View navigation

The European Association for Banking and Financial History (eabh) e.V.

Website Privacy Policy / Data Protection Notes

Protection of your personal data has the utmost priority and is considered in all our business processes. If and as far as you provide any personal data to us, these will be processed according to the provisions of the EU General Data Protection Regulation (GDPR), which enters into effect on 25 May 2018, and the statutory data protection provisions of the Federal Data Protection Act (BDSG).

The following data protection notes provide a detailed overview of the processing of your personal data, especially when using our websites and newsletter. Personal data shall mean all information that refers to identified or identifiable natural persons. In these data protection notes, we inform you comprehensively about the type, scale and purpose of collection of personal data and about how these data are handled. Beyond this, you will learn which rights you are due regarding processing of your personal data.

 

1. Contact details of the controller and the data protection officer

1.1. Name and address of the controller

The controllers within the meaning of the EU General Data Protection Regulation (GDPR) and other national data-protection laws of the Member States and any other provisions under data protection law shall be:

The European Association for Banking and Financial History (eabh) e.V.

Address: Hanauer Landstrasse 126-128, 60314 Frankfurt am Main, Germany

Phone: +49 69 36 50 84 650

Mail: c.hofmann@bankinghistory.org

1.2. Name and address of the data protection officer

eabh has appointed a data privacy officer. You may reach the data protection officer under the following contact details:

Name / Company: Carmen Hofmann, eabh

Address: Hanauer Landstrasse 126-128, 60314 Frankfurt am Main

Phone: +44 7468422105

Mail: c.hofmann@bankinghistory.org

 

2. General principles for processing activities eabh

2.1. Principles concerning the scale of processing of personal data

eabh shares the philosophy underlying the GDPR and the Federal Data Protection Act (BDSG) that all use, especially the collection and processing of personal data (“Data”), must be limited as far as possible. Therefore, eabh shall only process any personal data as far as this is required for clearly defined purposes that are to be presented clearly below (principles of data avoidance and data economy). Processing activities shall only be legitimate as far these are based on any sufficient legal basis or your consent (principle of lawfulness).

This means that we only process your personal data if this is necessary to provide a functioning website and services. The processing of personal data takes place regularly only after your consent. An exception applies in those cases in which prior consent cannot be obtained for real reasons and the use of the data is permitted by legal regulations.

As far as nothing different results from the following, the terms “process” and “processing” shall specifically also include the collection of personal data (on this, see sect. 4 no. 2 GDPR).

2.2. General information on the legal basis relating to processing of personal data

2.2.1. General legal basis

Processing of personal data shall generally be forbidden and is only legitimate in exceptions. The legitimacy of processing activities must only result from the processing of the data being based on a suitable legal basis. The following are the final options for this:

2.2.2. Special legal basis for processing of special categories of personal data according to sect. 9 GDPR

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

In exceptions, processing of these special categories of personal data by eabh may be permitted as well as far as there is a suitable legal basis for this. In particular the following are options for this:

2.3. Objection to and withdrawal of processing of your personal data

If you have consented to the processing of your data, you can withdraw this consent at any time. Such withdrawal shall affect the legitimacy of processing of personal data only starting at the time after which the withdrawal was declared towards eabh.

As far as eabh bases processing of the personal data on consideration of interests, you may object to processing. This is the case if processing in particular is not required for complying with a contract with you, which is presented by eabh in the following description of the functions. When exercising such an objection, please present the reasons why eabh should not process your personal data as performed by eabh . In case of justified objection, eabh will review the situation and shall either cease processing activities or adjust it, or explain the mandatory grounds to be protected to you based on which eabh to process the data. Of course, you may object to processing of your personal data for advertisements and data analysis at any time.

2.4. Data erasure and duration of storage

Your personal data will be deleted or blocked by eabh as soon as the purpose of storage is no longer applicable; in this context, blocking shall mean any removal of the reference of the data to your person. Storage may further take place when this is stipulated by the European or national legislator in regulations, laws or other rules that eabh is subject to. Blocking or erasure of the data shall also take pace if a storage period required by the standards named expires, except if further storage of the data is required for conclusion of a contract or performance of a contract.

2.5. Information about statutory or contractual requirements concerning the provision of personal data; requirement necessary to enter into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such

We would like to clarify to you that the provision of personal data is in part statutorily prescribed (e.g., tax regulations) or can also arise from contractual provisions (e.g., specifications as to contracting partner).

On occasion, for entering into a contract it can be necessary that you make available to us personal data which subsequently must be processed by us.

You can contact us prior to providing any personal data. We will clarify to you for the individual case whether the provision of personal data is statutorily or contractually required or necessary for entering into the contract, whether any obligation exists to provide the personal data, and which consequences would arise from failure to provide such data.

 

3. Information about purposes and legal basis of processing of your personal data within the scope of the newsletter dispatch as well as the other ways of contacting you

3.1. Description and scale of processing activities

eabh sends out a newsletter and invitations to events for your information concerning current events and developments, as well as to maintain our contact with you. In addition to this, your data will be processed for measures for maintenance of the relationship with you, e.g. to send out Christmas cards, in exceptions. For this, the following personal data will be processed:

The indication of the e-mail address is obligatory in order to be able to use the offer of our newsletter.

The processing of your further data serves the personalization of contacts as well as the specialization of offers and information.

We would like to point out that we evaluate your user behaviour when sending a newsletter. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files stored on our website. For evaluation purposes, we link the above data and web beacons to your e-mail address and an individual ID. Links received in the newsletter also contain this ID. The data is collected exclusively pseudonymised, the IDs are therefore not linked to your other personal data, direct personal relationship is excluded.

3.2. Purpose of processing activities

We process your e-mail address for the purpose of sending our newsletter, in particular for your information about current developments at eabh current research projects and publications, current and planned events and to maintain our relationship with you.

Your further data will be processed for the purpose of personalizing contact with you and informing you about special events and publications that correspond to your field of interest and research.

3.3. Legal basis of processing activities

If we use your data, as far as possible, we will always obtain your express consent (sect. 6 para. 1 s. 1 lit. a GDPR).

If you subscribe to our newsletter we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

3.4. Storage period

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This may be the case in particular if you withdraw your consent to receiving the newsletter or any other information and there is no other legal basis for further processing of your e-mail address or other data by us. You can revoke your consent at any time. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to c.hofmann@bankinghistory.org or by sending a message to the contact data specified in section 1.1. 

 

4. Contact

4.1. Description and scale of processing activities

You can contact us by e-mail if you have any questions about our offers, events or our research work. In this case we collect and process your e-mail address and the content of your message. We will also regularly process your name and other data, which may result from your signature or other information you provide to us in your inquiry.

4.2. Purpose of processing activities

We process your e-mail address and other personal data exclusively to answer your inquiry.

4.3. Legal basis of processing activities

The legal basis for the processing of your data is your express consent (sect. 6 para. 1 s. 1 lit. a GDPR). In addition, the legal basis for processing your data is the protection of our legitimate interests resulting from the purposes of data processing described above; in this respect, we assume that your positions protected by fundamental rights do not outweigh our interests in data processing (sect. 6 para. 1 s. 1 lit. f GDPR).

4.4. Storage period

We retain your provided personal information as long as it is necessary, in usual until your concern has been answered to your satisfaction. Afterwards, it will be deleted if there is no other legal basis for further processing of your e-mail address or other data by us.

 

5. Event Registration

5.1. Description and scale of processing activities

You can register on our website for individual events that we organize ourselves or in cooperation with other institutions and partners. The following personal data are required and processed by you for your registration:

In addition, you can voluntarily provide us with the following data:

5.2. Purpose of processing activities

We process your data exclusively for your registration for the event, to organize the event and your attendance.

5.3. Legal basis of processing activities

The processing of your data is justified, as this is necessary for the execution of the contract for the event sect. 6 para. 1 s. 1 lit. b GDPR). Additional legal basis is your consent according to sect. 6 para. 1 s. 1 lit. a GDPR as well as the protection of our legitimate interests resulting from the purposes of data processing described above; in this respect, we assume that your positions protected by fundamental rights do not outweigh our interests in data processing (sect. 6 para. 1 s. 1 lit. f GDPR).

5.4. Storage period

We retain your provided personal information as long as it is necessary, in usual until the event is finished. Afterwards, it will be deleted if there is no other legal basis for further processing of your e-mail address or other data by us.

 

6. Information about the processing of your personal data when you visit our websites

6.1. Description and scale of processing activities

With each retrieval of our website, your internet browser transmits a series of technically necessary data to our webserver. These data are stored in the log files of the webserver. The following data are recorded:

These data are stored separately from the personal data. In no event are they associated with your personal data. By extension, this precludes the possibility of making inferences to a particular person.

6.2. Purpose of processing activities

In using the webserver log data, we do not draw any inferences about the data subject. Rather, the webserver log data are used to correctly deliver the contents of our internet site, to guarantee the sustained functionality of our information technology systems and of the technology of our internet site, as well as to furnish law enforcement authorities the information necessary for a criminal-law prosecution in the event of a cyberattack.

The anonymously collected data and information are evaluated by us, statistically, on the one hand, and moreover, with the objective of increasing data protection and data security in our company, in order to ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

6.3. Encryption and other security measures

Within the website, we use the widespread SSL procedure (secure socket layer) in conjunction with the respectively highest stage of encryption that is supported by your web browser. As a rule, this involves a 256-bit encryption. In the event that your browser does not support 256-bit encryption, we then resort to a 128-bit v3 technology. You can determine whether or not an individual page of our internet presence is transferred encrypted in the closed depiction of the key or lock symbol in the bottom status bar of your browser.

Apart from that, we make use of suitable technical and organizational security measures in order to protect your data against accidental or intentional manipulation, whole or partial loss or destruction, or against unauthorized access by third parties. Our security measures are continuously improved in keeping with technological development.

6.4. Legal basis of processing activities

The data processing of the webserver logs is effected on the basis of the statutory provisions of sect. 6 para. 1 s. 1 lit. a GDPR (safeguarding legitimate interests of the controller; our legitimate interest follows from the purposes listed above for data collection). Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

6.5. Storage period

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

6.6. Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on your part.

 

7. Web analysis, Cookies & links to social networks / Google maps

7.1. Google Analytics

This website uses Google Analytics, a web analysis service of Google, Inc. (“Google”). Google Analytics uses so-called , text data files, which are stored on your computer and enable an analysis of the use of the website by the user. The information generated by the cookie about the use of this website is, as a rule, transferred to a Google server in the United States and stored there. In the event the IP anonymization on this website is activated, the IP address, however, is abbreviated by Google ahead of time within the Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in cases of exception will the complete IP address be transferred to a server in the United States and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports about the website activities, and to render additional services associated with the website and internet use vis-à-vis the website operator. The IP address transmitted by your browser in the course of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by commensurately setting your browser software; however, we would like to point out to you that in this event, it is possible that you may not be able to use all of this website’s functions to their fullest extent.

Moreover, you can prevent the recording of data generated by the cookie and related to your use of the website (incl. your IP address) by Google, as well as the processing of these data by Google, by downloading and installing the browser plug-in available under the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

Alternatively, and particularly with browsers on mobile devices, in the future you will be able to prevent Google Analytics from recording the data of this website with this browser by placement of an opt-out cookie. <a href=”javascript:gaOptout()”>Click here to deactivate Google Analytics</a>. Should you erase the opt-out cookie, then you will have to click on this link again in order to prevent Google Analytics from recording the data of this website with this browser.

This website uses Google Analytics with the expansion “_anonymizeIp().” By means of such, IP addresses are further processed having been abbreviated; in this way, any ability to relate such to a specific person is ruled out. To the extent that any relation to the person arises to the data collected about you, this will be ruled out immediately and, by extension, the personal data promptly erased.

We use Google Analytics to be able to analyse and regularly improve the use of our website. Through the statistics obtained, we can improve our offer and design it to be of greater interest to you as the user. For the cases of exception in which personal data are transferred to the United States, Google subjected itself to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is sect. 6 para. 1 s. lit. f GDRP.

Information of third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms and conditions of use: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data protection declaration: http://www.google.de/intl/de/policies/privacy.

7.2. Cookies

7.2.1. Description and scale of processing activities

Our websites use cookies to configure the operation of our websites in a simpler, more customer-friendly manner. Cookies are small text data files that the internet browser stores on the user’s computer. If the user subsequently retrieves the corresponding website again, cookies make it possible to recognize the computer once more. As a consequence of this recognition, for instance, data entered one time already stand at the ready when an order form is filled out more than once. Our website uses various types of cookies, the scope and functioning of which are explained below:

Some elements of our website require that your browser can be identified even after a page change. This requires the use of so-called transient cookies (session cookies). These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. We use cookies to make our website more user-friendly, because some elements of our website require that the calling browser can be identified again after a page change. Session cookies are deleted when you log out or close your browser.

In addition, so-called persistent cookies are used. These cookies enable an analysis of the surfing behaviour, in particular the following data can be transmitted: entered search terms, frequency of page views, use of website functions. You can configure the use of these cookies in your browser settings according to your wishes. Here, for example, the acceptance of third party cookies or all cookies can be rejected. The data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data. The data will not be stored together with any other of your personal data. When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this data protection declaration. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings. We would like to point out that you may not be able to use all functions of this website if you object to the use of persistent cookies.

Our website also uses flash-cookies. These are not recorded by your browser, but possibly by your Flash plug-in. We also use HTML5 storage objects that are stored on your mobile device. These objects store the required data independently of your browser and do not have an automatic expiry date. If you do not want the Flash cookies to be processed, you must install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and your browser history manually.

7.2.2. Purpose of processing activities

The purposes of data processing differ depending on the cookies used:

The purpose of using technically necessary transient cookies is to enable and simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that your browser is recognized even after a page change. This applies, for example, to the adoption of language settings or the memorization of search terms. The user data collected by technically necessary cookies are not used to create user profiles.

The analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.

The purpose of using flash-cookies / HTML5 storage objects is to simplify the use of our websites for you and to optimize their content. Some functions of our website cannot be offered or only to a limited extent without the use of these technical aids.

7.2.3. Legal basis of processing activities

The legal basis for the temporary storage of data is sect. 6 para. 1 s. lit. f GDRP. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally. The legal basis for the processing of personal data using cookies for analytical purposes is sect. 6 para. 1 s. lit. a GDRP.

7.2.4. Storage period; Possibility of objection and elimination

Ordinarily, cookies are used which, after the end of the browser, are automatically erased from the user’s hard drive (so-called session cookies). Other cookies can remain on the user’s computer and have the effect that the user is recognized subsequently upon the next visit (so-called persistent cookies). The persistent cookies are automatically erased after the expiration of the prescribed time period, which can be different for each cookie. You can erase the persistent cookies at any time in the security settings of your browser.

In addition, at any time you can change the storage of cookies in the browser settings of your computer. To do so, the function “do not accept cookies” must be activated. E.g. in Google Chrome, you can activate the function “do not accept any cookies” here: chrome://settings/content/cookies. However, this can possibly result in your no longer being able to use a website to its fullest extent.

7.3. Links to social networks

7.3.1. Description and scale of processing activities

We link to the following social networks:

You can identify the provider of the network by its initial letter or the logo. We only link to the websites of the social networks. When you visit our site, no personal data is initially passed on to the providers of the social network. If you want to use one of the networks, click on the respective logo to establish a direct connection to the server of the respective network. Thus, we only give you the opportunity to communicate directly with the provider of the social network via the button. Only if you click on the marked field and thereby activate it, the provider receives the information that you have accessed the corresponding website of our online offer. In this case, parts of the information collected when you visit our website (see Section 4.1) will be transmitted to the extent necessary. We recommend to you to delete all cookies before clicking on the provider button via the security settings of your browser.

The data is transferred regardless of whether you have an account with the social network provider and/or you are logged in there. If you are logged in, your data collected by us will be directly assigned to your existing account. We recommend that you log out regularly after using a social network, especially before activating the button.

If you click on the link, it is possible that data may reach providers in countries outside the EU which do not guarantee an “adequate level of protection” for the processing of personal data in accordance with EU standards. Please bear this in mind before clicking on a link to initiate the transfer of your data.

7.3.2. Purpose of processing activities

The purpose of data transmission is to simplify the use of websites for users. Through the links we offer you the simple possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

7.3.3. Legal basis of processing activities

If you follow the link, the legal basis for processing the data is sect. 6 para. 1 s. 1 lit. a GDRP and the protection of our legitimate interests according to sect. 6 para. 1 s. 1 lit. f GDRP; our legitimate interests result from the purposes described for data processing.

7.3.4. Storage period; Possibility of objection and elimination

Ordinarily, cookies are used which, after the end of the browser, are automatically erased from the user’s hard drive (so-called session cookies). Other cookies can remain on the user’s computer and have the effect that the user is recognized subsequently upon the next visit (so-called persistent cookies). The persistent cookies are automatically erased after the expiration of the prescribed time period, which can be different for each cookie. You can erase the persistent cookies at any time in the security settings of your browser.

In addition, at any time you can change the storage of cookies in the browser settings of your computer. To do so, the function “do not accept cookies” must be activated. E.g. in Google Chrome, you can activate the function “do not accept any cookies” here: chrome://settings/content/cookies. However, this can possibly result in you no longer being able to use our website to its full extent.

7.3.5. Addresses of the respective social network providers and URL with their data protection information:

Facebook
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; for further information click: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications sowie http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Twitter
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA / Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND; for further information click: https://twitter.com/de/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google+
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for further information click: https://www.google.de/intl/de/policies/privacy. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

YouTube
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for further information click: https://policies.google.com/privacy?hl=de&gl=de. YouTube has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

7.4. Google Maps

On this website we use a link to Google Maps. This allows you to use the map function of Google Maps easily.

If you follow the link to Google Maps, parts of the data referred to in Section 4.1 of this declaration may be transmitted. This happens whether you’re logged in to a Google Account or you don’t have a user account. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the link.

7.4.1. Legal basis of processing activities

If you follow the link, the legal basis for processing the data is sect. 6 para. 1 s. 1 lit. a GDRP and the protection of our legitimate interests according to sect. 6 para. 1 s. 1 lit. f GDRP; our legitimate interests result from the purposes described for data processing.

7.4.2. Addresses of the respective social network providers and URL with their data protection information:

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for further information click: https://www.google.de/intl/de/policies/privacy. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

 

8. Passing on your data to third parties

Unless expressly stated otherwise above, we do not share personal information with companies, organizations or individuals outside our organization except in one of the following circumstances:

8.1. With your consent

We pass on personal data to companies, organizations or persons outside our company if we have received your consent; this relates in particular to the circumstances described above when using our online offers.

8.2. Processing your data by other parties

We make personal data available to our business partners, other trustworthy companies or persons who process the data on our behalf. This is done on the basis of our instructions and in accordance with our privacy policy and other appropriate confidentiality and security measures.

8.3. For legal reasons

We will disclose personal data to companies, organizations or individuals if we can reasonably believe in good faith that access to, use, retention or disclosure of such data is necessary to comply with applicable laws, regulations or legal proceedings, or to comply with an enforceable government order.

 

9. Forwarding of data to a third country or international organisation

Unless expressly stated in this privacy statement, your personal data will not be transferred to third countries or international organizations.

 

10. Automated individual decision-making, including profiling

Automated decision-making in an individual case, including profiling, does not take place.

 

11. Your rights

If any personal data of you are processed, you are a data subject within the meaning of GDPR and you have the following rights towards the controller; the controllers can be found in item 1.1..

11.1. Information rights

You have the right to be informed about the data stored by the controller, in particular the purposes for which they are processed and the time for which the data are stored (sect. 15 GDPR).

11.2. Right to rectification

You have a right to rectification and/or completion towards the controller, provided that the personal data processed concerning you are inaccurate or incomplete. The controller shall rectify them without undue delay.

11.3. Right to restriction of processing

You have the right to demand restriction of processing of your data. This right shall in particular apply for the duration of the review if you have disputed accuracy of the data concerning you, and for the case that you desire restricted processing instead of erasure if you have a right to erasure. Furthermore, processing shall be restricted if the data are no longer required for the purpose pursued by us, but you need the data to assert, exercise or defend legal claims, as well as if the successful exercise of an objection between the controller and you is disputed (sect. 18 GDPR).

11.4. Right to erasure

You have the right to demand erasure of the personal data concerning you from the controller. These conditions stipulate that you may demand erasure of your data if the controller, e.g., no longer needs the personal data for the purposes for which they were collected or otherwise processed, the controller illegally processes the data or you have rightfully objected or you have withdrawn your consent or if there is any legal erasure obligation (sect. 17 GDPR).

11.5. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format (sect. 20 GDPR) if these have not been deleted already.

11.6. Right to object

You have the right to object to processing of personal data concerning you that are processed based on sect. 5 para. 1 s. 1 lit. e or lit. f GDPR for reasons that result from your special situation at any time (sect. 21 GDPR). The controller will cease processing of the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If you object, e.g., to use of your data for purposes of marketing, the controller shall not process your data anymore for such purposes.

11.7. Right to revocation of the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

11.8. Right to not be subject to automated decision-making in an individual case including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

However, such decisions shall not be based on special categories of personal data referred to in sect. 9 para. 1 GDPR, unless sect. 9 para. 2 lit. a or g GDPR applies and suitable measures to safeguard the rights and freedoms and your legitimate interests are in place. Regarding the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

11.9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant about the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.