expand_less
EN
NL FR
Home Retention periods Contact
NL EN FR
Archive storage arrow_forward
arrow_back Back
Archive storage
Archive storage Overview
External archive storage
Internal archive storage
Archive management
Archive consultation
Archive boxes
Archive relocation
Archive recovery
Security and GDPR
Healthcare and Pharma
Archive destruction arrow_forward
arrow_back Back
Archive destruction
Archive destruction Overview
Paper destruction
Destruction of digital data
Mobile data destruction
Destruction containers
IT recycling
100% secure destruction
Digitization
Home Retention periods Contact
keyboard_arrow_up
keyboard_arrow_up

Name and address of the controller

The controller in the sense of the General Data Protection Regulation and other national data protection laws in the member states as well as other data protection law provisions is:


Dockx Rhenus Archisafe N.V.
Terbekehofdreef 10
2610 Wilrijk
Belgium
Phone: +32 3 740 39 64
E-mail: info@dockx-rhenus.be

Address and contact data of the data protection officer

Dockx Rhenus Archisafe N.V.
Terbekehofdreef 10
2610 Wilrijk
Belgium
Phone: +32 3 740 39 64
E-mail: info@dockx-rhenus.be

 


We would like to provide you with the following notes and information regarding the way that we carefully protect your private details and the extensive level of confidentiality when handling your data:

Making available the website and generating log files

1. Anonymous data collection
In principle, you can use our websites without informing us who you are. We only learn about technical data like the name of your Internet service provider, the website from which you come and the corporate websites that you visit. This information is assessed with the date and time details for internal statistical purposes related to advertising, website analysis and for designing our websites to meet needs. You remain completely anonymous as a user in this process. No pseudonymised user profiles are generated.

2. The purpose and legal basis of data processing
The temporary storage of the IP address by the system is necessary in order to enable the website to be sent to the user’s computer. The user’s IP address must be stored for the duration of the session. The legal basis for temporarily storing the data is found in Article 6 Para. 1 f) of the GDPR.

3. The length of time that data is stored
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was gathered. When gathering data to make available the website, deletion occurs once the session in question has ended.

4. Opportunity to object and to have the data removed
The logging of data for making available the website and storing data in log files is absolutely necessary to operate the Internet site. There is therefore no opportunity for the user to object to this.

Using cookies

1. Description and scope of the data processing

We make use of cookies to improve the quality of establishing the link with and the content of our website and to provide user-oriented navigation that is as smooth as possible. We make use of so-called session cookies that are restricted to the time of your visit to the website. They are used to determine which content is viewed from your PC while you continue to surf and they also play a role in increasing your security when surfing. Once you leave our website or do not click on it for a certain time, these short-term cookies are deleted again.  

Cookies cannot do any damage to your PC. They do not cause any security risk in the sense of viruses or spying on your PC. You control how cookies are handled yourself. Please use the help function in your browser to allow, reject, view and delete them.

We make use of cookies in order to make our website more user-friendly. Some elements on our website require us to identify the browser making the request after you move from one site to another. The following data is therefore stored and transmitted in the cookies:

  • language settings

We also use cookies that enable an analysis of the surfing behaviour of users. The following data can be transmitted in this way:

  • search terms that are entered

2. The purpose and legal basis of data processing

The purpose of using absolutely necessary cookies (technically necessary cookies) is to enable the use of websites for the users. The legal basis for the processing of personal data using absolutely necessary cookies is Article 6 Para. 1 f) of the GDPR.

Some functions of our website are not available without using cookies. It is essential for them that the browser is recognised again after a change of site. We need cookies for the following applications:

  • to take over language settings

The user data collected through the cookies required for technical purposes is not used to draw up any user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies enable us to see how the website is being used and we are then able to continually optimise our services. The following analysis cookies are used:

  • to note search terms

The legal basis for the processing of personal data using non-technically necessary cookies (performance cookies) is Article 6 Para. 1 a) of the GDPR (consent).

3. The length of time that data is stored and the opportunity to object and to have the data removed

Cookies are stored on the user’s computer and are transmitted to our site by the latter. As a user, you therefore have full control over the use of cookies. By making changes to the settings in your Internet browser, you can deactivate or restrict the sending of cookies. Any cookies already stored can be deleted at any time. This can take place automatically too. If cookies are deactivated for our website, it may not be possible for you to make full use of all the functions available on the website.

Newsletter

1. Description and scope of the data processing

Newsletters are sent on the basis of the user’s registration on the website:

It is possible to subscribe to a free newsletter on our website. The data entered on the input form is sent to us once you register for the newsletter. The following data is processed in this case:

  • your first name and surname 
  • your email address
  • your company (optional)
  • your phone number (optional)

The following data is also gathered when you register:

  • the IP address of the computer making the request
  • the date and time of registration

Your consent is obtained to process the data as part of the registration process and reference is made to this data protection declaration.

The newsletter is sent on the basis of the sale of goods or services:

If you purchase goods or services from our website and leave your email address there, we may use this subsequently to send out a newsletter. In this case, the newsletter is exclusively used to directly advertise our own similar goods or services.

No data is forwarded to third parties in conjunction with processing data to send out newsletters. The data is exclusively used for sending out the newsletter.

The job newsletter mailing is based on the offer of vacant job positions for the Rhenus Group. With your selection of certain job criteria (career level, field of activity, company, country) we will inform you weekly about new job offers in the form of a Job Newsletter.

2. The purpose and legal basis data processing

Newsletters are sent on the basis of the user’s registration on the website. The user’s email address is gathered for the purpose of delivering the newsletter. The gathering of other personal data as part of the registration process is used to prevent any misuse of the services or the email address that is used. 

The legal basis for processing the data, once the user has registered for the newsletter, is Article 6 Para. 1 a) of the GDPR, provided that the user has given consent for this.

The newsletter is sent out due to the sale of goods or services: Legal basis for the dispatch of the newsletter as a result of the sale of goods or services is § 7 Para. 3 UWG (german law) or Article 6 Para. 1 f) of the GDPR.

3. The length of time that data is stored

The data is deleted as soon as it is no longer required to achieve the purpose for which it was gathered. The user’s email address is therefore stored for as long as the subscription to the newsletter is active.

The personal data collected during the registration process is usually deleted after a period of seven days.

4. Opportunities to object and to have the data removed

The user concerned can terminate the subscription to the newsletter at any time. There is an appropriate link in each newsletter for this purpose. There is also an opportunity to cancel any consent to store the personal data that is gathered during the registration process.

Registration

On our website, we offer users the opportunity to register by entering personal data. Thereby the data are entered in an entry window, transferred to us and stored. The data is not passed on to third parties.

Contact form and email contact

1. Description and scope of managing the data

There is a contact form on our website and it can be used to make contact electronically. If a user makes use of this facility, the data entered on the input form is sent to us and stored. This data involves:

  • subject
  • first name
  • last name
  • email address
  • name of the company
  • address of the company
  • country/Region
  • phone number
  • details of your delivery
  • free text
  • time of the request
  • IP address

Alternatively, it is possible to make contact via the email address that is made available. In this case, the user’s personal data that is sent with the email is stored.  

2. The purpose and legal basis of data processing

Within the scope of your contacting us, we process your personal data on the basis of the following legal principles for the following purposes:

The processing of the personal data from the contact form or your email serves us solely to process the contact and in case of follow-up questions. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Article 6 Para. 1 f) of the GDPR and, if applicable, Article 6 Para. 1 b) of the GDPR, if your request is aimed at the conclusion of a contract.

The other personal data processed when the email is sent is used to prevent any misuse of the contact form and guarantee the security of our IT systems.  The legal basis for the processing of personal data is Article 6 Para. 1 f) of the GDPR.

3. The length of time that data is stored

The data is deleted as soon as it is no longer required to achieve the purpose for which it was gathered. This is the case for any personal data from the input form in the contact form and the data that is sent by email when the relevant conversation with the user has been concluded. The conversation has been ended when the circumstances suggest that the facts of the case in question have been finally resolved.

The personal data, which is also gathered during the sending procedure, is deleted after a period of seven days, at the very latest.

4. Recipients of the data

In our contact form you can select the topic on which you would like to make an inquiry. Inquiries on the topic "General" are handled by the central specialist department. If necessary, we will forward your inquiry to the responsible Rhenus company for internal processing. This company will process the data you have provided in order to contact you regarding your inquiry.

Enquiries on all other topics are automatically forwarded for internal processing to the stored contact mail of the relevant Rhenus company and processed there. This company will process the data you have provided in order to contact you regarding your inquiry.

5. Opportunity to object and to have the data removed

In the case of Article 6 Para. 1 f) GDPR, you can object to the processing of your personal data at any time. Please note that in this case your request cannot be processed further. You can declare your objection by sending an email to our email address given above.

 

Google analytics

This website makes use of functions provided by the web analysis service known as Google Analytics. The provider of this is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Analytics makes use of so-called “cookies”. They are text files that are stored on your computer and enable an analysis of the use of the website. The information generated by the cookie about your use of this website is normally sent to a server operated by Google in the USA and stored there.

 

a) IP pseudonymisation

We have activated the IP pseudonymisation function on this website. This means that your IP address is abbreviated by Google within the member states of the European Union or in other signatory countries to the Agreement on the European Economic Area before being sent to the USA. The complete IP address is only sent to a Google server in the USA in exceptional cases before being abbreviated there. Google will use this information on behalf of the operator of this website in order to assess your usage of the website, to compile reports about the website activities and to enable the website operator to provide other services associated with the use of the website and the Internet. The legal basis is the consent according to Article 6 Para. 1 a) GDPR. The IP address sent from your browser by Google Analytics is not combined with any other data held by Google.

b) Browser plug-ins

You can prevent the cookies from being stored by making the appropriate setting in your browser software; however, we would point out that you may not be able to fully make use of all the functions of this website, if you do so. You can also prevent the logging of the data generated by the cookie and related to your use of the website (including your IP address) being sent to Google or Google’s ability to process this data by downloading and installing the browser plug-in that is available at this link: tools.google.com/dlpage/gaoptout

c) Objecting to the logging of data

You can prevent the logging of your data by Google by clicking on the following link. This generates an opt-out cookie, which will prevent any of your data being logged during future visits to this website: tools.google.com/dlpage/gaoptout

You can obtain more information about how user data is handled at Google Analytics in Google’s data privacy declaration: https://support.google.com/analytics/answer/6004245?hl=de

d) Demographic features with Google Analytics                      

This website uses the “demographic features” function within Google Analytics. This means that it is possible to generate reports that contain statements about the age, gender and interests of the visitors to the site. This data comes from Google’s advertising that is related to interests and from visitor data from third-party providers. This data cannot be assigned to any particular person. You can deactivate this function by using the advertising settings in your Google account at any time or generally prohibit the logging of your data by Google Analytics, as demonstrated in the paragraph on “Objecting to the logging of data”.

LinkedIn

Our website uses functions of the network LinkedIn. The provider is the LinkedIn Ireland Unlimited Company (hereinafter "LinkedIn"), Wilton Plaza, Wilton Place, Dublin 2, Ireland. We are jointly responsible for the processing of data with LinkedIn. The agreement in accordance with art. 26 GDPR can be found here: legal.linkedin.com/pages-joint-controller-addendum. The data protection officer of LinkedIn can be contacted via the following link: www.linkedin.com/help/linkedin/ask/ppq. The contact details of our data protection officer can be found in point II of this privacy policy.

On LinkedIn, personal data is processed and stored if you do not have a LinkedIn account yourself. Even if you are only a temporary visitor, personal data such as the IP address, browser type, operating system, information on previously accessed websites, location, mobile provider, the end device used, the search terms used and cookie information are processed. In addition, data is transmitted by LinkedIn to third countries, in particular the USA. This data transfer is secured by standard contractual clauses of the EU Commission.

1. Company profile on LinkedIn

We have a LinkedIn company profile. You can access our company profile on the internet at any time, regardless of whether you have created a user account on the corresponding platform yourself or not. If you are logged into your LinkedIn account, LinkedIn can assign this to your user account. In both cases, however, your data will be processed by LinkedIn. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. Should you publicly post or comment on your data on our LinkedIn profile, it will be viewable by other registered and non-registered visitors to our LinkedIn profile worldwide. 

On our LinkedIn company profile, you also have the opportunity to respond to our posts, write comments, create a post on our page yourself, or send us private messages. All data provided by you in this context will be processed by us. We process your personal data based on our legitimate interest in responding to your request in accordance with art. 6 (1) lit. f GDPR and, if applicable, art. 6 (1) lit. b GDPR, if your request is aimed at concluding a contract.

In general, we receive the following data from you:

  • Information about the profile of the user;
  • Information you provide in your message or comment to us;
  • If you have responded to our post and type of response, or you have shared or commented on it;
  • Mode of interaction.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal retention obligations to the contrary. For personal data from messages, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

2. LinkedIn Insight Tag

The LinkedIn Insight Tag is a small JavaScript code snippet that we use on our website. The LinkedIn Insight Tag enables the collection of data about visits to our website, including URL, referrer URL, IP address, device and browser properties, timestamps, and page views. LinkedIn does not share any personally identifiable information with us.  We are only provided with aggregated data as page insights, which does not allow us to draw conclusions about individuals or members. In doing so, we may receive the following information such as industry, job title, company size, career level and location of the website visitors.

The processing of data via the page insights is carried out by LinkedIn and us as joint controllers within the meaning of the GDPR. The purpose of this data processing is exclusively the evaluation and analysis of the actions and activities on our LinkedIn company profile and the improvement based on this data. The legal basis for the processing of personal data is art. 6 (1) lit. a GDPR.

This data is encrypted, anonymized within 7 days and the anonymized data is deleted within 90 days.

3. LinkedIn Ads

We have integrated LinkedIn Ads on our website. LinkedIn Ads uses cookies and other browser technologies to evaluate user behavior and thus display targeted ads on LinkedIn. LinkedIn Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of the ads. Furthermore, LinkedIn Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider. In this case, your data is transferred to LinkedIn, possibly also to the USA. The use of LinkedIn Ads is based on your consent in accordance with art. 6 para. 1 lit. a GDPR.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal retention obligations to the contrary. The specific storage period of the processed data cannot be influenced by us, but is determined by LinkedIn.

4. Right of objection and data subject rights

LinkedIn members can also control the use of their personal data for advertising purposes in their account settings. If you are a LinkedIn member and do not want LinkedIn to collect data about you via our website and link it to your membership data stored on LinkedIn, you can log out of LinkedIn before visiting our website. 

In addition, you can deactivate the cookies independently of a LinkedIn membership here: Opt-Out.

In the context of joint responsibility with LinkedIn, you can claim your data subject rights in accordance with art. 15, 16, 17, 18, 20, 21 GDPR from both LinkedIn and us. LinkedIn assumes the fulfillment of the obligations under the GDPR for the processing of Insights data, in particular the safeguarding of data subject rights. If you wish to make use of your data subject rights, please contact LinkedIn directly.

For more information, please see LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy

Leadinfo

We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit www.leadinfo.com. In the event of an opt-out, your data will no longer be used by Leadinfo.

Google Ads

This website uses functions of the service "Google Ads" (formerly Google AdWords), a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This enables us to determine how successful individual advertising measures are. These advertising media are delivered by Google via so-called "AdServers". For this purpose, we use so-called AdServer cookies, which can be used to measure certain parameters for measuring success, such as display of the ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your PC.

These cookies usually lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies allow Google to recognize your web browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across Ads customers' websites. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. According to our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is the possibility that Google learns your IP address and stores it.

The legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a GDPR. If you do not want Google Ads to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.

In the context of processing by Google Ads, data may be transmitted to the USA. The following recipients may be, among others, Google LLC. and Alphabet Inc. The security of the transmission is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR.

For more information about data processing by Google, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en.

Friendly Captcha

We use Friendly Captcha on our website, a service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.

 Friendly Captcha is a privacy-friendly protection solution to make it more difficult for automated programs and scripts (so-called "bots") to use websites. Friendly Captcha thus protects websites from misuse. For this purpose, we have integrated a program code from Friendly Captcha in certain areas of our website, e.g. in a contact form. This causes the visitor's end device to establish a connection to the Friendly Captcha servers in connection with the protected area (e.g. sending a contact form). The visitor's browser receives a calculation task from Friendly Captcha. The complexity of the calculation task depends on various risk factors. The visitor's end device solves the calculation task, which requires certain system resources, and sends the calculation result to our web server. This contacts the Friendly Captcha server via an interface and receives a response as to whether the puzzle has been solved correctly by the end device.

In addition, the visitor's browser transmits connection data, environmental data, interaction data and functional data to Friendly Captcha. Friendly Captcha evaluates this data and determines how likely it is that it is a human user or bot and transmits the result to our web server.

Friendly Captcha does not store any personal data about the visitor. Data that could identify the visitor (such as IP addresses) is anonymized using one-way hashing. Friendly Captcha does not use HTTP cookies and does not store any data in the persistent browser memory.

The legal basis for the use of Friendly Captcha is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in protecting the website from abusive, automated crawling and spam.

Further information, please visit: https://friendlycaptcha.com/legal/privacy-end-users/

 

This website uses functions of Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

DoubleClick is used to show you interest-based ads across the Google advertising network. In order to be able to show users interest-based advertising, DoubleClick must recognize the respective viewer and be able to assign the websites they have visited, clicks and other information on user behavior to them. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). Google DoubleClick uses a special cookie script. This draws among other things on:

• the number of page views,

• the surfing behavior of users on the site,

• the IP address of the user,

• previously visited pages and

• for searching for used keywords.

The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the user concerned. If you have a Google account, the search engine associates the data obtained with the information available in the Google account.

As part of processing by Google, data may be transmitted to the USA. The following recipients may include Google LLC. and Alphabet Inc. The level of data protection in the USA is currently not equivalent to that in the EU. This is due in particular to far-reaching official access rights to personal data processed by companies and insufficient legal protection options for data subjects. The security of the transmission is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a security level that corresponds to that of the GDPR.

Processing takes place exclusively on the basis of Article 6 (1) (b) GDPR. 6 paragraph 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. For more information on how to object to the ads displayed by Google, please see https://policies.google.com/technologies/ads?hl=en.

 

Google Tag Manager

This website uses functions of the service "Google Tag Manager" of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. The Google Tag Manager is an organizational tool that allows us to integrate and manage website tags centrally and via a user interface. We have concluded an order processing agreement with Google. The Google Tag Manager is an auxiliary service and itself processes personal data only for technically necessary purposes. The Google Tag Manager does not store any data itself. This takes care of loading other components, which in turn may collect data. The Google Tag Manager does not access this data. Please note that American authorities, such as intelligence agencies, could possibly gain access to personal data due to American laws. You can find more information about the Google Tag Manager in the Privacy policy of Google: https://policies.google.com/privacy?hl=en&gl=de.

 

Usercentrics

We use the cookie management platform Usercentrics on our website to obtain your consent for cookies and services requiring consent and to document these in compliance with data protection regulations. The provider is Usercentrics GmbH (hereinafter “Usercentrics”), Sendlinger Str. 7, 80331 Munich, Germany.

By integrating a JavaScript code, a banner is displayed to users when they access the page, giving them the option of granting or rejecting their consent for individual purposes or individual functions of our website. The tool blocks the setting of all cookies or services requiring consent until the respective user grants the corresponding consent. This ensures that cookies requiring consent are only set on the user's device or services requiring consent are only used if there is a legal basis for doing so.

The following personal data is processed:

  • Opt-in and opt-out data
  • Referrer URL
  • user agent
  • User settings
  • Consent ID
  • Time of consent
  • Type of consent
  • Template version
  • Banner language
  • IP address
  • Geographical location

Usercentrics is used to obtain the legally required consent for the use of cookies or services requiring consent. The legal basis is Art. 6 para. 1 lit. c GDPR.

We have concluded a data processing agreement with Usercentrics. This is an agreement required by data protection law, which ensures that Usercentrics processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. The collected data is processed in the European Union.

The consent data (consent given and withdrawal of consent) is stored for one year and then deleted immediately. The statutory retention periods remain unaffected by this.

You can find more details about data processing by Usercentrics here: How we protect your privacy | Usercentrics Privacy Policy.

The rights of data subject

1. Right of access

 

You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request information from us about the following:

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data that are being processed;

(3) the recipients or the categories of recipients to whom the personal data related to you has been disclosed or is still being disclosed;

(4) the planned time span for storing the personal data related to you or, if specific details on this are not possible, the criteria for determining the time span for storage;

(5) the existence of any right to correct or delete the personal data related to you, a right to restrict the processing of the data by the controller or a right to object to this processing of data;  

(6) the existence of a right to make a complaint to a supervisory authority;

(7) all the information that is available about the origin of the data, if the personal data is not being gathered from the person involved;

You can receive a free copy of your data from us. If you are interested in further copies, we reserve the right to charge you for the additional copies.

2. Right to rectification

You have the right to have the controller correct and/or complete any data, if the personal data that is being processed and concerns you is incorrect or incomplete. The controller must make the correction immediately.

3. Right to restriction of processing

You may demand restrictions on the processing of the personal data related to you in the following situations:

(1) if you dispute the correctness of the personal data related to you for a period that enables the controller to check the correctness of the personal data;

(2) if the processing of the data is illegal and you reject any deletion of your personal data and demand that restrictions are placed on the use of your personal data instead;

(3) if the controller no longer requires the personal data for the purposes of processing it, but you require it to assert, exercise or defend legal claims; or

(4) if you have lodged an objection to the processing according to Article 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons presented by the controller override your reasons.

4. Right to erasure

You may demand from the controller that the personal data related to you is deleted immediately and the controller shall be obliged to delete this data immediately if one of the following reasons applies:

(1) the personal data related to you is no longer required for the purposes for which it was gathered or processed in some other way;

(2) you withdraw your consent, on which the processing of the data was based according to Article 6 Para. 1 a) or Article 9 Para. 2 a) of the GDPR, and there is no other legal basis for processing the data;

(3) you lodge an objection against any processing of the data according to Article 21 Para. 1 of the GDPR and there are no overriding legitimate reasons for the processing of the data or you lodge an objection to the processing of the data according to Article 21 Para. 2 of the GDPR;

(4) the personal data related to you has been processed illegally;

(5) the deletion of the personal data related to you is necessary to fulfil a legal obligation according to the laws of the Union or the law of the member states, to which the controller is subject;  

(6) the personal data related to you was gathered in relation to information society services according to Article 8 Para. 1 of the GDPR.

a) Exceptions

There is no right to have the data deleted if the processing of the data is required:

(1) to exercise the right of free expression and information;

(2) to meet a legal obligation, which requires the processing of the data according to the laws of the Union or the member states, to which the controller is subject, or to perform a task that is of public interest or takes place in connection with exercising any state authority that has been transferred to the controller;

(3) for reasons of public interest in the field of public health according to Article 9 Para. 2 h) and i) as well as Article 9 Para. 3 of the GDPR;

(4) for archiving purposes that are in the public interest, scientific or historical research purposes or for statistical purposes according to Article 89 Para. 1 of the GDPR, if the right cited in paragraph a) will probably make the achievement of the goals of this processing of data impossible or will serious impair it; or

(5) to assert, exercise or defend legal claims.

5. Right to data portability

You have the right to receive the personal data related to you, which you have made available to the controller, in a structured, conventional and machine-readable format. You also have the right to transfer this data to a different controller without any obstruction by the first controller, to which the personal data was made available, if

(1) the processing of the data is based on consent in line with Article 6 Para. 1 a) of the GDPR or Article 9 Para. 2 a) of the GDPR or on a contract according to Article 6 Para. 1 b) of the GDPR and

(2) the processing of the data takes place using automated procedures.

When exercising this right, you also have the right to ensure that the personal data related to you is directly transferred from one controller to a different controller, if this is technically feasible. The freedoms and rights of other persons may not be impaired by this process.

The right to data portability shall not apply to any processing of personal data that is necessary to perform a task that is in the public interest or takes place in connection with exercising any state authority that has been transferred to the controller.

6. The right to object

You have the right to lodge an objection at any time to the processing of the personal data related to you, if this takes place according to Article 6 Para. 1 e) or f) of the GDPR, for reasons arising from your particular situation; this shall also apply to any profiling supported by these stipulations. In this case we will no longer process your data. The latter does not apply if we can prove that there are compelling reasons for processing worthy of protection which outweigh your interests or if we need your data to assert, exercise or defend legal claims.

If the personal data related to you is processed to provide direct marketing, you have the right to lodge an objection to the processing of the personal data related to you for the purpose of this kind of advertising at any time; this shall also apply to profiling, if it is connected to this kind of direct marketing. If you object to the processing of the data for the purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.

7. The right to cancel the declaration of consent under data protection law

You have the right to cancel your declaration of consent provided under data protection law at any time. By cancelling your consent, the legitimacy of the processing of the data that was performed on the basis of your consent until your cancellation shall not be affected.

8. The right to lodge a complaint to a supervisory authority

Regardless of any different administrative law or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, your place of work or the place of the alleged breach, if you believe that the processing of the personal data related to you breaches the GDPR.