    Right to dele­tion (right to be for­got­ten)

Any data sub­ject con­cerned by the pro­cess­ing of per­son­al data has the right grant­ed by the Euro­pean Direc­tives and Reg­u­la­tors to require the con­troller to imme­di­ate­ly delete the per­son­al data con­cern­ing him, pro­vid­ed that one of the fol­low­ing rea­sons is sat­is­fied and pro­cess­ing is not required:

• The per­son­al data has been col­lect­ed or oth­er­wise processed for such pur­pos­es for which they are no longer nec­es­sary.
• The data sub­ject with­draws the con­sent on which the pro­cess­ing was based in accor­dance with Arti­cle 6 (1) (a) of the GDPR or Arti­cle 9 (2) (a) of the GDPR and the pro­cess­ing lacks any oth­er legal basis.
• • The data sub­ject objects to the pro­cess­ing in accor­dance with Art. 21 (1) GDPR, and there are no pre­ced­ing, legit­i­mate rea­sons for the pro­cess­ing, or the data sub­ject objects to the pro­cess­ing accord­ing to Art. 21 (2) GDPR.
• The per­son­al data was processed unlaw­ful­ly.
• The era­sure of per­son­al data is nec­es­sary to ful­fill a legal oblig­a­tion under Union or nation­al law to which the con­troller is sub­ject.
• The per­son­al data were col­lect­ed in rela­tion to infor­ma­tion soci­ety ser­vices offered pur­suant to Art. 8 para. 1 GDPR.

If one of the above rea­sons is cor­rect and a data sub­ject wish­es to arrange for the dele­tion of per­son­al data stored by PHYSEC GmbH, they may at any time con­tact an employ­ee of the con­troller. The employ­ee of the PHYSEC GmbH will arrange that the dele­tion request is ful­filled imme­di­ate­ly.

If the per­son­al data has been made pub­lic by PHYSEC GmbH and if our com­pa­ny is oblig­at­ed to delete per­son­al data as the con­troller pur­suant to Art. 17 para. 1 GDPR, PHYSEC GmbH will take appro­pri­ate mea­sures, of a tech­ni­cal nature as well, tak­ing into account the avail­able tech­nol­o­gy and the imple­men­ta­tion costs, to inform oth­er con­trollers pro­cess­ing the pub­lished per­son­al data that the data sub­ject has demand­ed the dele­tion of any links to such per­son­al data or copies or repli­ca­tions of such per­son­al data, as far as the pro­cess­ing is not required, from these oth­er con­trollers. The employ­ee of PHYSEC GmbH will arrange the nec­es­sary in indi­vid­ual cas­es.

• e)    Right to restrict the pro­cess­ing

Any data sub­ject con­cerned by the pro­cess­ing of per­son­al data has the right, grant­ed by the Euro­pean direc­tive and reg­u­la­to­ry author­i­ty, to require the con­troller to restrict the pro­cess­ing if one of the fol­low­ing con­di­tions is met:

• The accu­ra­cy of the per­son­al data is con­test­ed by the data sub­ject for a peri­od of time that enables the con­troller to ver­i­fy the accu­ra­cy of the per­son­al data.
• The pro­cess­ing is unlaw­ful, the data sub­ject refus­es to delete the per­son­al data and instead requests the restric­tion of the use of per­son­al data.
• The con­troller no longer needs the per­son­al data for the pur­pos­es of pro­cess­ing, but the data sub­ject requires them to assert, exer­cise or defend legal claims.
• The data sub­ject has object­ed to the pro­cess­ing acc. Art. 21 para. 1 GDPR and it is not yet clear whether the legit­i­mate rea­sons of the con­troller out­weigh those of the data sub­ject.

If one of the above-men­tioned con­di­tions exists and a data sub­ject wish­es to request the restric­tion of per­son­al data stored by PHYSEC GmbH, they can con­tact an employ­ee of the con­troller at any time. The employ­ee of PHYSEC GmbH will ini­ti­ate the restric­tion of the pro­cess­ing.

• f)     Right to data porta­bil­i­ty

Any data sub­ject con­cerned by the pro­cess­ing of per­son­al data has the right con­ferred by the Euro­pean Direc­tives and Reg­u­la­tions to obtain the per­son­al data con­cern­ing him / her pro­vid­ed to a con­troller by the data sub­ject in a struc­tured, com­mon and machine-read­able for­mat. He / She also has the right to trans­fer this data to anoth­er con­troller with­out hin­drance by the con­troller to whom the per­son­al data was pro­vid­ed, pro­vid­ed that the pro­cess­ing is based on the con­sent pur­suant to Arti­cle 6 (1) (a) of the GDPR or Arti­cle 9 (1) (b) 2 (a) of the GDPR or on a con­tract pur­suant to Arti­cle 6 (1) (b) of the GDPR and pro­cess­ing is done by means of auto­mat­ed process­es, unless the pro­cess­ing is nec­es­sary for the per­for­mance of a task of pub­lic inter­est or in the exer­cise of pub­lic author­i­ty, which has been assigned to the con­troller.

Fur­ther­more, in exer­cis­ing their right to data porta­bil­i­ty under Arti­cle 20 (1) of the GDPR, the data sub­ject has the right to effect that the per­son­al data are trans­mit­ted direct­ly from one con­troller to anoth­er, inso­far as this is tech­ni­cal­ly fea­si­ble and if so this does not affect the rights and free­doms of oth­ers.

To enforce the right to data porta­bil­i­ty, the data sub­ject may at any time con­tact an employ­ee of PHYSEC GmbH.

• g)    Right to objec­tion

Any data sub­ject con­cerned by the pro­cess­ing of per­son­al data has the right con­ferred by the Euro­pean direc­tive and reg­u­la­to­ry author­i­ty to object against the pro­cess­ing of per­son­al data relat­ing to it pur­suant to Arti­cle 6 (1) (e) or (f) GDPR at any time, for rea­sons aris­ing from its par­tic­u­lar sit­u­a­tion. This also applies to pro­fil­ing based on these pro­vi­sions.

PHYSEC GmbH will no longer process per­son­al data in the event of an objec­tion, unless we can prove that there are com­pelling legit­i­mate rea­sons for pro­cess­ing that out­weigh the inter­ests, rights and free­doms of the data sub­ject, or the pro­cess­ing is for asser­tion, exer­cise or defense of legal claims.

If PHYSEC GmbH process­es per­son­al data in order to oper­ate direct mail, the data sub­ject has the right to object at any time to the pro­cess­ing of per­son­al data for the pur­pose of such adver­tis­ing. This also applies to the pro­fil­ing, as far as it is asso­ci­at­ed with such direct mail. If the data sub­ject objects to PHYSEC GmbH for pro­cess­ing pur­pos­es for direct mar­ket­ing pur­pos­es, PHYSEC GmbH will no longer process the per­son­al data for these pur­pos­es.

In addi­tion, the data sub­ject has the right, for rea­sons aris­ing from his / her par­tic­u­lar sit­u­a­tion, to object against the pro­cess­ing of per­son­al data relat­ing to him, which is per­formed by PHYSEC GmbH for sci­en­tif­ic or his­tor­i­cal research pur­pos­es or for sta­tis­ti­cal pur­pos­es pur­suant to Art. 89 para. 1 GDPR unless such pro­cess­ing is nec­es­sary to ful­fill a task of pub­lic inter­est.

In order to exer­cise the right to object, the data sub­ject may direct­ly con­tact any employ­ee of PHYSEC GmbH. The data sub­ject is also free, in the con­text of the use of infor­ma­tion soci­ety ser­vices, notwith­stand­ing Direc­tive 2002/58/EC, to exer­cise his right of oppo­si­tion by means of auto­mat­ed pro­ce­dures using tech­ni­cal spec­i­fi­ca­tions.

• h)    Auto­mat­ed deci­sions in indi­vid­ual cas­es includ­ing pro­fil­ing

Any data sub­ject con­cerned by the pro­cess­ing of per­son­al data has the right, as grant­ed by the Euro­pean leg­is­la­ture, not to be sub­ject to a deci­sion based sole­ly on auto­mat­ed pro­cess­ing, includ­ing pro­fil­ing, which has a legal effect on it or, in a sim­i­lar man­ner, sig­nif­i­cant­ly affects it; unless the deci­sion (1) is nec­es­sary for the con­clu­sion or per­for­mance of a con­tract between the data sub­ject and the con­troller, or (2) is per­mit­ted by Union or Mem­ber State leg­is­la­tion to which the con­troller is sub­ject, and that leg­is­la­tion pro­vides for appro­pri­ate mea­sures to safe­guard the rights and free­doms as well as the legit­i­mate inter­ests of the data sub­ject; or (3) with the express con­sent of the data sub­ject.

If the deci­sion (1) is required for the con­clu­sion or the per­for­mance of a con­tract between the data sub­ject and the con­troller or (2) it takes place with the explic­it con­sent of the per­son con­cerned, PHYSEC GmbH takes appro­pri­ate mea­sures to pro­tect the rights and free­doms as well as the legit­i­mate inter­ests of the data sub­ject, includ­ing at least the right to obtain the inter­ven­tion of a per­son by the con­troller, to express his / her own posi­tion and to con­test the deci­sion.

If the data sub­ject wish­es to claim rights con­cern­ing auto­mat­ed deci­sion-mak­ing, they can con­tact an employ­ee of the con­troller at any time.

• i)      Right to revoke a data pro­tec­tion con­sent

Any data sub­ject con­cerned by the pro­cess­ing of per­son­al data has the right, grant­ed by the Euro­pean direc­tive and reg­u­la­to­ry author­i­ty, to revoke con­sent to the pro­cess­ing of per­son­al data at any time.

If the data sub­ject wish­es to claim their right to with­draw con­sent, they may, at any time, con­tact an employ­ee of the con­troller.

10. Pri­va­cy Pol­i­cy for Use of Face­book

The con­troller has inte­grat­ed com­po­nents of the com­pa­ny Face­book on this web­site. Face­book is a social net­work.

A social net­work is an Inter­net-based social meet­ing place, an online com­mu­ni­ty that typ­i­cal­ly allows users to com­mu­ni­cate with each oth­er and inter­act in vir­tu­al space. A social net­work can serve as a plat­form to exchange views and expe­ri­ences, or allows the Inter­net com­mu­ni­ty to pro­vide per­son­al or busi­ness infor­ma­tion. Face­book allows social net­work users to cre­ate pri­vate pro­files, upload pho­tos and social­ize via friend requests.

The oper­at­ing com­pa­ny of Face­book is Face­book, Inc., 1 Hack­er Way, Men­lo Park, CA 94025, USA. Con­troller is, if an affect­ed per­son lives out­side the US or Cana­da, Face­book Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bor, Dublin 2, Ire­land.

On each vis­it to one of the indi­vid­ual pages of this web­site, which is oper­at­ed by the con­troller and on which a Face­book com­po­nent (Face­book plug-in) has been inte­grat­ed, the Inter­net brows­er on the infor­ma­tion tech­nol­o­gy sys­tem of the data sub­ject auto­mat­i­cal­ly caus­es a down­load of the cor­re­spond­ing Face­book Com­po­nent from Face­book. An overview of all Face­book plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US. As part of this tech­ni­cal process, Face­book receives infor­ma­tion about which spe­cif­ic sub­page of our web­site is vis­it­ed by the data sub­ject.

If the data sub­ject is simul­ta­ne­ous­ly logged into Face­book, Face­book rec­og­nizes with each vis­it to our web­site by the data sub­ject and dur­ing the entire dura­tion of the respec­tive stay on our web­site, which spe­cif­ic sub­page of our web­site the data sub­ject vis­its. This infor­ma­tion is col­lect­ed through the Face­book com­po­nent and assigned by Face­book to the respec­tive Face­book account of the data sub­ject. If the data sub­ject acti­vates one of the Face­book but­tons inte­grat­ed on our web­site, for exam­ple the “Like” but­ton, or if the per­son con­cerned makes a com­ment, Face­book assigns this infor­ma­tion to the per­son­al Face­book user account of the per­son con­cerned and saves this per­son­al data.

Face­book always receives infor­ma­tion via the Face­book com­po­nent that the data sub­ject has vis­it­ed our web­site if the data sub­ject is logged in to Face­book at the same time as access­ing our web­site; this hap­pens regard­less of whether the per­son clicks on the Face­book com­po­nent or not. If such a trans­fer of this infor­ma­tion to Face­book is not want­ed by the data sub­ject, it can pre­vent the trans­fer by log­ging out of their Face­book account before call­ing our web­site.

The data pol­i­cy pub­lished by Face­book, which is avail­able at https://de-de.facebook.com/about/privacy/, pro­vides infor­ma­tion on the col­lec­tion, pro­cess­ing and use of per­son­al data by Face­book. It also explains which options Face­book offers to pro­tect the pri­va­cy of the data sub­ject. In addi­tion, dif­fer­ent appli­ca­tions are avail­able, which make it pos­si­ble to sup­press data trans­mis­sion to Face­book. Such appli­ca­tions can be used by the data sub­ject to sup­press data trans­mis­sion to Face­book.

11. Data pro­tec­tion reg­u­la­tions for use of Google Ana­lyt­ics (with anonymiza­tion func­tion)

The con­troller has inte­grat­ed the com­po­nent Google Ana­lyt­ics (with anonymiza­tion func­tion) on this web­site. Google Ana­lyt­ics is a web ana­lyt­ics ser­vice. Web analy­sis is the col­lec­tion, col­lec­tion and analy­sis of data about the behav­ior of vis­i­tors to web­sites. Among oth­er things, a web analy­sis ser­vice col­lects data on which web­site an affect­ed per­son has come to a web­site (so-called refer­rers), which sub­pages of the web­site were accessed or how often and for which length of stay a sub­page was viewed. A web analy­sis is main­ly used to opti­mize a web­site and cost-ben­e­fit analy­sis of Inter­net adver­tis­ing.

The oper­at­ing com­pa­ny of the Google Ana­lyt­ics com­po­nent is Google Inc., 1600 Amphithe­ater Pkwy, Moun­tain View, CA 94043–1351, USA.

The con­troller uses the addi­tion “_gat._anonymizeIp” for web ana­lyt­ics via Google Ana­lyt­ics. By means of this adden­dum, the IP address of the Inter­net access of the data sub­ject will be short­ened and anonymised by Google if the access to our web­site is from a Mem­ber State of the Euro­pean Union or from anoth­er state par­ty to the Agree­ment on the Euro­pean Eco­nom­ic Area.

The pur­pose of the Google Ana­lyt­ics com­po­nent is to ana­lyze vis­i­tor flows on our web­site. Among oth­er things, Google uses the data and infor­ma­tion obtained to eval­u­ate the use of our web­site, to com­pile for us online reports show­ing the activ­i­ties on our web­sites, and to pro­vide oth­er ser­vices relat­ed to the use of our web­site.

Google Ana­lyt­ics uses a cook­ie on the infor­ma­tion tech­nol­o­gy sys­tem of the data sub­ject. What cook­ies are, has already been explained above. By using this cook­ie Google is enabled to ana­lyze the usage of our web­site. Each time one of the pages of this web­site run by the con­troller is accessed and a Google Ana­lyt­ics com­po­nent has been inte­grat­ed, the Inter­net brows­er on the infor­ma­tion tech­nol­o­gy sys­tem of the data sub­ject is auto­mat­i­cal­ly caused by the respec­tive Google Ana­lyt­ics com­po­nent to sub­mit data to Google for online analy­sis pur­pos­es. As part of this tech­ni­cal process, Google will be aware of per­son­al data, such as the IP address of the data sub­ject, which serve, among oth­er things, Google to track the ori­gin of the vis­i­tors and clicks, and sub­se­quent­ly make com­mis­sion set­tle­ments pos­si­ble.

The cook­ie stores per­son­al­ly iden­ti­fi­able infor­ma­tion, such as access time, the loca­tion from which access was made, and the fre­quen­cy of site vis­its by the data sub­ject. Each time you vis­it our web­site, your per­son­al infor­ma­tion, includ­ing the IP address of the Inter­net con­nec­tion used by the data sub­ject, is trans­ferred to Google in the Unit­ed States of Amer­i­ca. This per­son­al infor­ma­tion is stored by Google in the Unit­ed States of Amer­i­ca. Google may trans­fer such per­son­al data col­lect­ed through the tech­ni­cal process to third par­ties.

The affect­ed per­son can pre­vent the set­ting of cook­ies through our web­site, as shown above, at any time by means of a cor­re­spond­ing set­ting of the Inter­net brows­er used and thus per­ma­nent­ly object the set­ting of cook­ies. Such a set­ting of the Inter­net brows­er used would also pre­vent Google from set­ting a cook­ie on the infor­ma­tion tech­nol­o­gy sys­tem of the per­son con­cerned. In addi­tion, a cook­ie already set by Google Ana­lyt­ics can be delet­ed at any time via the Inter­net brows­er or oth­er soft­ware pro­grams.

Fur­ther­more, the data sub­ject has the option of object­ing to and pre­vent­ing the col­lec­tion of the data gen­er­at­ed by Google Ana­lyt­ics for the use of this web­site and the pro­cess­ing of this data by Google. To do this, the per­son must down­load and install a brows­er add-on at https://tools.google.com/dlpage/gaoptout. This brows­er add-on informs Google Ana­lyt­ics via JavaScript that no data and infor­ma­tion about web­site vis­its may be trans­mit­ted to Google Ana­lyt­ics. The instal­la­tion of the brows­er add-on is con­sid­ered by Google as an objec­tion. If the data subject’s infor­ma­tion tech­nol­o­gy sys­tem is lat­er delet­ed, for­mat­ted or rein­stalled, the data sub­ject must re-install the brows­er add-on to dis­able Google Ana­lyt­ics. If the brows­er add-on is unin­stalled or dis­abled by the data sub­ject or any oth­er per­son with­in their sphere of con­trol, it is pos­si­ble to rein­stall or reac­ti­vate the brows­er add-on.

Addi­tion­al infor­ma­tion and Google’s pri­va­cy pol­i­cy can be found at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/en.html. Google Ana­lyt­ics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

12. Pri­va­cy Pol­i­cy for Google Web­fonts

This web­site uses exter­nal Google fonts. Google Fonts is a ser­vice of Google Inc. The inte­gra­tion of these web fonts is done by a serv­er call, usu­al­ly a Google serv­er in the USA. The infor­ma­tion about which of our web­sites one have vis­it­ed, will be trans­mit­ted to the serv­er. Also, the IP address of the vis­i­tor of this web­site is stored by Google. For more infor­ma­tion, see the Google Pri­va­cy Pol­i­cy, which you can access here: www.google.com/policies/privacy/

12. Pri­va­cy Pol­i­cy for Use of LinkedIn

The con­troller has inte­grat­ed com­po­nents from LinkedIn Cor­po­ra­tion on this web­site. LinkedIn is an Inter­net-based social net­work that allows users to con­nect to exist­ing busi­ness con­tacts and make new busi­ness con­tacts. Over 400 mil­lion reg­is­tered peo­ple use LinkedIn in more than 200 coun­tries. This makes LinkedIn cur­rent­ly the largest plat­form for busi­ness con­tacts and one of the most vis­it­ed web­sites in the world.

LinkedIn’s oper­at­ing com­pa­ny is LinkedIn Cor­po­ra­tion, 2029 Stier­lin Court Moun­tain View, CA 94043, USA. Pri­va­cy Pol­i­cy issues out­side the Unit­ed States are han­dled by LinkedIn Ire­land, Pri­va­cy Pol­i­cy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ire­land.

Each time you vis­it our web­site, which has a LinkedIn com­po­nent (LinkedIn plug-in), this com­po­nent caus­es the brows­er used by the data sub­ject to down­load a cor­re­spond­ing rep­re­sen­ta­tion of the LinkedIn com­po­nent. More infor­ma­tion about the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this tech­ni­cal process, LinkedIn learns about the spe­cif­ic sub­page of our web­site vis­it­ed by the affect­ed per­son.

If the data sub­ject is logged in to LinkedIn at the same time, LinkedIn rec­og­nizes with each vis­it to our web­site by the data sub­ject and dur­ing the entire dura­tion of the respec­tive stay on our web­site which spe­cif­ic sub­page of our web­site the data sub­ject vis­its. This infor­ma­tion is col­lect­ed through the LinkedIn com­po­nent and linked by LinkedIn to the affect­ed LinkedIn account. If the affect­ed per­son acti­vates a LinkedIn but­ton inte­grat­ed on our web­site, LinkedIn assigns this infor­ma­tion to the per­son­al LinkedIn user account of the data sub­ject and saves this per­son­al data.

LinkedIn always receives infor­ma­tion via the LinkedIn com­po­nent that the data sub­ject has vis­it­ed our web­site if the per­son con­cerned is simul­ta­ne­ous­ly logged into LinkedIn at the time of access­ing our web­site; this hap­pens regard­less of whether the data sub­ject clicks on the LinkedIn com­po­nent or not. If the data sub­ject does not want to trans­mit this infor­ma­tion to LinkedIn, he / she can pre­vent it from log­ging out of their LinkedIn account before vis­it­ing our web­site.

At https://www.linkedin.com/psettings/guest-controls, LinkedIn offers the abil­i­ty to opt out of email mes­sages, text mes­sages, and tar­get­ed ads, as well as man­age ad set­tings. LinkedIn also uses part­ners like Quant­cast, Google Ana­lyt­ics, BlueKai, Dou­bleClick, Nielsen, Com­score, Elo­qua and Lotame, who can set cook­ies. Such cook­ies can be refused at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s pri­va­cy pol­i­cy is avail­able at https://www.linkedin.com/legal/privacy-policy. LinkedIn cook­ie pol­i­cy is avail­able at https://www.linkedin.com/legal/cookie-policy.

13. Pri­va­cy Pol­i­cy for Use of Twit­ter

The con­troller has inte­grat­ed Twit­ter com­po­nents on this web­site. Twit­ter is a mul­ti­lin­gual pub­licly avail­able microblog­ging ser­vice where users can post and dis­trib­ute so-called tweets, which are lim­it­ed to 280 char­ac­ters. These short mes­sages are avail­able to any­one, includ­ing non-Twit­ter sub­scribers. The tweets are also dis­played to the so-called fol­low­ers of the respec­tive user. Fol­low­ers are oth­er Twit­ter users who fol­low a user’s tweets. Twit­ter also allows you to address a broad audi­ence via hash­tags, links or retweets.

The oper­at­ing com­pa­ny of Twit­ter is Twit­ter, Inc., 1355 Mar­ket Street, Suite 900, San Fran­cis­co, CA 94103, USA.

Each time one of the indi­vid­ual pages of this web­site, which is oper­at­ed by the con­troller and on which a Twit­ter com­po­nent (Twit­ter but­ton) has been inte­grat­ed, the Inter­net brows­er on the infor­ma­tion tech­nol­o­gy sys­tem of the data sub­ject is auto­mat­i­cal­ly caused by the respec­tive Twit­ter com­po­nent to down­load a pre­sen­ta­tion of the cor­re­spond­ing Twit­ter com­po­nent of Twit­ter. Fur­ther infor­ma­tion on the Twit­ter but­tons is avail­able at https://about.twitter.com/en/resources/buttons. As part of this tech­ni­cal process, Twit­ter receives infor­ma­tion about which spe­cif­ic sub­page of our web­site is vis­it­ed by the per­son con­cerned. The pur­pose of the inte­gra­tion of the Twit­ter com­po­nent is to allow our users to redis­trib­ute the con­tents of this web­site, to pro­mote this web­site in the dig­i­tal world and to increase our vis­i­tor num­bers.

If the data sub­ject is simul­ta­ne­ous­ly logged in to Twit­ter, Twit­ter rec­og­nizes with each vis­it to our web­site by the data sub­ject and dur­ing the entire dura­tion of the respec­tive stay on our web­site, which spe­cif­ic sub­page of our web­site the data sub­ject is vis­it­ing. This infor­ma­tion is col­lect­ed through the Twit­ter com­po­nent and assigned through Twit­ter to the data sub­jects Twit­ter account. If the data sub­ject acti­vates one of the Twit­ter but­tons inte­grat­ed on our web­site, the data and infor­ma­tion trans­mit­ted with it are assigned to the per­son­al Twit­ter user account of the data sub­ject and stored and processed by Twit­ter.

Twit­ter always receives infor­ma­tion via the Twit­ter com­po­nent that the data sub­ject has vis­it­ed our web­site if the data sub­ject simul­ta­ne­ous­ly logs on to Twit­ter at the time of access to our web­site; this hap­pens regard­less of whether or not the sub­ject clicks on the Twit­ter com­po­nent. If such a trans­fer of this infor­ma­tion to Twit­ter is not want­ed by the per­son con­cerned, it can pre­vent the trans­fer by log­ging out of their Twit­ter account before call­ing our web­site.

The applic­a­ble pri­va­cy poli­cies of Twit­ter are avail­able at https://twitter.com/privacy?lang=en.

14. Pri­va­cy Pol­i­cy for Use and Use of Xing

The con­troller has inte­grat­ed com­po­nents from Xing on this web­site. Xing is an Inter­net-based social net­work that allows users to con­nect to exist­ing busi­ness con­tacts and make new busi­ness con­tacts. The indi­vid­ual users can cre­ate a per­son­al pro­file at Xing. Com­pa­nies can, for exam­ple, cre­ate com­pa­ny pro­files or pub­lish job offers on Xing.

The oper­at­ing com­pa­ny of Xing is XING SE, Damm­torstraße 30, 20354 Ham­burg, Ger­many.

Each time one of the indi­vid­ual pages on this web­site, which is run by the con­troller and on which a Xing com­po­nent (Xing plug-in) has been inte­grat­ed, is called, the inter­net brows­er on the infor­ma­tion tech­nol­o­gy sys­tem of the data sub­ject is auto­mat­i­cal­ly caused by the respec­tive Xing Com­po­nent to down­load a rep­re­sen­ta­tion of the cor­re­spond­ing Xing com­po­nent from Xing. More infor­ma­tion about the Xing plug-ins can be found at https://dev.xing.com/plugins. As part of this tech­ni­cal process, Xing is aware of which spe­cif­ic sub­page of our web­site is vis­it­ed by the data sub­ject.

If the data sub­ject is logged in to Xing at the same time, Xing rec­og­nizes with each vis­it to our web­site by the data sub­ject and dur­ing the entire dura­tion of the respec­tive stay on our web­site, which spe­cif­ic sub­page of our web­site was vis­it­ed by the data sub­ject. This infor­ma­tion is col­lect­ed by the Xing com­po­nent and assigned by Xing to the affect­ed Xing account. If the data sub­ject acti­vates one of the Xing but­tons inte­grat­ed on our web­site, for exam­ple the “Share” but­ton, Xing assigns this infor­ma­tion to the per­son­al Xing user account of the data sub­ject and stores this per­son­al data.

Xing always receives infor­ma­tion from the Xing com­po­nent that the data sub­ject has vis­it­ed our web­site if the data sub­ject is simul­ta­ne­ous­ly logged in to Xing at the time of access­ing our web­site; this hap­pens regard­less of whether or not the data sub­ject clicks on the Xing com­po­nent. If such a trans­fer of this infor­ma­tion to Xing by the data sub­ject is not intend­ed, it can pre­vent the trans­fer by log­ging out of your Xing account before call­ing our web­site.

Xing’s pri­va­cy pol­i­cy, avail­able at https://www.xing.com/privacy, pro­vides infor­ma­tion about the col­lec­tion, pro­cess­ing and use of per­son­al infor­ma­tion by Xing. In addi­tion, Xing has post­ed pri­va­cy notices for the XING Share but­ton at https://www.xing.com/app/share?op=data_protection.

15. Legal basis of pro­cess­ing

Art. 6 I lit. a GDPR serves our com­pa­ny as the legal basis for pro­cess­ing oper­a­tions where we obtain con­sent for a par­tic­u­lar pro­cess­ing pur­pose. If the pro­cess­ing of per­son­al data is nec­es­sary to ful­fill a con­tract of which the data sub­ject is a par­ty, as is the case, for exam­ple, in pro­cess­ing oper­a­tions nec­es­sary for the sup­ply of goods or the pro­vi­sion of any oth­er ser­vice or con­sid­er­a­tion, pro­cess­ing shall be based on Art. 6 I lit. b GDPR. The same applies to pro­cess­ing oper­a­tions that are nec­es­sary to car­ry out pre-con­trac­tu­al mea­sures, for exam­ple in cas­es of inquiries regard­ing our prod­ucts or ser­vices. If our com­pa­ny is sub­ject to a legal oblig­a­tion which requires the pro­cess­ing of per­son­al data, such as the ful­fill­ment of tax oblig­a­tions, the pro­cess­ing is based on Art. 6 I lit. c GDPR. In rare cas­es, the pro­cess­ing of per­son­al data may be required to pro­tect the vital inter­ests of the data sub­ject or anoth­er nat­ur­al per­son. This would be the case, for exam­ple, if a vis­i­tor to our premis­es were injured and his or her name, age, health insur­ance or oth­er vital infor­ma­tion would have to be passed on to a doc­tor, hos­pi­tal or oth­er third par­ty. Then the pro­cess­ing would be based on Art. 6 I lit. d GDPR. Ulti­mate­ly, pro­cess­ing oper­a­tions could be based on Art. 6 I lit. f GDPR. On this legal basis, pro­cess­ing oper­a­tions that are not cov­ered by any of the above legal bases are required if pro­cess­ing is nec­es­sary to safe­guard the legit­i­mate inter­ests of our com­pa­ny or a third par­ty, unless the inter­ests, fun­da­men­tal rights and fun­da­men­tal free­doms of the per­son con­cerned pre­vail. Such pro­cess­ing oper­a­tions are par­tic­u­lar­ly allowed to us because they have been specif­i­cal­ly men­tioned by the Euro­pean leg­is­la­tor. In that regard, it con­sid­ered that a legit­i­mate inter­est could be assumed if the data sub­ject is a cus­tomer of the con­troller (recital 47, sec­ond sen­tence, GDPR).

16. Eli­gi­ble pro­cess­ing inter­ests that are being pur­sued by the con­troller or a third par­ty

Is the pro­cess­ing of per­son­al data based on Arti­cle 6 I lit. f GDPR, our legit­i­mate inter­est is in con­duct­ing our busi­ness for the ben­e­fit of all of our employ­ees and our share­hold­ers.

17. Dura­tion for which the per­son­al data are stored

The cri­te­ri­on for the dura­tion of the stor­age of per­son­al data is the respec­tive statu­to­ry reten­tion peri­od. After the dead­line, the cor­re­spond­ing data will be rou­tine­ly delet­ed, if they are no longer required to ful­fill the con­tract or to ini­ti­ate a con­tract.

18. Legal or con­trac­tu­al pre­scrip­tions for the pro­vi­sion of per­son­al data; Neces­si­ty for the con­clu­sion of the con­tract; Oblig­a­tion of the data sub­ject to pro­vide the per­son­al data; pos­si­ble con­se­quences of non-pro­vi­sion

We clar­i­fy that the pro­vi­sion of per­son­al infor­ma­tion is in part required by law (such as tax reg­u­la­tions) or may result from con­trac­tu­al arrange­ments (such as details of the con­trac­tor). Occa­sion­al­ly it may be nec­es­sary for a con­tract to be con­clud­ed that a data sub­ject pro­vides us with per­son­al data that must sub­se­quent­ly be processed by us. For exam­ple, the data sub­ject is required to pro­vide us with per­son­al infor­ma­tion when our com­pa­ny enters into a con­tract with her. Fail­ure to pro­vide the per­son­al data would mean that the con­tract with the data sub­ject could not be closed. Pri­or to any per­son­al data being pro­vid­ed by the data sub­ject, the data sub­ject must con­tact one of our employ­ees. Our employ­ee will inform the indi­vid­ual on a case-by-case basis whether the pro­vi­sion of the per­son­al data is required by law or con­tract or is required for the con­clu­sion of the con­tract, whether there is an oblig­a­tion to pro­vide the per­son­al data and the con­se­quences of the non-pro­vi­sion of the per­son­al data.

19. Exis­tence of auto­mat­ed deci­sion-mak­ing

As a respon­si­ble com­pa­ny we refrain from auto­mat­ic deci­sion-mak­ing or pro­fil­ing.