Privacy policy for website visitors

We would like to welcome you to our website and thank you for your interest in our company. The protection of your personal data is very important to us. We process your data in compliance with the applicable legal provisions for protecting personal data but in particular the EU General Data Protection Regulation (EU GDPR) and the countryspecific implementing legislation that applies to us. This data privacy statement provides you with comprehensive information about how Waldner Holding SE & Co. KG processes your data and your rights.  

Personal data is information that allows a natural person to be identified. This includes but is not limited to the name, date of birth, address, telephone number, e-mail address and also your IP address.

Data is anonymous, if it is not possible to make a personal connection to the person.

Data controller and data protection officer

Address:
WALDNER Holding SE & Co. KG
Anton-Waldner-Straße 10-16
88239 Wangen, Germany

Contact information:
www.waldner.de
Tel.: 49 75 22 986-0
Fax: 49 75 22 986-280
info@waldner.de

Contact: Data protection
datenschutz@waldner.de

Your rights as a data subject

First of all, we would like to inform you about your rights as a data subject. These rights are standardised in Art. 15 - 22 of the EU GDPR. These include:

  • The right to obtain information (Art. 15 EU GDPR),
  • The right to the erasure of data (Art. 17 EU GDPR),
  • The right to the rectification of data (Art. 16 EU GDPR),
  • The right to data portability (Art. 20 EU GDPR),
  • The right to restriction of data processing (Art. 18 EU GDPR),
  • The right to object to data processing (Art. 21 EU GDPR).

To assert these rights, please contact: datenschutz@waldner.de. The same applies if you have any queries about data processing within our company or if you wish to withdraw permission you have granted. You also have the right to lodge a complaint with the supervisory authority.

Rights to object

Please note the following points in relation to your rights to object:

If we process your personal data for direct marketing purposes, you have the right to object to your data being processed for this purpose at any time and without stating reasons. This also applies to profiling, where this relates to direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and it does not require a pre-scribed form. If possible, it should be sent to: datenschutz@waldner.de.

If we process your data to safeguard legitimate interests, you can object to this processing at any time for reasons linked to your particular situation; this shall also apply to profiling based on these provisions.

We will then no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the purpose of processing is the establishment, exercise or defence of legal claims.

Purposes and legal basis for data processing

The provisions of the EU GDPR and all other applicable data protection provisions will be complied with when processing your personal data. Data processing is lawful under Art. 6 EU GDPR in particular.

We use your data to win business, to meet contractual and statutory obligations, to implement the contractual relationship, to offer products and services, and to intensify the customer relationship, which may also involve analyses for marketing purposes and direct marketing.

Your consent to data processing may also be construed as authorisation under data protection legislation. Before you give your consent we will explain to you about the purpose of the data processing and your right to withdraw consent.

Should the consent also relate to processing particular categories of personal data, we will expressly make you aware of this in the consent. Special categories of personal data in accordance with Art. 9 EU GDPR are only processed, if this is necessary because of legal re-quirements and there is no reason to assume that your legitimate interest for exclusion of processing is overriding.

Disclosure to third parties

We shall only disclose your data to third parties if required by law or if appropriate consent has been given. Otherwise data will not be disclosed to third parties, unless we are obligated to do so on account of mandatory regulations (disclosure to external bodies such as supervisory authorities or law enforcement authorities).

Recipients of data/categories of recipients

Within our company we ensure that your data is only received by those persons who require it to fulfil contractual and statutory obligations. If you submit an enquiry using a contact form on the website or via e-mail which relates to a company in our corporate group, we will pass on this enquiry and the personal data associated with this so that the relevant company in our corporate group can supply you with the service you request.

In certain cases, service providers help our user departments to carry out their work. The necessary contractual arrangements required under data protection legislation have been signed with all service providers. These include but are not limited to IT service providers and agencies.

Transmission to third countries/Intention to transmit to third countries

Data will only be transferred to third states (outside the European Union or the European Economic Area) where this is required to fulfil the contractual obligation, prescribed by law or where you have given us your consent.

At the present time, we send your personal data to service providers outside the European Economic Area: these are in the USA (Google Analytics, Google Tag Manager).

The contractual arrangements required for data protection have been signed with the service providers.

Storage period for data

We store your data for as long as this is required for the relevant processing purpose. Please note that numerous retention periods mean that data will (have to) continue to be stored. In particular, this relates to retention obligations under commercial or tax law (e.g. commercial code, tax code). Where there are no more continuing retention obligations, data is erased as a matter of routine once the purpose has been achieved.

In addition to this, we can retain data if you have given us permission or if legal disputes occur and we use evidence within the scope of legal limitation periods, which can be up to thirty years; the regular limitation period is three years.

Secure transmission of your data

We apply appropriate technical and organisational security measures to give the data stored with us the best possible protection against unintentional or deliberate manipulation, loss, destruction or access by unauthorised persons. Working with security experts, we continuously examine the security level and upgrade to new standards.

Data from and to our website is always exchanged in encrypted form. We use the HTTPS transmission protocol for our website, using the current encryption protocols in each case. It is also possible to use alternative communication channels (e.g. the post).

Obligation to make data available

Various items of personal data are required for establishing, implementing and terminating contractual obligations and satisfying the associated contractual and statutory duties. The same applies as regards the use of our website and the various functions that this makes available.

We have summarised for you details on this in the point above. There are certain cases where data must be collected and/or made available, including for statutory requirements. Please note that it is not possible to process your inquiry or fulfil the underlying contractual obligations without this data being provided.

Categories, sources and origin of data

The respective context determines what data we process: This depends, for example, whether you enter an enquiry in the contact form, send us a job application or make a complaint.

Please note that we provide information for special processing situations, if necessary also separately in a suitable place, e.g. when uploading documents for job applications or when requesting someone to make contact.

We collect the following data when our website is visited:

  • Name of the internet provider
  • Information about the website that is the referral source
  • Web browser and operating system used
  • The IP address assigned to you by your internet service provider
  • Files requested, quantity of data transferred, downloads/file export
  • Information about the web pages you access with us, incl. date and time

For reasons of technical security (in particular to counter attempts at attacking our web servers) this data will be stored in accordance with Art. 6 (1) (f) EU GDPR. After seven days at the latest the data is anonymised through shortening the IP address so no link can be made to the user.

We collect and process the following data when a request for contact is made:

  • Your name
  • Your e-mail address
  • Your telephone number
  • Your address
  • Your company
  • Your area / branch
  • The nature of your request
  • The information you provide in the message field

We collect and process the following data when a registration for a newsletter is made:

  • Your title
  • Your name
  • Your e-mail address
  • Your company

We collect and process the following data as part of the application / registration process:

  • Your title
  • Your name
  • Your e-mail address
  • Your company

Cookies (Art. 6 (1) (f) EU GDPR / Art. 6 (1) (a) EU GDPR, § 25 (1) TTDSG if consent has been given)

Our website uses cookies in several places.

A cookie is a small text file that is transferred from the server to your computer and can contain certain data such as the IP address, browser, operating system, etc. Cookies never start programs and do not carry malware. They purely allow more efficient usage and improve our offers (optional cookies) and are essential for certain features (technically necessary cookies).

In addition, cookies allow us to measure the effectiveness of a certain advertisement and where it is placed, for example in conjunction with topics of interest to users.

The majority of cookies that we use are what are called "session cookies". These are automatically deleted when you leave the site. Permanent cookies are automatically deleted from your computer when they reach the end of their validity (generally six months) or if you delete these yourself before the end of the validity period.

The use of all cookies on your computer that are not technically necessary is lawful with your prior consent in accordance with Art 6 (1) sentence 1 (a) GDPR, § 25 (1) TTDSG.

When you visit our website for the first time, you will be asked to agree to the use of cookies and you can activate or deactivate different types of cookies. You can also deactivate, limit or also delete cookies on your device through settings on your browser or with the assistance of software.

However, we would make you aware that deactivation of cookies may impair some functions on this website and reduce ease of use.

You also have an option at any time to retrospectively change the settings you once made via the cookie banner by clicking the following link:

Matomo Analytics

You can deactivate tracking by our Matomo Analytics instance below:
You have the option to prevent actions you take here from being analysed.

Newsletter (Art. 6 para. 1 lit. a EU-DS-GVO)

You can subscribe to a free newsletter on our website. The e-mail address you provide when registering for the newsletter, as well as your name and title, will be used for sending the newsletter.

The principle of data economy and data avoidance is observed here, as only the e-mail address, name and title are marked as mandatory fields. For technical necessity and for legal protection, your IP address is also processed when you order the newsletter.
We use the so-called double opt-in procedure for sending newsletters by e-mail. This means that you will only receive advertising by e-mail if you have previously expressly confirmed that we should activate the newsletter service. This is done by sending you a notification e-mail and asking you to confirm that you would like to receive our newsletter at this e-mail address by clicking on a link contained in this e-mail.

You can, of course, unsubscribe at any time using the unsubscribe option provided in the newsletter and thus revoke your consent.

Contact form / making contact via e-mail (Art. 6 (1) (a), (b) EU GDPR)

A contact form is provided on our website that can be used to make contact electronically. When you write to us using the contact form, we process the data you gave us via the contact form to make contact with you and answer your questions and requests.

The principle of data minimisation and data avoidance is followed here, because you only have to provide the data that it is absolutely necessary for us to have to make contact. These are your name, your e-mail address, the nature of your request and the message field itself. It is a technical requirement and also as a legal safeguard that the IP address is processed. All other data is in voluntary fields and the provision of this data is optional (e.g. so that you can receive a more personalised answer to your questions).

We implement appropriate security measures to protect the security and confidentiality of your data in the best possible way. Your request is sent to us in encrypted form.

Where you contact us via e-mail, we will only use the personal data sent to us in the e-mail for the purpose of processing your enquiry. If you do not use the form offered to make contact, no more extensive data collection takes place.

For reasons of technical security (in particular to counter attempts at attacking our web servers) this data will be stored in accordance with Art. 6 (1) (f) EU GDPR. After seven days at the latest the data is anonymised through shortening the IP address so no link can be made to the user.

Registration / Application for events (Art. 6 para. 1 lit. a, b EU-DS-GVO)

On our website, we offer users the opportunity to egister for an event by providing personal data.

The registration is therefore required either for the fulfilment of a contract (via our online shop) with you or for the implementation of pre-contractual measures.

The principle of data economy and data avoidance is observed here, as only the data required for registration is marked as a mandatory field with an asterisk (*). These are, for example, the e-mail address and your name.

By registering on our website, the user's IP address, the date and the time of registration are also stored (technical background data). By clicking the "Register now" button, you give your consent to the processing of your data.

Automated decision-making

We do not use any purely automated processing to come to a decision.

Advertising purposes for existing customers (Art. 6 (1) (f) EU GDPR)

Waldner Holding SE & Co. KG is interested in maintaining a relationship with you as a customer and sending you information and offers about our products, services and events. We therefore process your data to send you appropriate information and offers via e-mail.
 
If you do not want this, you can object at any time to your data being used for direct marketing purposes; this also applies to profiling where this is associated with direct marketing. If you lodge an objection, we will no longer process your data for this purpose.

No reasons have to be given when lodging an objection and no prescribed form is required: if possible, it should be sent by e-mail to datenschutz@waldner.de.

Online offers for children

Nobody aged under 16 is allowed to send us personal data or grant us consent without the consent of their legal guardian. We would urge parents and legal guardians to be actively involved in the online activities and interests of their children.

Links to other providers

Our website also contains links to the websites of other companies and such sites are clearly identified. We do not have any influence on the content of any other providers' websites to which links may have been provided. As a result, we cannot accept any responsibility or liability for such content. The relevant website providers or operators are responsible for the content of these websites.

The linked pages were inspected for possible violations of law and identifiable legal infringements at the time the links were placed on our website. At the time the links were placed on the site no illegal content could be identified. It is however not reasonable to continuously monitor the linked websites without concrete indications that the law has been infringed. Where we become aware that the law has been infringed, we remove such links immediately.

Links to the social media

On our website you will find links to the social media services of YouTube, LinkedIn, Xing and Instagram. You will recognise the links to websites of social media services through their respective corporate logos.

When you follow these links, you will come to where you can find Waldner Holding SE & Co. KG on the relevant social media service. Clicking on a link to a social media service creates a connection to the social media service's servers. This will communicate to the servers of the social media service that you have visited our website. In addition to this, other data is transferred to the provider of the social media service. This includes, for example:

  • Website address which contained the activated link
  • The data and time the website was accessed or the link was activated
  • Information on the browser and operating system used
  • IP address

If you are already logged into your relevant social media account at the time when you activate the link, the provider of the social media service may be able to identify your user name and possibly even your real name from the data transferred and assign this information to your personal user account at the social media service. You can rule out the possibility of as-signment to your personal user account, if you log out of your user account first.

The services of the social media services are in the USA and other countries outside the European Union. Therefore the social media service provider may also process the data in countries outside the European Union. Please note that companies in these countries are subject to data protection legislation that in general does not protect personal data to the same extent as is the case in the European Union.

Please note that we do not have any influence on the scope, nature and purpose of data processing by the social media service providers. More detailed information on the use of your data by the social media services included on our website can be found in the data privacy guidelines of the respective social media service.

Information on data protection in the social media

Waldner Holding SE & Co. KG has a presence on "social media" and is present on Instagram, YouTube, Xing and LinkedIn. Where we control the processing of your data, we ensure that the current data protection regulations are complied with.

You will find below the most important information on data protection legislation in relation to our internet presence.

Name and address of the persons responsible for operation

In addition to Waldner Holding SE & Co. KG, the parties responsible for corporate presences as defined by the EU General Data Protection Regulation (EU GDPR) and other regulations relating to data protection legislation are:

Instagram:    Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland  
YouTube:    Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Xing:    New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
LinkedIn:    LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

However, you are responsible when you use these platforms and their functions. This is particularly applicable when you use interactive functions (e.g. commenting, sharing, rating).
We would also point out that your data may be processed outside the European Union and it is therefore not possible to ensure a comparable level of data protection. The contractual arrangements required under data protection legislation have been signed with the providers.

Purpose and legal basis

We maintain the fan pages ourselves so that we can communicate with visitors to these pages and at the same time inform them about our offers.

We also collect data for statistical purposes so that we can continue to develop and optimise the content and make our offering more attractive. The data required for this purpose (e.g. total number of times the pages are accessed, page activities and data provided by visitors, interactions) is prepared by the social networks and made available to us. We do not have any influence on how the data is generated and presented.

Furthermore, your personal data is processed by the social media providers for marketing and advertising purposes. It is therefore possible that user profiles are produced on the basis of, say, your user behaviour and the interests that arise from this.As a result, advertisements among other things that reflect your interests can be placed both within and outside the platforms. As a rule, cookies are stored on your computer for this purpose. Independently of this, data can also be stored in your user profiles that are not collected directly on your devices. Data is also stored and analysed across devices. This is especially true but not exclusively if you are registered as a member and logged into the respective platforms.

We do not collect and process any personal data over and above this.

Waldner Holding SE & Co. KG processes your personal data because we have a legitimate interest in effective information and communication in accordance with Art. 6 (1) sentence 1 (f) EU GDPR.

If you are asked to give your consent to data processing, i.e. if you give your permission by confirming with a button or a similar opt-in, the legal basis for processing your data is Art. 6 (1) sentence 1 (a), Art. 7 EU GDPR.

Your rights / opt-out option

If you are a member of a social network and do not want the network to collect data about you via our website and link this to the data stored about you as a member of the respective network, you must

  • log out before you visit our fan page on the respective network,
  • delete the cookies already on the device and
  • close your browser and start it again.

However, once you log on again, the network can identify you as a certain user.
Please see the following links for detailed information on processing in each case and the opt-out options:

Instagram:

Data privacy statement: https://help.instagram.com/519522125107875
Opt-out: http://www.networkadvertising.org/managing/opt_out.asp and
              http://www.youronlinechoices.com

YouTube:

Data privacy statement: https://policies.google.com/privacy
Opt-out: https://tools.google.com/dlpage/gaoptout?hl=de and
              http://www.youronlinechoices.com

Xing:

Data privacy statement: https://privacy.xing.com/de/datenschutzerklaerung
Opt-out: http://www.youronlinechoices.com

LinkedIn:

Data privacy statement: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/legal/cookie-policy and
             http://www.youronlinechoices.com

Overall, you have the following rights in respect of processing your personal data:
Right to obtain information; right to rectification of data; right to erasure of data; right to restriction of processing; right to object; right to data portability; right to complain to the relevant data protection authorities about unlawful processing of your personal data.

However, as Waldner Holding SE & Co. KG does not have full access to your personal data, you should assert your rights directly with the social media providers, because each of these providers has access to their users' personal data and can take appropriate measures and provide information.

If you need any further help, we will naturally try to assist you. Please contact datenschutz@waldner.de

Information on copyright and art copyright

If you wish to publish images, texts, plans, videos, music, etc. that is on our website, you should be aware that, by doing this, you may possibly assign all user rights to the network, which ultimately could have legal consequences for you, if you yourself are not the originator or owner of the rights.

Privacy policy for customers, clients, contractual partners
and interested parties

Responsible body (controller) and data protection officer

WALDNER Unternehmensgruppe
Anton-Waldner-Straße 10-16
88239 Wangen
Deutschland

Telefon +49 75 22 986-0
Telefax +49 75 22 986-280
E-Mail: info@waldner.de
Internet: www.waldner.de

Contact information of the data protection officer
datenschutz@waldner.de

Categories of data/data sources

We process the following personal data within the framework of the contractual relationship and for the initiation of a business relationship:

For business customers:

  • Contact data (e.g. first/surname of current and previous contact persons, if applicable, name affixes, company name and address (employer), telephone number including extensions, business e-mail address)
  • Occupational data (e.g. department including position)

As a matter of principle, we collect your personal data directly from you within the framework of current contractual transactions and the underlying relationship or in the framework of the initiation of a business relationship.  

In the IT-environment, WALDNER Unternehmensgruppe uses, inter alia, services of Microsoft Corporation. When using the IT-systems, the following categories of data might be processed:

  • Functional data (data that is absolutely necessary for the provision of the service)
  • Content data (data relating to content, which is processed within the scope of the services)
  • Diagnostic & log data (technically logged data that is required for maintenance, troubleshooting, and occasionally for further development)

These categories of data are being collected systemically from you as a data subject. Further information on processing of personal data regarding specific IT-systems can be provided to you on request.

Within the scope of our online-meetings via Microsoft Teams, we process the following categories of personal data:

  • Communication data (e.g. your email address, if you provide it in a personalized manner).
  • Log files, protocol data
  • Metadata (e.g. IP address, time of participation, etc.)
  • Profile data (e.g. your user name, if provided voluntarily)

Please be aware, that we are not responsible for any further data processing e.g. the access to the MS-Teams-Website and/or the installation of the MS-Teams-App.

Microsoft reserves the right to process customer data for its own business purposes. We have no control over these data processing activities by Microsoft. To the extent that Microsoft Teams processes personal data in connection with business purposes, Microsoft is the independent data controller for those data processing activities and as such is responsible for compliance with all applicable data protection laws. If you require information about Microsoft's processing, please refer to the relevant Microsoft statement.

Purposes and lawfulness of data processing

When processing your personal data, the provisions of the GDPR, local data protection laws and other relevant legal provisions are always observed. 

Your personal data is exclusively processed for the execution of pre-contractual measures (e.g. for the preparation of offers for products or services) and/or for the fulfilment of contractual obligations (e.g. for the execution of our services or for sales/order/payment processing) (Art. 6 (1) lit. b GDPR) or if there is a legal obligation for processing (e.g. due to tax regulations) (Art. 6 (1) lit. c GDPR). Personal data was originally collected for these purposes.

Of course, your consent may also constitute a legal basis for the processing of your personal data (Art. 6 (1) lit. a GDPR). Before you grant such consent, we will inform you about the purpose of the data processing and about your right of revocation according to Art. 7 (3) GDPR. Should the consent also refer to the processing of special categories of personal data in accordance with Art. 9 GDPR, we will explicitly point this out to you in advance. WALDNER Unternehmensgruppe would also like to maintain a relationship with you as a customer and send information and offers on products and services. We therefore use your data to email you relevant information and offers (Art. 6 (1) lit f GDPR).

Your personal data will only be processed for the detection of criminal offences if the requirements of Art. 10 GDPR are met.

Duration of data storage

We will delete data as soon as your data is no longer needed for the above-mentioned purposes or in the event that you revoked your consent. Data will only be stored beyond the existence of the contractual relationship only in cases in which we are either obliged or entitled to do so. Regulations, which oblige us to keep data, can for example be found in commercial or tax laws. This may result in a storage period of up to ten years. In addition, statutory limitation periods must be observed.

Data recipients/categories of recipients

In our company, we make sure that only those departments and individuals receive your data that need them to fulfil contractual and legal obligations.

In many cases, service providers support our specialist departments in fulfilling their tasks. In this case, the necessary data protection agreements have been concluded with all service providers. 

Furthermore, in certain statutory cases, we are obliged to transmit certain information to public authorities, such as: Tax authorities, law enforcement agencies and customs authorities.

Intention to transfer data to a third country

A transfer of data to third countries (outside the European Union or the European Economic Area) only takes place if this is necessary for the execution of the underlying relationship or required by law or if you have given us your consent. 

We transfer your personal data to service providers or to group companies outside the European Economic Area, namely: India, Singapore, China, Australia, Dubai and the USA. Compliance with the data protection level is ensured by binding corporate rules.

When selecting service providers, we make the attempt to use European service providers (service providers within the European Economic Area). However, this is not always possible - for example, in the case of Microsoft. If service providers from third countries are used, we take measures to ensure that the configuration is as restrictive as possible. (In the case of Microsoft, for example, data processing in Europe is agreed upon. In addition, the configuration is restricted by IT experts and individual processing operations are coordinated with the data protection officer).

Rights of data subjects

Your rights as a data subject are set out in Articles 15–22 GDPR, and include:

  • The right to access (Art. 15 GDPR)
  • The right to erasure (Art. 17 GDPR)
  • The right to rectification (Art. 16 GDPR)
  • The right to data portability (Art. 20 GDPR)
  • The right to object to processing (Art. 21 GDPR)
  • The right to restriction of processing (Art. 18 GDPR)

To exercise these rights, please contact: datenschutz@waldner.de. The same applies if you have questions about data processing in our company or if you want to revoke your consent. You also have the right to lodge a complaint with the data protection supervisory authority.

In the event that we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.

We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing. If you object to the processing for direct marketing, we will no longer process your personal data for such purposes. 

Obligation to provide data

Certain personal data needs to be provided in the framework of our contractual/business relationship as such data are necessary for the establishment, execution and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. Without the provision of such data, an execution of the above tasks and duties is not possible.

Automated individual decision-making 

We do not use any automated decision-making.

Video monitoring WALDNER company premises

Videoüberwachungs-Schild

Name and contact details of the data controller and its deputy, if applicable:

WALDNER Holding SE & Co. KG
Anton-Waldner-Straße 10-16
88239 Wangen
Tel.: +49 75 22 986-0

Contact details of the Data Protection Officer (if any):

datenschutz@waldner.de

Purposes and legal basis for data processing:

Personal data will be recorded and stored only as set out by the legal frameworks. The legal basis is Art. 6 (1) (f) EU GDPR.

Justified interests:

Uphold domiciliary rights, preservation of evidence, crime prevention.

Storage duration or the criteria for specifying the duration:

The data will be deleted once the purpose of collecting the data has been achieved. This is generally after 72 hours.

Data recipients or categories of data recipient (if data are transferred):

The maintenance service provider Schlegel, the external site security firm Frick.

Information regarding the Data Subject’s rights

The data subject has the right to request confirmation from the data controller as to whether the data subject’s personal data are processed; if this is the case, he or she has a right to information about such personal data and the information individually specified in Art. 15 GDPR.

The data subject has the right to demand the immediate correction of incorrect, personal data about the data subject by the data controller and, where applicable, the completion of incomplete data (Art. 16 GDPR).

The data subject has the right to demand the immediate deletion of personal data about the data subject by the data controller if any of the reasons listed in Art. 17 GDPR applies, for example if the data are no longer required for the stated purposes (right to deletion).

The data subject has the right to demand the restriction of processing by the data controller if any of the conditions listed in Art. 18 GDPR applies, for example if the data subject objects to the data processing, for such time that this is investigated by the data controller.

The data subject has the right to lodge an objection to the processing of personal data about the data subject at any time for reasons pertaining to the data subject’s specific circumstances. The data controller will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or if the purpose of processing is the establishment, exercise or defence of legal claims (Art. 21 GDPR).

Notwithstanding any other legal remedy under administrative law or in a court of law, every data subject has the right to complain to a supervisory authority if the data subject is of the view that the processing of his or her personal data is contrary to the GDPR (Art. 77 GDPR). The data subject may assert this right through a supervisory authority in the Member State of their place of domicile, workplace or the location of the alleged infringement. In Baden-Württemberg the responsible supervisory authority is: The State Officer for Data Protection and Freedom of Information in the State of Baden-Württemberg.

Postfach 10 29 32, 70025 Stuttgart, Königstraße 10a, 70173 Stuttgart [Germany]
Tel.: 0711/61 55 41 – 0
Fax: 0711/61 55 41 – 15
E-Mail: poststelle@lfdi.bwl.de
Internet: https://www.baden-wuerttemberg.datenschutz.de

Contact
Back to top