Privacy Policy
The information on this page applies to the use of the website in the context of the generally accessible online presence.
Data protection for members
Separate information applies to members, of which they will be informed when they become members.
Data protection for applicants
Our data protection regulations for applicants can be found at the privacy policy for applicants
Privacy policy for website use
Name and address of the responsible person
The responsible party within the meaning of the EU General Data Protection Regulation (GDPR, hereinafter: DSGVO) and other national data protection laws of the member states as well as other data protection regulations is:
Berlin-Brandenburg Energy Network e.V.
Albrechtstrasse 22
10117 Berlin-Mitte
Phone: +49 (0) 152 598 751 79.
E-Mail: info@bbenergynetwork.de
President: Christoph Urbschat
Management: Nicole Hiltl
We are not obliged to appoint a data protection officer.
General information on data processing
Scope of the processing of personal data
As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which our association is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our association or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Provision of the website and creation of log files
Description and scope of data processing
Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected in this process:
- Information about the browser type and the version used.
- The operating system of the user
- The user's Internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites that are accessed by the user's system via our website
The data is stored in the log files of our system. This data is not stored together with other personal data of the user.
Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.
Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage of usage data beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
Use of cookies
Description and scope of data processing
We use cookies on our website. Cookies are small files that are sent by us to the browser of your terminal device during your visit to our website and stored there. Some functions of our website cannot be offered without the use of cookies. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.
The following cookies are used:
Essential
Essential cookies enable basic functions and are required to save your cookie selection. The legal basis is Section 25 (2) TTDSG and Article 6 (1) (f) GDPR.
Borlabs Cookie
| Name | Borlabs Cookie |
|---|---|
| Provider | BBEnergynetwork, Legal Notice |
| Usage | Stores the visitor's preferences selected in the Borlabs Cookie cookie box. |
| Cookie Name | borlabs-cookie |
| Cookie duration | 1000 Tage |
Statistics
Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website. The legal basis is Section 25 (1) TTDSG and Article 6 (1) (a) GDPR. This service processes personal data in the USA. With your consent to use this service, you also agree to the processing of your data in the USA in accordance with Article 49 (1) lit. a GDPR. The ECJ classifies the USA as a country with insufficient data protection according to EU standards. For example, there is a risk that US authorities will process personal data in surveillance programs without Europeans being able to take legal action.
Google Analytics
| Name | Google Analytics |
|---|---|
| Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Usage | Google cookie for website analysis. Generates statistical data about how the visitor uses the website. |
| Privacy Policy | https://policies.google.com/privacy?hl=de |
| Cookie Name | _ga,_gat,_gid |
| Cookie duration | 2 years |
External Media
Content from video platforms and social media platforms is blocked by default. If cookies from external media are accepted, access to this content no longer requires manual consent. The legal basis is Section 25 (1) TTDSG and Article 6 (1) (a) GDPR. Some services process personal data in the USA. With your consent to the use of these services, you also agree to the processing of your data in the USA in accordance with Article 49 (1) lit. a GDPR. The ECJ classifies the USA as a country with insufficient data protection according to EU standards. For example, there is a risk that US authorities will process personal data in surveillance programs without Europeans being able to take legal action.
Podigee Podcasts
| Name | Podigee Podcasts |
|---|---|
| Provider | Podigee Podcasts |
| Usage | Used to unblock Podigee Podcasts content. |
| Host(s) | podigee.io |
| Cookie duration | 1000 days |
| Name | |
|---|---|
| Provider | Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland |
| Usage | Used to unblock Twitter content. |
| Privacy Policy | https://twitter.com/privacy |
| Host(s) | .twimg.com, .twitter.com |
| Cookie Name | __widgetsettings, local_storage_support_test |
| Cookie duration | 1000 days |
Vimeo
| Name | Vimeo |
|---|---|
| Provider | Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA |
| Usage | Used to unblock Vimeo content. |
| Privacy Policy | https://vimeo.com/privacy |
| Host(s) | player.vimeo.com |
| Cookie Name | vuid |
| Cookie duration | 2 years |
YouTube
| Name | YouTube |
|---|---|
| Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Usage | Used to unblock YouTube content. |
| Privacy Policy | https://policies.google.com/privacy |
| Host(s) | google.com |
| Cookie Name | NID |
| Cookie duration | 6 Months |
On your first visit, you specified your cookie preferences. If you change your mind and want to re-select, please click the button:
Legal basis for data processing
Based on the purposes described above, the legal basis for the processing of personal data using functional cookies is Article 6 (1) lit. f DSGVO and Section 25 (2) TTDSG. If you have given us your consent to the use of cookies on the basis of a notice ("cookie banner") issued by us on the website, the lawfulness of the use is based on Art. 6 para. 1 sentence 1 lit. a DSGVO as well as §25 para. 1 TTDSG.
Purpose of data processing
The purpose of using technically necessary cookies is to store your cookie selection. The user data collected through technically necessary cookies is not used to create user profiles.
Other cookies are used by third-party providers whose content we include on the Internet pages and whose setting you decide yourself.
Duration of storage, possibility of objection and removal
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as the user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all website functions to their full extent.
Configuration of browser settings
Most browsers are preset to accept cookies by default. However, you can configure your respective browser in such a way that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are deactivated by your browser settings on our website. You can also delete cookies already stored in your browser via your browser settings. Furthermore, it is possible to set your browser to notify you before cookies are stored. Since the various browsers may differ in their respective functionalities, we ask you to use the respective help menu of your browser for the configuration options.
If you would like to have a comprehensive overview of all third-party accesses to your Internet browser, we recommend that you install specially developed plug-ins for this purpose.
Embedded functions and content
We embed functional and content elements in the online offer (hereinafter referred to as "content"), which are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers").
The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content or functionality.
- Types of data processed: Usage data (e.g. web pages visited, access times), meta/communication data (e.g. device information, IP addresses)
- Data subjects: Users (e.g. website visitors, users of online services)
- Purposes of processing: provision of our online offer and user-friendliness, service
- Legal basis: consent (Art. 6 para. 1 p. 1 lit. a. DSGVO).
Services used and service providers:
- YouTube: Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.youtube.com; privacy policy: https://policies.google.com/privacy; opt-out: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de; Ad Display Settings: https://adssettings.google.com/authenticated.
- Twitterfeed: Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. Parent company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. If you are logged in to Twitter while you visit one of our websites with the plug-in, the information collected by the plug-in from your specific visit will be recognized by Twitter. Twitter may assign the information collected in this way to your personal user account there. If you use, for example, the so-called "Share" button of Twitter, this information will be stored in your Twitter user account and possibly published via the platform of Twitter. If you want to prevent this, you must either log out of Twitter before visiting our website or make the appropriate settings in your Twitter user account; privacy policy: https://twitter.com/de/privacy, (settings) https://twitter.com/personalization.
- Google Fonts: When loading external content, fonts ("Google Fonts") from the provider Google are also loaded, whereby the user data is used solely for the purpose of displaying the fonts in the user's browser. The data may be processed in the USA. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://fonts.google.com/; privacy policy: https://policies.google.com/privacy;
- Podigee Podcasts: Provider: Podigee GmbH, Schlesische Straße 20, 10997 Berlin. Privacy policy: https://www.podigee.com/de/ueber-uns/datenschutz.
Analysis tools
We use tracking and analysis tools to ensure the ongoing optimization and needs-based design of our website. With the help of tracking measures, it is also possible for us to statistically record the use of our website by visitors and to further develop our online offer for you with the help of the knowledge gained through this. If you have given us your consent to the use of cookies on the basis of a notice ("cookie banner") issued by us on the website, the legality of the use is based on Art. 6 (1) sentence 1 lit. a DSGVO. The following description of the tracking and analysis tools also shows the respective processing purposes and the processed data.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountainview, CA 94043 USA ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site.
The information generated by these cookies, for example about the time, place and frequency of your use of this website, is usually transmitted to a Google server in the USA and stored there. When using Google Analytics, it cannot be ruled out that the cookies set by Google Analytics may also collect other personal data in addition to the anonymized IP address. Please note that Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
Google will use the information generated by cookies on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. According to Google, the IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.
You can generally prevent cookies from being stored by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
To prevent information about your use of the website from being collected by Google Analytics and transmitted to Google Analytics, you can download and install a plugin for your browser at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
This plugin prevents information about your visit to the website from being transmitted to Google Analytics. Any other analysis is not prevented by this plugin.
We would like to point out that you cannot use the browser plug-in described above when visiting our website via the browser of a mobile end device (smartphone or tablet). When using a mobile device, you can prevent the collection of your usage data by Google Analytics by clicking on the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
By clicking on this link, a so-called opt-out cookie will be set in your browser. This prevents information about your visit to the website from being transmitted to Google Analytics. Please note that the opt-out cookie is only valid for this browser and only for this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted. To continue to prevent collection by Google Analytics, you must click the link again. The use of the opt-out cookie is also possible as an alternative to the above plug-in when using the browser on your computer.
To ensure the best possible protection of your personal data, Google Analytics has been extended on this website with the code "anonymizeIp". This code causes the last 8 bits of the IP addresses to be deleted and your IP address is thus recorded anonymously (so-called IP masking).
If you want to change your preferences for this website, click the button to reselect the preferences:
Newsletter
Description and scope of data processing
On our website there is the possibility to subscribe to a free newsletter. In doing so, the data from the input mask is transmitted to us when registering for the newsletter.
The data collected for this purpose are:
- Your name
- Your e-mail address
In addition, the following data is collected during registration:
- IP address of the calling computer
- Date and time of registration
For the processing of data, your consent is obtained during the registration process and reference is made to this privacy policy.
Services used and service providers:
- MailChimp: Provider: The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA. The Rocket Science Group offers further data protection information at https://mailchimp.com/legal/privacy/.
If you register for our newsletter, the data requested during the registration process, such as your e-mail address and, optionally, your name and address, will be processed by The Rocket Science Group. In addition, your IP address and the date and time of your registration will be stored. In the course of the further registration process, your consent to the sending of the newsletter will be obtained, the content will be described in detail and reference will be made to this privacy policy.
The newsletter subsequently sent via The Rocket Science Group also contains a so-called tracking pixel, also called web beacon. With the help of this tracking pixel, we can evaluate whether and when you have read our newsletter and whether you have followed any links contained in the newsletter. In addition to other technical data, such as the data of your IT system and your IP address, the processed data is stored so that we can optimize our newsletter offer and respond to the wishes of the readers. The data is thus used to increase the quality and attractiveness of our newsletter offer.
Legal basis for data processing
The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 (1) lit. a DSGVO if the user has given his consent.
The legal basis for the dispatch of the newsletter and the analysis is Art. 6 para. 1 lit. a.) DSGVO. In accordance with Art. 7 (3) DSGVO, you can revoke your consent to the sending of the newsletter at any time with effect for the future. To do so, you simply need to inform us of your revocation or use the unsubscribe link contained in each newsletter.
Purpose of data processing
The collection of the user's e-mail address serves to deliver the newsletter.
The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
The analysis of the reading behavior serves to improve our services.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the data will be stored as long as the subscription to the newsletter is active.
Possibility of objection and removal
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.
This also enables revocation of consent to the storage of personal data collected during the registration process.
Contact form and e-mail contact
Description and scope of data processing
A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:
- Your name
- Your e-mail address
- Other information that users enter in the free text field
At the time the message is sent, the following data is also stored:
- The user's IP address
- Date and time of sending
For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
Purpose of the data processing
The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
Possibility of objection and removal
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
Inform us of your decision regarding revocation of consent and/ or objection to the storage of your data by sending an e-mail to info@bbenergynetwork.de. All personal data stored in the course of contacting you will be deleted in this case, unless there are legal retention periods.
SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Presence in social networks
We maintain online presences within various social networks in order to communicate with users active there or to offer information about us there. There are links on our website that lead to our profiles. As long as users are on our website, no connection to the respective network is established. The links are used so that users can communicate with us within these networks.
We would therefore like to point out that user data may be processed outside the European Union. This may result in various risks for users, for example, because it may be more difficult to enforce the rights of users. With regard to US providers, we point out that user data is processed in the USA.
Furthermore, the data of users within social networks is usually processed for market research and advertising purposes and used accordingly. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data may also be stored in the usage profiles irrespective of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed and comprehensive presentation of the respective forms of processing and the options to object (opt-out), we refer to the data protection declarations issued for these networks and information provided by the operators of the respective networks. In principle, you have the option of objecting to the use of your data by these platforms.
But also in the case of requests for information and also the assertion of the other so-called data subject rights (if your data has been collected or stored or processed or passed on), we point out that these can be asserted most effectively with the providers. This is because only the providers have access to the users' data and can take appropriate measures and provide information directly. You can also assert these rights against these companies with reference to the GDPR, for example in Germany as well as in other European countries.
- Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Data subjects: all users (e.g. website visitors, users of online services) whose data has been collected, stored, processed or passed on.
- Purposes of processing: contact inquiries and communication, tracking (e.g. interest/behavior-based profiling, use of cookies), remarketing, coverage measurement (e.g. access statistics, recognition of returning visitors).
- Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO), consent (Art. 6 para. 1 p. 1 lit. a. DSGVO) if you have a profile with the providers themselves and visit pages of the provider.
Services and service providers with which we maintain profiles:
- LinkedIn: Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Twitter: Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy policy: https://twitter.com/de/privacy, (settings) https://twitter.com/personalization.
Rights of the data subject
If personal data of yours is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:
1. Right of access
You may request confirmation from the controller as to whether personal data concerning you are being processed by us.
If such processing is taking place, you may request information from the controller about the following:
(1) the purposes for which the personal data are processed.
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
2. Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
3. Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims; or
(4) if you have objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the controller's legitimate grounds override your grounds.
If the processing of personal data concerning you has been restricted, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
4. Right to erasure
a) Obligation to erase
You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.
(4) The personal data concerning you have been processed unlawfully.
(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
b) Exceptions
The right to erasure does not exist to the extent that the processing is necessary
(1) for the exercise of the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
(5) for the assertion, exercise or defense of legal claims.
5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that.
(1) the processing is based on consent pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO or on a contract pursuant to Art. 6(1)(b) DSGVO and
(2) the processing is carried out with the help of automated procedures.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
8. Right to revoke your declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
9. Automated decision-making in individual cases including profiling
We refrain from automated decision making including profiling
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html), in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.