Data protection declaration for employees (m/f/d) pursuant to the EU General Data Protection Regulation (GDPR)
Applicable for employees (m/f/d) of the "Fischer Group" (defined as (i) Fischer; (ii) the companies associated with Fischer within the meaning of §§ 15 ff. AktG; (iii) Helmut Fischer Foundation with registered office in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of §§ 15 ff. AktG affiliated companies), (hereinafter referred to as the “controller“).
With the following information pursuant to Art. 12 et seq. GDPR we will provide an overview of our processing of your personal data in line with the employment and your rights from the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FDPA). Which data is processed in detail and how it is used depends decisively on the employment contract and job description.
1. Controller for data processing
HELMUT FISCHER GMBH Institut für Elektronik und Messtechnik
Industriestraße 21
71069 Sindelfingen
Germany
Telephone +49 (0) 70 31 / 3 03 - 0
Fax +49 (0) 70 31 / 3 03 - 710
E-mail info@helmut-fischer.com
Internet www. helmut-fischer.com
2. Data protection officer of the controller
Christian Schwinge
schwinge GmbH
Am Kochenhof 12
70192 Stuttgart
Germany
Telephone +49 (0) 711 / 258560-0
E-mail christian.schwinge@helmut-fischer.com
3. Data and data sources
a) Sources
We process personal data that we receive from you as part of the employment relationship. In addition, we process personal data that you have made available to us as part of the application process, that we have received from recruiters, or that we have legitimately obtained and are allowed to process from other sources that you have made publicly available. Due to legal regulations, we can also collect your data from other sites, including in particular tax-relevant information at the responsible tax authorities and information about periods of incapacity for work at the health insurance companies.
b) Categories of personal data
As part of the employment relationship, the following personal data can be collected, processed and stored, which are related to your employment:
Address and communication data (title, first name, surname, address, telephone, email address, other contact details); Master data (date and place of birth, gender, nationality, marital status, parental status, legal capacity, salary, social security number, pension insurance number, tax identification number, personnel number, photo); Billing, performance and payment data (bank details, insurance); Appraisals, behavior, evaluations (job references, certificate of good conduct) as well as information on professional qualifications, school education, further vocational training, driving licenses and vehicle classes.
In addition, other personal data that you have provided to us (CV, certificates, questionnaires, interviews, previous activities, or job-related information) will be processed or that arise in the course of employment (assignment of address and communication data to customers/projects/orders/invoices, log data when using IT systems, time recording data, performance data, vacation times, periods of incapacity for work, maternity leave, parental leave).
If necessary for the realization of the employment relationship or voluntarily communicated by you during employment, the processing of special categories of personal data (such as health data, religious affiliation, degree of disability) also takes place.
In particular, personal, telephone or written contacts initiated by you or by the controller create additional personal data. These include e.g. information about the contact channel, date, reason and result, (electronic) copies of correspondence and minutes of the conversation.
4. Purpose and legal basis of processing
We process the personal data mentioned under no. 3 for the purpose of establishing, executing and terminating the employment relationship in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FDPA):
a) For the purpose of the employment relationship (Art. 6 paragraph 1 lit. b GDPR combined with § 26 paragraph 1 combined with paragraph 8 FDPA)
The processing of your personal data takes place insofar as this is necessary for the establishment, realization and termination of the employment relationship or for the exercise or fulfillment of legal or collective agreement obligations.
We may contact you in the context of your employment using the data provided by you.
b) On the basis of your consent (Article 6 paragraph 1 lit. a GDPR combined with § 26 paragraph 2 FDPA)
Provided that you have given us your consent to process personal data in the context of the employment relationship for certain purposes (e. g. disclosure of data within the corporate group), the processing shall be legitimate on the basis of your consent. A given consent may be revoked at any time. Please note that the cancellation will only be valid for the future. Processing made before the cancellation shall not be affected. You may request an overview of the status of the contents you have given at any time.
c) On the basis of your consent for special categories of personal data (Article 9 paragraph 2 lit. a GDPR combined with § 26 paragraph 2 FDPA)
The processing of special categories of personal data (e.g. health data) shall be based on your consent pursuant to Article 9 paragraph 2 lit. a GDPR combined with § 26 paragraph 2 FDPA, unless legal permissions such as Article 9 paragraph 2 lit. b GDPR combined with § 26 paragraph 3 FDPA are pertinent.
d) Due to compliance with legal obligations (Article 6 paragraph 1 lit. c GDPR combined with § 26 paragraph 2 FDPA)
Your data is also processed in order to fulfill our legal obligations as an employer with regard to tax and social security law.
On the basis of Art. 9 paragraph 2 lit. b GDPR combined with § 26 paragraph 3 FDPA also includes the processing of special personal data in accordance with Art. 9 paragraph 1 GDPR, insofar as this is for the exercise of rights or the fulfillment of legal obligations from labor law, the right to social security and social protection (e.g. providing health data to health insurance companies, recording the severely disabled person to grant additional leave and determination of the severely disabled person's tax).
The processing of health data can also be used to assess the ability to work according to Art. 9 paragraph 2 lit. h combined with § 22 paragraph 1 FDPA may be required.
Due to legal requirements, in particular according to § 257 of the German Commercial Code (HGB) and § 147 of the German Tax Code (AO), the Controller is obliged to store and store business documents and data for several years. In addition, all access to the communication systems are logged, stored and evaluated as needed to meet legal requirements and ensure information security.
In the event of disclosure for reasons of data protection, freedom of information or other laws, legal proceedings or investigations by supervisors, data subjects must assume that e-mails, text messages, voicemail or other electronic communications can be accessed, read, heard or disclosed by third parties, if they are relevant to the questions examined.
e) For the purposes of the legitimate interests (Article 6 paragraph 1 lit. f GDPR)
To protect justified interests of us or a third party the processing of data submitted by you can be required for the following reasons:
- Defense of asserted claims from the employment relationship
- Burden of proof in a process pursuant to the General Equal Treatment Act (GETA)
- Reconciliation with so-called EU terror lists pursuant to the European anti-terror regulation 2580/2001 and 881/2002 to ensure that no funds or other economic resources are provided for terrorist purposes
- Prevention of crimes
- Video surveillance for preserving the domiciliary right, collecting evidence in the event of crimes
- Building and office security precautions
- Measures for assuring the domiciliary right
- Risk control within the corporate group
- Own statistical purposes with anonymous data (e.g. studies as to the behavior of employees)
- Safeguarding IT security and IT operations: The personal data resulting from the use of the IT systems, e-mail, internet and telephony services is generally not used for performance and behavioral control. The legal basis for the processing of personal data to ensure the proper operation of e-mail / internet services is the legitimate interest of the Controller. The recorded protocol and connection data are used exclusively for billing internet use, ensuring system security, defending and / or analyzing cybercrime, controlling network load balancing and network optimization, analyzing and correcting technical errors, and disruptions, abuse control and suspected criminal offenses. The processing of the stored personal data, with the exception of the data collected by the legally required archiving, will be restricted after approx. 6 months. The data is only part of the long-term archiving.
5. Recipients of data
Within the controller those persons and entities shall be granted access to your data which are required by them to carry out the employment relationship and to fulfill our contractual and legal obligations.
We can transmit your personal data to related companies of the "Fischer Group" (defined as (i) Fischer; (ii) the companies associated with Fischer within the meaning of §§ 15 ff. AktG; (iii) Helmut Fischer Foundation with registered office in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of §§ 15 ff. AktG affiliated companies), to the extent permissible in line with the purposes and legal bases mentioned under no. 4. or data processing tasks for the employment relationship are centrally executed within the group.
With regard to data transfer to recipients outside the controller it must be considered first of all that we will only transfer information about you if provided by legal stipulations, you have given your consent and/or processors commissioned by us guarantee that the requirements of the GDPR and the FDPA are complied with and this is required for constituting an employment relationship.
Under these conditions the recipients of personal data may for instance be:
- Public bodies and institutions in the circumstances of a statutory or official obligation
- Banks for processing payment transactions
- Acceptance points of the health insurance companies
- Professional associations
- Entities to be able to guarantee claims from company pension schemes
- Entities in order to be able to pay out wealth-generating benefits
- Processors to which we submit personal data for the realization of the employment. In detail: Providers of employment management systems, support/servicing of EDP/IT applications, call-center services, compliance services, data destruction, research, risk controlling, video legitimation, website management incl. host provider, insurance companies.
Further data recipients may be those entities for which you have given the consent to data transfer.
6. Data transfer to third countries or international organisations
Data transfer to countries outside the EU or EEA (so-called non-member countries) shall only take place if it is required for the establishment, realization and termination of the employment relationship, is statutory, you have given us your consent or in line with order processing. If service providers are employed in a non-member state, these shall be obliged to the compliance with the data protection level in Europe in addition to written instructions by the agreement of EU standard contractual clauses.
7. Term of data storage
We will save your personal data as long as required for the establishment, realization and termination of the employment relationship.
This shall not be applicable if legal stipulations are opposed to the deletion or another saving for the purpose of argumentation for defending possible legal claims is required or you have given your consent to longer saving.
8. Data protection rights of the data subject
Depending on the situation you will have the following data protection rights on a case-by-case basis. Please do not hesitate to contact us or our data protection officer as to the assertion of such rights:
a) Right of access by the data subject (Art. 15 GDPR)
You are entitled to access your personal data processed by us, as well as demand access to your personal data and/or copies of these data. This shall include information about the purpose of processing, the categories of the data concerned, its recipients and the recipients or categories of recipient to whom the personal data have been or will be disclosed, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period. The restrictions of § 34 FDPA shall apply.
b) Right to rectification (Art. 16 GDPR)
You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed (also by means of providing a supplementary statement).
c) Right to erasure (Art. 17 GDPR)
You shall have the right to obtain from us the erasure of personal data concerning you without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
- You revoke consent to the processing and where there are no other primary legitimate reasons for the processing
- The personal data have been unlawfully processed
- The personal data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject. This shall not apply for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the establishment, exercise or defense of legal claims
The restrictions of § 35 FDPA shall apply.
d) Right to restriction of processing (Art. 18 GDPR)
You shall have the right to demand restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
- We no longer need the personal data for the purposes of the processing, but they are required by you for the assertion, exercise or defense of legal claims.
- You have objected to processing pending the verification whether the legitimate grounds on our part override yours.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing we shall inform you before the restriction of processing is lifted.
e) Right to data portability (Art. 20 GDPR)
You shall have the right to receive the personal data provided by you, in a structured, commonly used and machine-readable format.
f) Right to object (Art. 21 GDPR)
As far as the processing is based on Art. 6 paragraph 1 lit. f GDPR, you shall at any time have the right to object on grounds relating to your particular situation, to the processing of these personal data. We will then no longer process these personal data, unless we are able to prove compelling legitimate reasons for the processing that override your interests, rights and freedoms or the processing is for asserting, exercise or defense of legal claims.
g) Right to withdraw (Art. 7 paragraph 3 GDPR)
Where processing is based on consent, you shall be entitled to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Please do not hesitate to contact our data protection officer at any time under the aforementioned data.
h) Right to complaint (Art. 13 paragraph 2 lit. d GDPR and Art. 77 GDPR combined with § 19 FDPA)
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
9. Obligation to provide data
Within the context of your employment you must provide the personal data required for the establishment, realization and termination of the employment relationship. Without this data, employment is not possible.
10. Automated decision making (including profiling)
There will be no automated individual decision making in terms of Art. 22 GDPR. This means decisions in the context of employment is not exclusively based on automated processing.
Version: April 2021
Data protection declaration pursuant to the EU General Data Protection Regulation (GDPR)
Applicable for customers, interested parties, suppliers, as well as sales and cooperation partners of the "Fischer Group" (defined as (i) Fischer; (ii) the companies associated with Fischer within the meaning of §§ 15 ff. AktG; (iii) Helmut Fischer Foundation with registered office in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of §§ 15 ff. AktG affiliated companies), (hereinafter referred to as “Controller”).
With the following information pursuant to Art. 12 et seq. GDPR we will provide an overview of the processing of your personal data and your rights from the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FDPA). The requested or commissioned products and services shall be decisive for the data to be processed in detail and the manner these are used.
1. Controller for data processing
HELMUT FISCHER GMBH Institut für Elektronik und Messtechnik
Industriestraße 21
71069 Sindelfingen
Germany
Telephone +49 (0) 70 31 / 3 03 - 0
Fax +49 (0) 70 31 / 3 03 - 710
E-mail info@helmut-fischer.com
Internet www. helmut-fischer.com
2. Data protection officer of the controller
Christian Schwinge
schwinge GmbH
Am Kochenhof 12
70192 Stuttgart
Germany
Telephone +49 (0) 711 / 258560-0
E-mail chrstian.schwinge@helmut-fischer.com
3. Data and data sources
a) Sources
We process personal data provided by you in line with our business relationship. Moreover, we process (as far as required for the provision of our products and rendering our service) personal data obtained by other companies of the "Fischer Group" (defined as (i) Fischer; (ii) the companies associated with Fischer within the meaning of §§ 15 ff. AktG; (iii) Helmut Fischer Foundation with registered office in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of §§ 15 ff. AktG affiliated companies) or other third parties (e. g. for the performance of contracts, the execution of contracts or due to the consent granted by you). On the other hand we process personal data we have permissibly gained from publicly accessible sources (e.g. trade and association register, press, media, Internet) and which may be processed.
b) Categories of personal data
When initiating a business relationship or when master data are created the following personal data can be collected, processed or saved:
Address and communication data (name, address, telephone, e-mail address, other contact data), person master data (date/place of birth, gender, nationality, marital status, legal capacity, professional group code) legitimation data (e. g. passport), authentication data (e. g. specimen signature), tax ID)
When products and services are utilized in line with the contracts concluded with us, the following further personal data can be primarily collected, processed and saved in addition to the aforementioned data:
Contract master data (order data, data from the compliance with our contractual obligations, information about potential third-party beneficiaries), account, performance and payment data (debit data, tax information further person master data (profession, employer), documentation data (e. g. protocols), product data (e. g. requested or booked services and products), as well as the following business creditworthiness documents: Net income accounts, balance sheets, business assessment, type and term of self-employment.
c) Contact information
In the context of the period of initiating a business relationship and during the business relationship, in particular by personal, telephone or written contacts initiated by you or the Controller further personal data are created. This includes e.g. information on the contact channel, date, occasion and result (electronic) copies of the correspondence, as well as information on the participation in direct marketing activities.
d) Services of the information society
When data is processed in line with services of the information society, you will obtain further data protection information related to the respective service.
4. Purpose and legal basis of processing
We process the personal data mentioned in 3 in compliance with the regulations of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FDPA).
a) For compliance with contractual obligations (Article 6 paragraph 1 lit. b GDPR)
The processing of personal data is made for justification, performance (content and modification) and termination of a contract for the provision of products or the rendering of services, as well as for the performance of pre-contractual activities for the preparation of quotations, contracts or other requests directed at the conclusion of the contract which are made on the basis of your request.
The purposes of data processing are first of all based on the specific products and services and can comprise needs analyses, consulting and support etc. Further details of the purpose of data processing can be gathered from the respective (also pre-contractual) contract documents of our cooperation.
Interested parties may be contacted under consideration of potentially stated limitations during the initiation of the contract and customers, suppliers, as well as cooperation partners during the business relationship using the data they have communicated.
b) Due to your consent (Article 6 paragraph 1 lit. a GDPR or Art. 9 paragraph 2 lit. a GDPR)
Provided that you have given us your consent to process personal data for certain purposes (e. g. disclosure of data within the corporate group), the processing shall be legitimate on the basis of your consent. A given consent may be revoked at all times. This shall also be applicable for the cancellation of declarations of consent that were given vis-à-vis us prior to the validity of the EU General Data Protection Regulation, this means prior to 25 May 2018. Please note that the cancellation will only be valid for the future. Processing made before the cancellation shall not be affected. You may request an overview of the status of the contents you have given at all times.
c) Due to your consent to special categories of personal data (Art. 9 paragraph 2 lit. a GDPR)
The processing of special categories of personal data (such as health data) is based on your consent under Art. 9 paragraph 2 lit. a GDPR, as far as not legal permission facts like Art. 9 paragraph 2 lit. b are relevant (see under d)).
d) Due to compliance with legal obligations (Article 6 paragraph 1 lit. c GDPR or for the public interest (Article 6 paragraph 1 lit. e GDPR)
We are subject to various legal obligations, as well as legal requirements and process data for the following purposes among others: Identity check and age verification, the compliance with fiscal control and reporting obligations, as well as the assessment and control of risks within the corporate group.
Due to legal requirements, in particular according to § 257 of the German Commercial Code (HGB) and § 147 of the German Tax Code (AO), the Controller is obliged to store and store business documents and data for several years. In addition, all access to the communication systems are logged, stored and evaluated as needed to meet legal requirements and ensure information security.
In the event of disclosure for reasons of data protection, freedom of information or other laws, legal proceedings or investigations by supervisors, data subjects must assume that e-mails, text messages, voicemail or other electronic communications can be accessed, read, heard or disclosed by third parties, if they are relevant to the questions examined.
e) For the purposes of the legitimate interests (Article 6 paragraph 1 lit. f GDPR)
To protect justified interests of us or a third party the processing of data submitted by you can be required for the following reasons:
- Review and optimization of processes for needs analysis and direct customer contact; incl. segmentations and calculation of probability of closure
- Advertising or market and opinion research, provided that you have not objected to the utilization of your data
- Assertion of legal claims, defense in the event of legal disputes, defense against liability claims
- Comparison with the so-called EU terrorist lists acc. the European Anti-Terror Law Regulations 2580/2001 and 881/2002 to ensure that no funds or other economic resources are provided for terrorist purposes
- Consultation of and data exchange with credit agencies for ascertaining credit risks
- Prevention of crimes
- Video surveillance for preserving the domiciliary right, collecting evidence in the event of crimes
- Building and office security precautions
- Measures for assuring the domiciliary right
- Business management and development of services and products measures
- Risk control within the corporate group
- Own statistical purposes with anonymous data
- Safeguarding IT security and IT operations: The personal data resulting from the use of the IT systems, e-mail, internet and telephony services is generally not used for performance and behavioral control. The legal basis for the processing of personal data to ensure the proper operation of e-mail / internet services is the legitimate interest of the Controller. The recorded protocol and connection data are used exclusively for billing internet use, ensuring system security, defending and / or analyzing cybercrime, controlling network load balancing and network optimization, analyzing and correcting technical errors, and disruptions, abuse control and suspected criminal offenses. The processing of the stored personal data, with the exception of the data collected by the legally required archiving, will be restricted after approx. 6 months. The data is only part of the long-term archiving.
5. Recipients of data
Within the Controller those entities shall be granted access to your data which are required to comply with our contractual and legal obligations. Service providers employed by us can receive data for these purposes, if they comply with our written data protection directions.
With regard to the disclosure of data to recipients not belonging to the Controller it has to be observed first of all that we are obliged to keep all customer-related information we become aware of confidential. We shall only be entitled to disclose information about you if this is permitted by statutory stipulations, you have consented and/or processors commissioned by us guarantee similarly the requirements of the EU General Data Protection Regulation and the Federal Data Protection Act.
Under those conditions the recipients of personal data may for instance be:
- Public bodies and institutions in the circumstances of a statutory or official obligation.
- Processors to which we submit personal data for the execution of the business relationship. In detail: Support/maintenance of EDP/IT applications, archiving, document processing, call center services, compliance services, controlling, data destruction, purchasing/procurement, space management, recovery, customer management, letter shops, marketing, media technology, report system, research, risk controlling, claim for expenses, telephony, video legitimization, website management, auditing service, transactions.
Further data recipients may be those entities for which you have given the consent to data transfer.
6. Data transfer to third countries or international organizations
Data transfer to countries outside the EU or EEA (so-called non-member countries) or international organization shall only take place if it is required for the performance of your orders, statutory (e.g. fiscal reporting requirements), you have given us your consent or it is done in line with order processing. If service providers are employed in a non-member state, these shall be obliged to the compliance with the data protection level in Europe in addition to written instructions by the agreement of EU standard contractual clauses.
7. Term of data storage
We will process and save your personal data as long as required for the performance of our contractual and legal obligations. If the data are not required anymore for the performance of contractual or legal obligations, they will be deleted at regular intervals, unless their (limited) processing is necessary for the following purposes:
- Compliance with commercial and fiscal retention periods pursuant to Section 257 Commercial Code (HGB) and Tax Code with periods for storage or documentation of two to ten years laid down there.
- Receipt of evidence in the context of the statute of limitations. Pursuant to Sections 195 et seq. of the Civil Code (BGB) these limitation periods can be up to thirty (30) years, whereas the regular limitation period is three years.
8. Data protection rights of the data subject
Every data subject shall have a right of access by the data subject pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure (“Right to be forgotten”) pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to data portability from Article 10 GDPR, as well as the right to object from Article 21 GDPR. For the right to erasure and right of access the limitations pursuant to § 34 and § 35 FDPA shall be applicable. Moreover, there is the right to lodge a complaint with a supervisory authority pursuant to Art. 13 paragraph 2 lit. d GDPR and Article 77 GDPR combined with § 19 FDPA.
You may revoke the consent to the processing of personal data pursuant to Art 7 paragraph 3 GDPR at any time. This shall also be applicable for the cancellation of declarations of consent that were given vis-à-vis us prior to the validity of the EU General Data Protection Regulation, this means prior to 25 May 2018. The cancellation of the consent shall not affect the legitimacy of the processing made on the basis of the consent until the cancellation.
9. Obligation to provide data
In the context of our business relationship you must provide the personal data that is required for entering into and carrying out a business relationship and the compliance with the contractual obligations related to it or the collection to which we are legally bound. Without these data it is expected that we will normally be obliged to object to the conclusion of the contract, the provision of products and the rendering of services or to no longer carry out an existing contract or terminate the same.
10. Automated decision making (including profiling)
As a general rule, we do not use fully automated individual decision making (including profiling) for entering into and the performance of the business relationship pursuant to Article 22 GDPR. Should we use these processes on a case-by-case basis, we will inform you separately, provided that is stipulated by law.
11. Profiling
We process your data partially automated with the aim of assessing certain personal aspects (profiling). We use profiling for instance to inform and advise you about our products by means of evaluation tools. These enable demand-driven communication and advertising including market and opinion research.
Information on your right to object pursuant to Article 21 EU General Data Protection Regulation (GDPR)
1. Case-by-case-related right to object
You are entitled at any time, for reasons based on your special situation, to object to the processing of personal data related to you that is made on the basis of Article 6 paragraph 1 lit. e GDPR (data processing in the public interest) and Article 6 paragraph 1 lit. f GDPR (data processing based on the balancing of interests); this shall also be applicable to profiling in terms of Article 4 paragraph 4 GDPR based on this stipulation.
If you object to processing, your personal data will no longer be processed, unless we are able to prove compelling legitimate reasons for the processing that override your interests, rights and freedoms or the processing is for asserting, execution or defense of legal claims.
2. Right to object to data processing for advertising purposes
We process your personal data on a case-by-case basis for direct advertising purposes. You have the right to object to the processing of personal data related to you for the purpose of such advertising at any time; this shall also apply for profiling, provided that is related to such direct advertising. If you object to processing for direct advertising, your personal data will no longer be processed for these purposes. The objection can be addressed to the controller not subject to any condition as to form.
Version: April 2021