Responsible under data protection law for the collection and processing of personal data on this website is:
Name: barely digital GmbH & Co KG
Represented by: Tobias Hübner, Jan Kofoet, Managing Director
Street, house number: Konrad-Adenauer-Str. 8
Postcode, town: 86836 Klosterlechfeld
Tel.: +49 8232 / 76 899 76 - 40
Websites: www.vintrica.com, www.hu-vignette.com, www.si-vignette.com, www.cze-vignette.com, www.sk-vignette.com, www.bg-vignette.com
Access data (server log files)
When you access our website, we automatically collect and store in so-called server log files access data that your browser automatically transmits to us. These are:
- Browser type and browser version of your PC
- Operating system used by your PC
- Referrer URL (source/reference from which you came to our website)
- Date and time of the server request
- the IP address currently used by your PC (if applicable, in anonymised form)
As a rule, it is not possible for us to make a personal reference, nor is it intended to do so. The processing of such data is carried out in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interest in improving the stability and functionality of our website.
Hosting / Content Delivery Network
We use the Amazon CloudFront content delivery network (CDN) from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f GDPR). A CDN is a network of servers distributed worldwide that is able to deliver optimised content to the website user. For this purpose, personal data may be processed in server log files by AWS. Please compare the explanations under "Access data".
AWS is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) sentence 1 lit. f GDPR not to operate a content delivery network ourselves.
You have the right to object to the processing. Whether the objection is successful is to be determined within the framework of a balancing of interests.
The processing of the data provided under this section is not required by law or by contract. The functionality of the website is not guaranteed without the processing.
Your personal data will be stored by AWS for as long as is necessary for the purposes described.
For more information on how to object to and remove your data from AWS, please visit: https://aws.amazon.com/de/compliance/gdpr-center/
AWS has implemented compliance measures for international data transfers. These apply to all global activities where AWS processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
Amazon Web Services Inc. with headquarters in the USA is certified for the us-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU.
- In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your terminal device. Cookies cannot execute programs or transfer viruses to your computer system.
- Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested are stored on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in storing cookies for the technically error-free and optimised provision of our services. Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are treated separately in this data protection declaration.
- Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognise your browser on your next visit.
- You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Web analysis tools and advertising
Our website uses the web analytics service Google Analytics. The provider is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of our website. The information generated by cookies about your use of our website is usually transferred to a Google server in the USA and stored there.
The legal basis for the processing of your data is the consent you have given via the cookie consent tool in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
We have concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Data stored by Google at user and event level that are linked to cookies, user identifiers (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=en
Objection to data collection
You can also prevent the collection of data generated by the cookies and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on available under the following link to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en. If you delete the cookies on your computer, you must set the opt-out cookie again.
For more information, see the 'about Hotjar' section on Hotjar's help page: https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar.
Google Tag Manager
Our website uses the Google Tag Manager from the provider Google. Google Tag Manager is a solution with which marketers can manage website tags via an interface. The tool that implements the tags is a cookie-less domain and does not store any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Google Ads and Google Conversion Tracking
Our website uses Google Ads (formerly Google AdWords). Google Ads is an online advertising programme of the provider Google.
Google Ads enables us to draw attention to our offers with the help of advertising media on external websites and to determine how successful individual advertising measures are. This helps us to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
Within the framework of Google Ads, we use so-called conversion tracking. The advertising material is delivered by Google via so-called "AdServers". For this purpose, we use so-called AdServer cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify users. These cookies enable Google to recognise your web browser. If you visit certain pages of our website when the cookie has not yet expired, Google and we can recognise that you have clicked on the specific advertisement and have been redirected to this page.
Each Google Ads client receives a different cookie. The cookies can therefore not be tracked via the websites of Ads customers. The following information is usually stored as analysis values for the cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. The Ads clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
The aggregation of the collected data in your Google account is based exclusively on your consent, which you can give or revoke at Google (Art. 6 para. 1 lit. a GDPR). In the case of data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 (1) lit. f GDPR. The legitimate interest arises from the fact that we have an interest in the anonymised analysis of visitors to our website for advertising purposes in order to optimise both our web offering and our advertising.
Further information and the data protection provisions can be found in Google's data protection declaration at: https://policies.google.com/technologies/ads?hl=en.
Microsoft Advertising (formerly Bing Ads)
This website uses Microsoft Advertising. This is a tracking and advertising service using cookies and web beacons provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States of America. The cookie is activated for a maximum of 1 year and 25 days.
The purposes of data collection and processing are advertising and conversion tracking. The following categories of (personal) data that may be collected and analysed as part of the service: Browser language, Ads clicked, Digital signature, GUID generated by the UET tag, IP address, Microsoft click ID, Microsoft cookie, Page title, Referrer URL, Screen colour depth, Screen resolution, UET ID tag, Page load time, Publisher/URL access.
Processing takes place in the European Union, but may also be transferred to third countries. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection.
We use CM.com, to send confirmation SMS messages to the customer on explicit customer request. Here the telephone number and the message content are transmitted to the Dutch provider CM.com. Responsible for this is CM. com Netherlands B.V. Konijnenberg 30, 4825 BD Breda, the Netherlands. For more information regarding the use of the D aten, visit https://www.cm.com/en-gb/app/legal/cmcom-legal//.
Nemzeti Mobilfizetési Zrt.
If you purchase an e-vignette for Hungary via vintrica, we will transfer your personal data (such as country of vehicle registration, license plate number, vehicle category, period of validity) to the following recipient in order to fulfill the contract and register the vignette:
Nemzeti Mobilfizetési Zrt.
Kapás utca 6-12
The customer is hereby informed, that the service for E-Vignettes for Hungary is based on centralized mobile payment of services sold by the NMFSZ (Hungarian abbreviation for National Mobile Payment Service Provider):
Nemzeti Mobilfizetési Zrt.
Kapás utca 6-12
To send letters , our website uses the LetterXpress service. Data required for this process is transmitted to this provider. A&O Fischer GmbH & Co KG, Maybachstraße 9, 21423 Winsen (Luhe), Germany is responsible for handling this data. You can find more information at the following address: https://www.letterxpress.de/ueber-uns/datenschutz
If you contact us by e-mail or via a contact form, the transmitted data including your contact details will be stored in order to be able to process your enquiry or to be available for follow-up questions. This data will not be passed on without your consent.
The data entered in the contact form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You may revoke your consent at any time. An informal communication by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to store it or there is no longer any need to store the data. Mandatory legal provisions - in particular retention periods - remain unaffected.
If you open a customer account, you agree that your inventory data such as name, address, e-mail address as well as your usage data (user name, password) are stored. This enables you to order from us using your e-mail address and your personal password.
Subscribe to our e-mail newsletter
If you register for our e-mail newsletter, we will send you regular information about our news and offers. Only your e-mail address is required for sending the newsletter. The provision of any other data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you consent to the sending of newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive future newsletters by clicking on a corresponding link. By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to track your consent and possible misuse of your email address at a later date. The data collected by us when you register for the newsletter is used exclusively for the purpose of addressing you in an advertising manner by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data in a way that goes beyond this and is permitted by law and about which we inform you in this declaration.
When you order goods or services in our online shop, it is necessary for the fulfilment of the contract that you provide your personal data, which is necessary for the processing of your order. The mandatory data required for the processing of the contract are marked separately. Depending on the selected payment method, the data required for payment processing will be forwarded to the corresponding payment service providers. The processing of your data is carried out on the legal basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.
We use American Express on our website. The service provider is the American Express Company. The company responsible for the European region is American Express Europe S.A., Avenida Partenón 12-14, 28042, Madrid, Spain.
The data processing is essentially carried out by American Express. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It is also possible that this data may be linked to data from other American Express services with which you have a user account.
We use Apple Pay, a service for online payment processes, on our website. The service provider is the American company Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.
The data processing is essentially carried out by Apple Pay. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from possible other Apple services with which you have a user account.
We use the payment system service provider Discover on our website. The service provider is the American company Discover Financial Services, 2500 Lake Cook Rd, Riverwoods, IL 60015, USA.
Data processing is essentially carried out by Discover. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It is also possible that this data may be linked to data from other Discover services with which you have a user account.
We use the online payment provider giropay on our website. The service provider is the German company paydirekt GmbH, Stephanstraße 14-16, 60313 Frankfurt am Main, Germany. You can find out more about the data processed through the use of giropay in the data protection declaration on https://www.giropay.de/agb/index.html.
We use the online payment provider Google Pay on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland is responsible for all Google services.
The data processing is essentially carried out by Google Pay. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It is also possible that this data may be linked to data from other Google services with which you have a user account.
We use the payment service provider Mastercard on our website. The service provider is the American company Mastercard Inc. The company responsible for the European region is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium.
The data processing is essentially carried out by Mastercard. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from possible other Mastercard services with which you have a user account.
We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg is responsible for the European region.
The data processing is essentially carried out by PayPal. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from other PayPal services where you have a user account.
We offer payments with Visa on our website. The service provider is the American company Visa Inc. The company responsible for the European region is Visa Europe Services Inc, 1 Sheldon Square, London W2 6TT, United Kingdom.
The data processing is essentially done by Visa. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from possible other Visa services where you have a user account.
We offer payments on our website via the Polish payment system Blik for bank transfer. After selecting Blik on our website, you need to enter a secure Blik code in the payment form.
You receive this unique six-digit code from your banking application and enter it on your checkout page. This links the transaction to the correct banking application. The blik code expires in 120 seconds.
As soon as you select "Pay", Blik sends a push notification to your banking application.
You must authorise the payment within 45 seconds in his banking app for the payment to go through.
iDEAL, Bancontact Customers with accounts at a Dutch bank can pay with iDEAL. Customers who have a Bancontact card at a participating Belgian bank can pay with Bancontact. If you choose iDEAL as your payment method, you will need an account and access to online banking at a participating Dutch bank. If you choose Bancontact as your payment method, you only need a bank account at a Belgian bank and a smartphone or card reader.
If you select iDEAL or Bancontact, you will be redirected to the payment page of your bank at the end of the order process. Here you can make a transfer of the payment as usual. After completing the transaction, you will be redirected back to the operator's website.
When choosing these payment methods, the operator only receives the information about whether the payment was successful or not.
For payment via GiroPay , access to online banking at a participating bank is required. If you select GiroPay , you will be redirected to the online portal of Paydirekt GmbH or secupay AG at the end of the ordering process. There you can log into your online banking account to initiate the payment to us. This requires you to enter your access data for online banking. Further information on the processing of personal data by GiroPay can be found in the data protection regulations of Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany. For further information on the processing of personal data by Giropay, please refer to the data protection provisions of secupay AG, Goethestraße 6,01896 Pulsnitz, Germany.
We use the payment service provider JCB on our website. The service provider is the Japanese company JCB International Ltd. The company responsible for the European region is JCB International (Europe) Ltd Frankfurt Branch (hereinafter referred to as JCB), Messeturm 10. OG, Friedrich-Ebert-Anlage 49, 60308 Frankfurt, Germany.
Data processing is essentially carried out by JCB. This may result in data not being processed and stored anonymously. Furthermore, Japanese government authorities may have access to individual data. It may also happen that this data is linked to data from possible other JCB services where you have a user account.
We use the payment service provider Cartes Bencaire on our website. The service provider is the French company Groupement d 'Intérêt économique Cartes Bancaires CB, 151 Bis Rue Saint-Honoré 75001 Paris, France (hereinafter CB).
The data processing is essentially done by CB. This may result in data not being processed and stored anonymously. Furthermore, French government authorities may have access to individual data. It may also happen that this data is linked to data from possible other CB services where you have a user account.
We use the payment service provider Union Pay on our website. The service provider is the Chinese company UnionPay International Co., Ltd (hereinafter referred to as UnionPay). For the European region, the company UnionPay International Co., Ltd. , Building B, Poly Plaza, No.6 Dongfang Road, Pudong New District, Shanghai, China.
The data processing is essentially carried out by UnionPay. This may result in data not being processed and stored anonymously. Furthermore, Chinese government authorities may have access to individual data. It may also happen that this data is linked to data from possible other UnionPay services where you have a user account.
We use the payment service provider Diners on our website. The service provider is the Austrian company card complete Service Bank AG. The company card complete Service Bank AG, Lassallestraße 3, 1020 Vienna, Austria is responsible for the European region.
Electronic Bank Transfer Finland
After you have chosen to pay with Online Banking Finland, you will be redirected to the payment page hosted by a third party provider, where you will see a list of available banks.
You select your bank and are asked to enter your online banking credentials and authenticate yourself as you would when logging into his online bank account.
They select the account from which they want to make the payment and are asked to enter a unique code to confirm the payment.
After you have completed the payment, you will be redirected back to our website or app.
Data use and disclosure
We will neither sell to third parties nor otherwise market the personal data that you provide to us, e.g. when placing an order or by e-mail (e.g. your name and address or your e-mail address). Your personal data will only be processed for correspondence with you and only for the purpose for which you have provided us with the data. For the processing of payments, we pass on your payment data to the credit institution commissioned with the payment.
The use of data that is automatically collected when you visit our website is only for the purposes stated above. The data will not be used for any other purpose.
We assure you that we will not pass on your personal data to third parties unless we are legally obliged to do so or you have given us your prior consent.
SSL or TLS encryption
Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Personal data that has been communicated to us via our website is only stored until the purpose for which it was entrusted to us has been fulfilled. Insofar as retention periods under commercial and tax law must be observed, the storage period for certain data may be up to 10 years.
Data subjects' rights
With regard to the personal data concerning you, as a data subject, you have the following rights vis-à-vis the data controller in accordance with the legal provisions:
Right of withdrawal
Many data processing operations are only possible with your express consent. If the processing of your data is based on your consent, you have the right to revoke your consent to the processing of data at any time with effect for the future in accordance with Art. 7 (3) GDPR. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Storage of data for billing and accounting purposes remains unaffected by a revocation.
Right to information
You have the right to request confirmation from us, pursuant to Article 15 of the GDPR, as to whether we are processing personal data relating to you. If such processing is taking place, you have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or criteria for determining the storage period, the existence of a right of rectification, erasure or access to your personal data. the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed about which guarantees exist in accordance with Art. 46 of the GDPR if your data are transferred to third countries.
Right of rectification
In accordance with Art. 16 GDPR, you have the right at any time to demand the immediate correction of any inaccurate personal data relating to you and/or the completion of your incomplete data.
Right to erasure
You have the right to request the deletion of your personal data in accordance with Art. 17 GDPR if one of the following reasons applies:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a GDPR and there is no other legal basis for the processing;
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
- The personal data have been processed unlawfully;
- The deletion of personal data is necessary for compliance with a legal obligation under Union law or the law of the Member State to which we are subject;
- The personal data was collected in relation to information society services offered pursuant to Art. 8(1) GDPR;
However, this right does not exist insofar as the processing is necessary:
- to exercise the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right of the data subject is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
for the establishment, exercise or defence of legal claims.
If we have made your personal data public and we are obliged to erase it in accordance with the above, we shall take reasonable steps, including technical measures, to inform data controllers processing the personal data that you, as the data subject, have requested that they erase all links to your personal data or copies or replications thereof, taking into account the available technology and the cost of implementation.
Right to restrict processing
You have the right to request the restriction of processing (blocking) of your personal data in accordance with Art. 18 GDPR. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data has happened / is happening unlawfully, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Right to information
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. In accordance with Art. 19 of the GDPR, you have the right to be informed about these recipients upon request.
Right not to be subject to a decision based solely on automated processing, including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you, in accordance with Article 22 of the GDPR.
This shall not apply if the decision
- is necessary for the conclusion or performance of a contract between you and us,
- is authorised by legislation of the Union or the Member States to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
- is done with your express consent.
However, decisions in the cases referred to in (a) to (c) may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
In the cases referred to in (a) and (c), we shall take reasonable steps to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person responsible, to express your point of view and to contest the decision.
Right to data portability
If the processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and is carried out with the help of automated processes, you have the right, pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format and to transfer it to another controller or to demand that it be transferred to another controller, insofar as this is technically feasible.
Right of objection
Insofar as we base the processing of your personal data on the balance of interests pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on this provision. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) of the GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 (2) GDPR).
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
Right of appeal to the competent supervisory authority pursuant to Art. 77 GDPR
In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.
The supervisory authority responsible for us is:
The Bavarian State Commissioner for Data Protection
PO Box 22 12 19
Telephone: 089 212672-0