Privacy Policy

3.     Hosting

a.     Website (threeforonetrading.com)

Our Website is hosted by Ionos SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (“Ionos“) on European servers. The personal data collected on this Website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a Website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 (1) (f) GDPR). We have concluded a Data Processing Agreement with Ionos.

b.     Online-Shop (www.shop.threeforonetrading.com)

Our Online-Shop uses the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify“), for the purpose of hosting and displaying the Online-Shop and on the basis of a Data Processing Agreement with Shopify (see https://www.shopify.com/legal/dpa). All data collected in our Online-Shop is processed on Shopify’s servers in Ireland. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the adequacy decision of the European Commission.

Further information on Shopify’s data protection can be found on the following website: https://www.shopify.com/legal/privacy.

The shop system is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 (1) (f) GDPR). We have concluded a Data Processing Agreement with Shopify.

4.     Orders

When You place an order on our Website, we need the following data to fulfil the contract with You:

• First name, last name and (billing and shipping) address to send You your order and the invoice.
• E-mail address in order to send You the order confirmation and to provide You with contract documents immediately after the order.
• Contents of the shopping basket.
• Telephone number to contact You if necessary with questions regarding your order.

In order to send You your order, we pass on your address to our shipping or logistics service provider for the purpose of delivery. We also process the data required in each case in order to unwind our contract following a cancellation or return for any other reason or to check claims.

The legal basis for processing the data is Art. 6 (1) (b) GDPR. The data will be stored for as long as this is necessary for the processing of the contract. Beyond that, we only store your data in order to fulfil our contractual or legal obligations (e.g. tax obligations) (Art. 6 (1) (c) GDPR). In this case, we block your data to the extent that it is only processed for the necessary purposes.

In addition to this data, we store the moment (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 (1) (f) GDPR) in order to ensure the security of our systems and to counteract misuse. This additional data is deleted as soon as it is no longer required, at the latest when the contract with You has been completed.

Payment methods

If You select a payment provider on our Website for payment, this provider will also receive your personal data, for example your name, address and bank account details. In addition, our house bank receives your bank details when an electronic payment is received. The legal basis for processing your personal data for payment purposes is Art. 6 para. 1 (b) and (f) GDPR.

Google Pay:  If You pay on our Website with Google Pay (Google Ireland Limited (“Google“), Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland), Google will receive your payment data for payment processing and it may be that Google carries out a credit check.

The Google Pay terms of use can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on Google Pay’s data protection can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

ApplePay: If You pay on our Website using Apple Pay (Apple Distribution International (“Apple“), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), Apple will receive your payment details for payment processing and Apple may carry out a credit check. Information about this can be found at: https://support.apple.com/de-de/HT203027.

PayPal: If You pay on our Website with PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg (“PayPal“), PayPal will receive your payment data for the purpose of processing the payment and may carry out a credit check. You can find information on this at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#rAnnex.

EPS bank transfer: If You pay on our Website using EPS bank transfer (PSA Payment Services Austria GmbH (“PSA“), Handelskai 92, Gate 2, 1200 Vienna), PSA receives your payment data for payment processing and it may be that PSA carries out a credit check. For more information on the payment method “eps-Überweisung”, please click here:
https://www.eps-ueberweisung.at/

PSA’s privacy policy is available at:
https://eservice.psa.at/de/datenschutzerklaerung.html

Credit Card/Maestro: When You pay on our Website with your credit card or Maestro, your card provider receives the information that You have placed an order with us. It may be that your card provider carries out a credit check. You can find more information about this on the relevant website of your card provider.

Bank transfer: If You pay by bank transfer on our Website our house bank receives your bank details for payment processing.

5.     Contact form

You can contact us electronically via our contact form, e.g. to give us feedback or to ask us questions. If You use this option, You will transmit the following data to us:

• First name and surname (to address You and for misuse prevention purposes)
• e-mail address (to contact You)
• personal message (voluntary)

If You contact us via the contact form card purchase (https://www.threeforonetrading.com/kartenankauf), You must also provide us with the following data:

• Description of the object of purchase (to decide whether and how to make an offer)
• By which means an offer is desired (obligatory)
• Country of residence (obligatory)
• Telephone number (obligatory)

In addition to the data You voluntarily provide to us, we store the moment (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 (1) (f) GDPR) in order to ensure the security of our systems and to counteract misuse. This data, which we additionally collect during your contact, is deleted as soon as it is no longer required, at the latest when the matter of your contact has been comprehensively clarified.

The legal basis for processing your data for the purpose of handling your contact is Art. 6 (1) (f) GDPR. It is our legitimate interest to process your data transmitted to us in order to contact You. The data is stored until it is no longer required to achieve the purpose of the conversation with You and the matter of your contact has been fully clarified.

If your contact aims to conclude a contract with us, the additional legal basis for processing your personal data is Art. 6 (1) (b) GDPR. This data is stored for as long as it is required for the execution of the contract. Beyond that, we only store your data in order to comply with contractual or legal obligations (e.g. tax obligations) (Art. 6 (1) (c) GDPR)

6.     Contacting us by e-mail of telephone

You have the option of contacting us by e-mail or telephone. Your personal data transmitted in this way will be stored by us. The data will only be processed in order to handle your contact. The legal basis for processing your personal data is Art. 6 (1) (f) GDPR. The data is stored until it is no longer required to achieve the purpose of the conversation with You and the matter of your contact has been fully clarified.

If your contact aims to conclude a contract with us, the additional legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. This data is stored for as long as it is required for the execution of the contract or the pre-contractual measures. Beyond that, we only store your data in order to comply with contractual or legal obligations (e.g. tax obligations) (Art. 6 (1) (c) GDPR).

In addition to the data You voluntarily provide to us, we store the moment (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 (1) (f) GDPR) in order to ensure the security of our systems and to counteract misuse. This data, which we additionally collect during your contact, is deleted as soon as it is no longer required, at the latest when the matter of your contact has been comprehensively clarified.

You can inform us at any time (see point 1 above) that You would like us to delete the data provided during the conversation. In this case, all personal data of the conversation will be deleted, if permissible, and a continuation of the conversation is not possible.

7.     Newsletter

On our Website, we offer You the opportunity to subscribe to our newsletter free of charge. In addition to your declaration of consent, we need your e-mail address. Further information, e.g. your name, is voluntary and serves to address You personally.

We will only send You the newsletter if You first confirm your registration via a confirmation e-mail sent to You for this purpose by clicking on the link provided. This is to ensure that only You can subscribe to the newsletter. Your confirmation in this regard must be made promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database.

The legal basis for sending the newsletter as well as voluntary additional information is Art. 6 (1) (a) GDPR. By sending the newsletter registration, You agree to the processing of your data by us. In addition, we store the moment (date and time) of the transmission of your data to us as well as your IP address within the scope of your newsletter registration. The processing of this data corresponds to our legitimate interest pursuant to Art. 6 (1) (f) GDPR in order to ensure the security of our systems and to counteract misuse.

Your data will be processed exclusively in connection with the sending of newsletters. The purpose of processing your e-mail address is to enable us to send You the newsletter. Further data within the scope of the registration process serve either to address You personally or also to ensure the security of our services and to prevent misuse of the e-mail address used.

Your data will only be stored for as long as is necessary to achieve the purpose. Your e-mail address will therefore be stored for the period of your active newsletter subscription if You have given your consent for this. The data that we also automatically collect during your subscription (IP address, date and time) will be deleted at the latest when You end your newsletter subscription.

We use the service of SENDINBLUE, 7 rue de Madrid, 75008 Paris, Frankreich, to send the newsletter. The data is transferred to France on the basis of standard contractual clauses and a Data Processing Agreement concluded with us. Further information on data processing by sendinblue can be found at: https://www.sendinblue.com/gdpr/

We use the sendinblue service to measure the success and reach of our newsletters by recording opening and click rates. For this purpose, sendinblue uses so-called web beacons or tracking pixels to enable statistical surveys. For us, the function is helpful to track whether our newsletter is opened and which topics are particularly interesting. The legal basis for data processing here is Art. 6 (1) (a) GDPR. Your data will only be stored as long as You have subscribed to the newsletter.

POSSIBILITY OF CANCELLATION / Newsletter unsubscription

You can unsubscribe or cancel our newsletter at any time. You will find the link at the end of each newsletter. By doing so, You revoke your consent or object to further use of your data for the purpose of sending the newsletter.

8.     Google Webfonts

So-called Google web fonts from Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland are used to improve the visual presentation of various information on our Website. The web fonts are fonts and are transferred to your browser’s cache when the page is called up in order to be able to use them for the display.

When the page is called up, no cookies are set for the website visitor. Data transmitted in connection with the page call is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

You can set your browser so that the fonts are not loaded by Google servers, for example by installing add-ons such as NoScript or Ghostery for Firefox.

Information on the data protection conditions of Google Web Fonts is available at: https://developers.google.com/fonts/faq#Privacy.

General information on data protection can be found in the Google Privacy Center at: http://www.google.com/intl/de-DE/privacy/.

The legal basis for the processing of your personal data is our legitimate interest in a visually improved presentation of our Website in accordance with Art 6 (1) (f) GDPR.

9.     Social Media

a.     Icon-Links to Social Networks

On our Website we use small icons which refer to our company page on third-party platforms (Facebook Instagra, Twitter and YouTube). These are hyperlinks, so no data is automatically transferred from You, but only when You click on the icons and a new tab opens in your browser with the website of the third-party provider.

b.     Facebook-Fanpage

We operate a fan page on the social media platform Facebook (Facebook Inc., Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, (“Facebook“), which we link to on our company page via the Facebook icon. If You do not click on the link, Facebook will not receive any data from You. If You click on the link to, for example, view our company presence on Facebook or “like” our site, Facebook will receive data from You (which data Facebook will receive depends also on whether You are logged in at Facebook while You click on the page or not).

While Facebook uses this data under its own responsibility i.a. to create profiles and to generate so-called Custom Audiences, on our fan page we can only see aggregated data, i.e. statistics,  that no longer have any personal reference. as “Page Insights”. You can find more information about Page Insights at the following link: https://www.facebook.com/legal/terms/information_about_page_insights_data

Due to the requirements of the GDPR, we have concluded an agreement with Facebook, which regulates the joint responsibility for our fan page. You can find this agreement in English under the following link: https://www.facebook.com/legal/controller_addendum

Pursuant to this agreement, Facebook is primarily responsible for the aggregated Insight data. In addition, Facebook will comply with all obligations under the GDPR with regard to the processing of Insights data (including Art. 12, 13 GDPR, Art. 15-22 GDPR and Art. 32-34 GDPR). If You send us a request regarding our Facebook fan page, we will inform Facebook of this in a timely manner. Facebook will respond to the request in accordance with our agreement.

Our legitimate interest in processing personal data lies in the use and linking of different communication channels.

The processing is based on the legal grounds of Art. 6 (1) (a) and (f) GDPR (your consent to the setting of cookies and our legitimate interest in analysis, evaluation and marketing). You can find Facebook’s data policy at the following link: https://www.facebook.com/policy.php

For the data transfer to the USA, we have concluded contracts with Facebook, including the standard contractual clauses. You can find out more here https://www.facebook.com/legal/technology_terms

c.     Instagram Profile

We operate a profile on the social media platform Instagram (Facebook Inc., Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland (hereinafter: “Instagram“), which we link to on our Website via the Instagram icon. As long as You do not click on the link, Facebook does not receive any data from You. If You click on the link, for example to view our company presence on Instagram, Facebook receives data from You (which data Instagram receives also depends on whether You are logged in to Instagram with your user profile while You click on the page or not).

The processing is based on the following grounds of Art. 6 (1) (a) and (f) GDPR (your consent to the setting of cookies and our legitimate interest in analysis, evaluation and marketing). You can find Instagram’s data policy at the following link: https://help.instagram.com/519522125107875?helpref=page_content

d.     Twitter Profile

We operate a profile on the social media platform Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland (hereinafter: “Twitter“), which we link to on our Website via the Twitter icon. As long as You do not click on the link, Twitter does not receive any data from You. If You click on the link, for example to view our profile on Twitter, Twitter will receive data from You (which data Twitter receives also depends on whether You are logged in to Twitter with your user profile while You click on the page or not).

The processing is based on the legal grounds of Art. (1) (a) and (f) GDPR (your consent to the setting of cookies and our legitimate interest in analysis, evaluation and marketing). You can find Twitter’s data policy at the following link: https://twitter.com/de/privacy

10.  Social Media Plugins (with Shariff)

Please note the following: Social media plug-ins from social networks are integrated on our Website (Facebook, Instagram, Reddit, Pinterest). However, data is not sent to the respective social media platforms directly when You call up our Website, but only when You become active yourself by clicking on the respective share button (Shariff function). You can recognise this by the fact that the buttons are initially greyed out and become coloured when You move your mouse over them.

If You are already logged in to the social media platform when You click on the button, a window will appear in which You can confirm whether You want to share the post on the respective platform. If You are not already logged in, the log-in field will appear on the platforms.

a.     Facebook Plug-In (with Shariff)

The social network Facebook is offered (in Europe) by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: Facebook). Facebook is primarily responsible for data processing on Facebook. When the plug-in (a Facebook component) is clicked on, Facebook becomes aware that You have activated the component from one of our pages. If You are logged in to Facebook at the same time, Facebook will assign this information to your user profile on Facebook. The embedding of the Facebook sharing function on our Website and the associated data processing corresponds to our legitimate interests, because we also want to present ourselves in this way. The legal basis for this is therefore Art. 6 (1) (f) GDPR. If You choose to activate the button to share a post, the legal basis for the resulting data processing and data transfer to Facebook is your consent, Art. 6 (1) (a) GDPR. The data policy of Facebook can be found here: https://www.facebook.com/policy.php.

b.     Reddit Plug-In (with Shariff)

The social network Reddit is offered by reddit Inc, 520 Third Street, Suite 305, San Francisco, CA 94107 , USA (hereinafter: Reddit). Reddit is primarily responsible for data processing on Reddit. When the plug-in (a Reddit component) is clicked on, Reddit becomes aware that You have activated the component from one of our pages. If You are logged in to Reddit at the same time, Reddit will assign this information to your user profile on Reddit. Embedding the sharing function on Reddit on our Website and the associated data processing corresponds to our legitimate interests because we also want to present ourselves in this way. The legal basis for this is therefore Art. 6 (1) (f) GDPR. If You choose to activate the button to share a post, the legal basis for the resulting data processing and data transfer to Reddit is your consent, Art. (1) (a) GDPR. Reddit´s data policy can be found here: https://www.redditinc.com/policies/privacy-policy.

c.     Twitter Plug-In (with Shariff)

The social network Twitter is offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter: Twitter). Twitter is primarily responsible for data processing at Twitter. When the plug-in (a Twitter component) is clicked on, Twitter becomes aware that You have activated the component from one of our pages. If You are logged in to Twitter at the same time, Twitter will assign this information to your user profile on Twitter. Embedding the Twitter sharing function on our Website and the associated data processing corresponds to our legitimate interests, because we also want to present ourselves in this way. The legal basis for this is therefore Art. 6 (1) (f) GDPR. If You choose to activate the button to share a post, the legal basis for the resulting data processing and data transfer to Twitter is your consent, Art. 6 (1) (a) GDPR. For a possible third country transfer, the standard contractual clauses are used and Twitter is still certified under the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Twitter´s data policy can be found here: https://twitter.com/de/privacy.

d.     Pinterest Plug-In (with Shariff)

The social network Pinterest is offered by Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA (hereinafter: Pinterest). Pinterest is primarily responsible for data processing on Pinterest. When the plug-in (a Pinterest component) is clicked on, Pinterest becomes aware that You have activated the component from one of our pages. If You are logged in to Pinterest at the same time, Pinterest will assign this information to your user profile on Pinterest. The embedding of the Pinterest sharing function on our Website and the associated data processing corresponds to our legitimate interests, because we also want to present ourselves in this way. The legal basis for this is therefore Art. 6 (1) (f) GDPR. If You choose to activate the button to share a post, the legal basis for the resulting data processing and data transfer to Pinterest is your consent, Art. 6 (1) (a) GDPR. You can find Pinterest´s data policy here: https://policy.pinterest.com/de/privacy-policy.

11.  Other third-party content that is integrated on our Website

a.     YouTube

We integrate videos from YouTube of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (hereinafter: “YouTube“) for the purpose of making our Website more appealing. We use the extended data protection mode so that information about You is only shared with YouTube if You activate the video by clicking on the play button of the video.

When You activate the video, YouTube uses cookies to collect information for analysis purposes and to improve the user experience. According to YouTube, the data is processed pseudonymously. However, if You are logged in to your Google or YouTube account, the data may be linked directly to your YouTube account.

Further information on data protection, including the storage period of your data with YouTube, can be found in Google’s data protection guidelines at: https://policies.google.com/privacy?hl=de&gl=de.

The legal basis for the integration of the YouTube service on our Website and the associated processing of your data is Art. 6 (1) (f) GDPR.

Google is still certified under the Privacy Shield, but for data transfers Google now relies on the standard contractual clauses.

For this: https://policies.google.com/privacy/frameworks?hl=de and on the Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

b.     Google Maps

The map service Google Maps of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland is integrated on our Website (hereinafter: “Google Maps” or “Google“). We use the service so that You can quickly locate us and, if necessary, plan your journey to us.

If You call up our “Store in Vienna” page and have allowed Google Maps cookies via the cookie selection (External Media), it is possible that your IP address will be transferred to Google servers in the USA, as a connection to Google servers is automatically established. In addition to the IP address, Google Maps may receive the date and time our site is accessed, the internet address or URL of our site; furthermore, Google may process device IDs, cookie information and location information for various purposes. If You are signed into a Google service, Google may associate this data with your account (we have no control over this).

Information on how Google uses location information can be found at: https://policies.google.com/technologies/location-data#why-use. General information about Google’s privacy policy can be found at: https://policies.google.com/privacy?hl=de.

Incognito mode: If You access our site with your iPad, iPhone or Android device, have installed the Google Maps app on your device and have selected incognito mode there, some Google Maps services will be deactivated. This may also affect the use of Google Maps on our site. You can find more information on incognito mode at: https://support.google.com/maps/answer/9430563?co=GENIE.Platform%3DiOS&hl=de&oco=0 (iPhone/iPad) and https://support.google.com/maps/answer/9430563?co=GENIE.Platform%3DAndroid&hl=de (Android).

The legal basis for the integration of Google Maps and, if applicable, the transmission of your data to Google is Art. 6 (1) (f) GDPR. There is an agreement between us and Google Maps on joint responsibility pursuant to Art. 26 GDPR. You can access this at: https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.

Google is still certified under the Privacy Shield, but for data transfers Google now relies on the standard contractual clauses.

For this: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI as well as

https://policies.google.com/privacy/frameworks?hl=de&gl=de.

12.  Applicant data

On our Website we provide information about vacancies in our team and You can send us your application by e-mail. We process your data for the purpose of handling your application procedure, which means that your application will be viewed by the staff members who are responsible for shortlisting You. Your data will not be passed on to third parties and we will not use your data for other purposes.

Your applicant data will be stored by us. If we reject your application, we will only store the data for as long as necessary, for a maximum period of six months, unless You give us your consent to store the applicant data for longer in order to contact You after this period if necessary.

The legal basis for the processing of your data is § 26 BDSG and Art. 88 GDPR.

13.  Use of service providers

We would like to point out that when processing your personal data, we may use service providers with whom we have concluded Data Processing Agreements (e.g. for website hosting). If processors in a third country (not within the EU) carry out the data processing, we ensure that the level of protection of your data guaranteed by the GDPR is not undermined (Art. 44 et seqq. GDPR).  The legal basis for the use of service providers is Art. 6 (1) (f) GDPR. The commissioning of service providers (specialists or other service providers in areas that we cannot serve ourselves) is in our legitimate interest. If You would like to receive a copy of the suitable or appropriate guarantees, please let us know (see point 1 above).

14.  Your rights

When we process your data, You are a “data subject” within the meaning of the GDPR. You have the following rights: right to access the stored personal data, right to rectification, right to restriction of the processing, right to erasure, right to be informed as well as right to data portability, in addition, You have a right to object and a right to withdraw consent and the right to file a complaint with the supervisory authority.

Below You will find details about the individual rights:

a.     Right to access the stored personal data

You have the right to demand from us confirmation whether we process your personal data.

If we process your personal data, You have the right to disclosure in particular of the following information: the processing purposes, the categories of personal data being processed, the recipients or categories of recipients to whom your personal data have been or will be disclosed, if possible, the planned duration your personal data will be stored.

b.     Right to rectification

You have the right to rectification and/or completion of the data we have stored about You if such data is incorrect or incomplete. We will initiate the correction or completion immediately.

c.     Right to restriction of processing

Under certain conditions, You have the right to demand that we restrict the processing of your personal data, for instance, if You contest the accuracy of your personal data and we have to verify for a certain period the accuracy of your personal data. For the duration of the verification, your data will only be processed in a restricted manner. Another example of restriction is if we no longer need your data, but You need it for a legal dispute.

d.     Right to erasure

You have the right in certain situations to request that we delete your personal data immediately. This is the case, for example, if we no longer need your personal data for the purposes for which we collected the data or if we have processed your data unlawfully. Another example would be if we process your data on the basis of your consent, You withdraw your consent and we do not process the data on any other legal basis. However, your right to erasure does not always exist. For example, we may process your personal data to comply with a legal obligation or because we need it for litigation.

e.     Right to be informed

If You have asserted your right towards us to rectification, erasure, or restriction, we are required to notify all recipients to whom we have disclosed your personal data, about the rectification, erasure, or restriction of the processing of your data, except when it results to be impossible or involves a disproportionate effort thereto.

f.      Right to data portability

You have the right, under certain conditions, to receive the personal data You have provided to us in a structured, commonly used and machine-readable format and the right to have this data transferred to another controller. This is the case where we process the data either on the basis of your consent or on the basis of a contract with You and that we process the data using automated procedures.

In this context, You have the right to obtain that we transfer your personal data directly to another controller, insofar as this is technically feasible and the freedoms and rights of other persons are not affected thereby.

This right to data portability does not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

g.     RIGHT TO OBJECT

At any time, You have the right, for reasons that arise from your particular situation, to object against the processing of your personal data based on Art. 6 (1) (e) or (f) GDPR. This also applies to a profiling referred to in these provisions.

In the event of an objection, we will cease to process your personal data, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal rights.

When we process your personal data to perform direct marketing, You have at any time the right to object to the processing of your personal data for the purpose of such marketing. This also applies to profiling, as far as it is related to direct marketing. If You object to the processing of your personal data for direct marketing purposes, we will no longer process them for these purposes.

h.     Right of withdrawal

Under Art. 7 (3) GDPR You have the right to withdraw your consent at any time. The withdrawal of consent does not retroactively render the processing unlawful.

i.       Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. You may in particular exercise your right of to lodge a complaint in the member state of your place of residence, employment or the place of the alleged infringement, if You believe that the processing of your personal data is violating the GDPR.

15.  Validity and last amendment of this Privacy notice

Version: August 2021

Customized data protection: www.datenschutz-stuttgart.com