Privacy Policy

Privacy Policy


1. General scope of data processing
 
Data protection has a high priority in our society. We comply with the General Data Protection Regulation (GDPR), which regulates the processing of personal data uniformly for the entire European Union and other national data protection laws of the member states as well as other data protection regulations. We generally only collect, process and use personal data insofar as this is necessary for the provision of a functional website and for the presentation of our offers and provision of our services.
 
As a user, you can basically visit our website without providing any personal information. Personal data is only collected and used insofar as this is necessary to provide a functional website and our content and services. Your personal data is generally only collected and used with your consent. An exception applies in cases in which prior consent cannot be obtained for factual reasons or where the collection and processing of data is permitted by law.
 
For security reasons, we use an SSL certificate on our website to provide secure connections by encrypting all incoming and outgoing data traffic. You can recognize the encryption by the lock symbol in your browser line and by the fact that "https: //" is displayed there.
 
2. Name and address of the person responsible for data processing
 
The person responsible within the meaning of the GDPR is:
 
Birgie GmbH
Erpinghofstr. 3rd
44369 Dortmund
Telephone: +49 (0) 162/516 65 34
Email: info@birgiehome.com
 
3. Definitions
 
The terms used in this data protection declaration correspond to those from Article 4 GDPR. For the purposes of this regulation, the term denotes
 
"Personal data" - all information relating to an identified or identifiable natural person; An identifiable person is a natural person who can be identified directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, the expression of the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person;
 
"Data subject" - any identified or identifiable natural person whose personal data are processed by the controller.
 
"Processing" - any process or series of processes carried out with or without the help of automated processes in connection with personal data such as the collection, collection, organization, organization, storage, adaptation or modification, reading, querying, etc. Use, disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction;
 
"Restriction of processing" - the marking of stored personal data with the aim of restricting their future processing;
 
"Profiling" - any type of automated processing of personal data, which consists in the fact that this personal data is used to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, analyze or predict personal preferences, interests, reliability, behavior, location or change of location of this natural person;
 
"Controller" - the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data; if the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for naming them may be provided in accordance with Union law or the law of the Member States;
 
“Recipient” - a natural or legal person, public authority, agency or other body to which personal data are disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation mandate under Union law or the law of the Member States are not considered recipients; The processing of this data by the aforementioned authorities is carried out in accordance with the applicable data protection regulations in accordance with the purposes of the processing

"Third Party" - a natural or legal person, public authority, agency or other body, apart from the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or processor;
"Consent" - the data subject any voluntary expression of will in the form of a declaration or other unambiguous confirmatory act for the specific case, in an informed manner and unequivocally, with which the data subject indicates that they are processing the personal data relating to them Data agrees.
4. General legal bases for the processing of personal data
Insofar as we obtain the data subject's consent for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 Para. 1 lit. c GDPR legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR legal basis.
If the necessary processing serves to safeguard our legitimate interest or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR legal basis for processing.
5. Data deletion and storage duration

Your personal data stored by us will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by European or national legislators in EU regulations, laws or other regulations to which we are subject, e.g. due to tax and commercial law retention and documentation obligations. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

6. Collection of technical access data, server log files
Each time our website is accessed, our web server automatically collects data and information from the computer system of the computer you are using. The following data is collected:
• Browser name and version used
• Operating system used
• Internet service provider
IP address
• Date and time of access
• Website from which you access our website (referrer URL)
• Name and URL of the files accessed via our website
• Time zone difference
• Error information for error analysis
• Language of the operating system
• Location data (country, city)
The data is temporarily stored in the log files of the web server we use. This data is not stored together with other personal data. We cannot assign your data to any specific person. We only use this technical log data for statistical purposes and to optimize our website and its security. The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 lit. f GDPR.
The temporary storage of the IP address by our web server is necessary in order to enable delivery of the websites accessed in each case to your computer. For this, the IP address of the accessing computer must remain stored for the duration of the session. The log files are saved to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. Our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR.
The stored data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection and elimination on your part.
7. Use of cookies
We use "cookies" on our website. "Cookies" are text files that are stored in the Internet browser or by the Internet browser on the computer system that calls it up. If you visit a website, a cookie can be saved on the operating system of the computer you are using. This cookie contains a characteristic string that enables the browser to be clearly identified when the website is called up again.
The purpose of using cookies is to simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change, e.g. Log-in information, content of the shopping cart, adoption of language settings, remembering search terms. The user data collected through technically necessary cookies are not used to create user profiles. The data processed by cookies are for the purposes mentioned to protect our legitimate interests in a customer-friendly website design in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR required.
Cookies are stored on your computer and transmitted from there to our website. As a user, you therefore have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. Depending on the browser, this can also be done automatically. You can find setting options for your browser on the website of the respective provider of your browser.
If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent. The transmission of flash cookies cannot be prevented via the settings of the browser, but by changing the settings of the flash player.
8. Comment function in the blog

On our blog (web logbook with contributions from the website operator) you have the option of making individual comments on individual blog entries. If you leave a comment on a published blog post, in addition to the comments you have inserted, information about the time the comment was entered and the user name (pseudonym) you selected will be saved and published. We also log the IP address assigned by your Internet service provider (ISP). The IP address is stored for security reasons and in the event that you violate the rights of third parties or post illegal content through a comment and we have to defend ourselves against it. Our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR. Except in cases of a required legal defense or in cases prescribed by law, the personal data collected will not be passed on to third parties.
9. Newsletter
If you have the opportunity to subscribe to a free newsletter on our website, the following applies: When you register for the newsletter, the data from the input mask is transmitted to us. The data requested in the input mask then includes your first and last name and your email address so that we can send the newsletter to you personally at your email address. Your consent to the processing of the data is obtained during the registration process and reference is made to this data protection declaration.

In addition, the IP address of the accessing computer and the date and time of registration are recorded when registering in order to prevent misuse of the services or the email address used or to be able to understand them in the event of a complaint. Our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR.
If you purchase goods or services on our website and store your email address, we can subsequently use this to send you a newsletter. In such a case, the newsletter will only send direct mail for your own similar goods or services. In connection with data processing for the sending of newsletters, the data is not passed on to third parties. The data will only be used to send the newsletter. The legal basis for processing the data after you have subscribed to the newsletter is Art. 6 Para. 1 lit. a GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Your email address will therefore only be stored for as long as the subscription to the newsletter is active, unless you have expressly consented to further use of your data. You can unsubscribe from the newsletter at any time.For this purpose there is a corresponding link in every newsletter. This also enables a revocation of the consent to the storage of personal data collected during the registration process.
10. Customer registration
If you have the option on our website to set up a customer account and register by entering your personal data, the following applies: The data is entered in an input mask and transmitted to us and saved. A transfer of data to third parties does not take place. The following data is collected during the registration process: your company / business name, your first and last name, your postal address, your email address, your telephone number, your personal login password. As part of the registration process, your consent to the processing of this data is expressly obtained. The following data is also stored at the time of registration: the IP address of the accessing computer, date and time of registration. Our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR
Your registration is required to fulfill a contract with you or to carry out pre-contractual measures. By registering, we can provide you with the data you have entered quickly and easily without having to re-enter them. The legal basis for processing the data is Art. 6 Para. 1 lit. a GDPR. If the registration serves to fulfill a contract between you and us or to carry out pre-contractual measures, then an additional legal basis for the processing of the data is Art. 6 Para. 1 lit. b GDPR.
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the fulfillment of a contract or for the implementation of pre-contractual measures during the registration process if the data is no longer required for the execution of the contract. Even after the contract has been concluded, there may be a need to store the contractual partner's personal data in order to fulfill contractual or legal obligations.
As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time. To change or delete your data, simply contact us using the contact details shown in the imprint. Ideally, send us an email. If the data is required to fulfill a contract or to carry out pre-contractual measures, the data can only be deleted prematurely unless there are contractual or legal obligations to prevent deletion.

11. Contact form and email contact
If there is a contact form on our website that you can use to contact us electronically, the following applies: If you use this option, the data entered in the input mask will be transmitted to us and saved. This data is used to process the contacting your first and last name, your email address, minimum mandatory information is marked. At the time the message is sent, the IP address of the calling computer is also; Date and time of registration saved to prevent misuse of the contact form and to ensure the security of our information technology systems. Our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR.
For the processing of the data, we obtain your consent before sending it and at the same time refer to this data protection declaration. Alternatively, you can contact us by email. In this case, only the personal data you sent with the email will be saved to process the contact. Under no circumstances will your data be passed on to third parties. Your data will only be used for the intended communication. The legal basis for processing the data if you have given your consent is Art. 6 Para. 1 lit. a GDPR. The legal basis for the processing of personal data that you have sent to us by email is Art. 6 Para. 1 lit. f GDPR. If the email contact aims to conclude a contract, then an additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective communication with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.
You have the option to withdraw your consent to the processing of personal data at any time. If you have contacted us by email, you can object to the storage of your personal data at any time. The revocation can e.g. by sending a revocation email or by letter to our contact addresses shown in the imprint. All personal data that was saved in the course of contacting us will then be deleted.
12. Data transfer to service partners
We only pass on your personal data to service partners who are involved in contract execution, e.g. the shipping company commissioned with the delivery, the credit institution commissioned with payment matters (dropshipping in the case of delivery) the supplier / wholesaler. The scope of data transfer to third parties is limited to the minimum required, namely your first and last name, your address and, if applicable, your delivery address. The legal basis is Art. 6 Para. 1 lit. b GDPR.
In the event that you have expressly given your consent to us or at your request to the service partner, we will also give your email address, your telephone number or your date of birth for the purpose of coordinating a delivery date of the shipping company or a necessary identity and credit check of the payment service provider. If you do not give us your consent in this regard, prior coordination of a delivery date or delivery announcement or a "purchase on account" or "purchase by direct debit" or "installment purchase" is not possible. The legal basis for this is Art. 6 Para. 1 lit. a GDPR.
You can of course withdraw your consent to us or to the respective service partner at any time with effect for the future. However, the respective service partner may still be entitled to process your personal data if this is necessary for the contractual execution of the contract.
We work especially with the following service providers:

a) Service providers
Mailchimp
We use the "MailChimp" service from Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA to send the newsletter. With "MailChimp" the recipient's data is stored in pseudonymous form, i.e. used without assignment to a user, to optimize or improve their own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter or for statistical purposes. The data of our newsletter recipients are only used by us and not by Rocket Science Group LLC, for example to write to you yourself or to pass the data on to third parties.
MailChimp is certified under the Privacy Shield Agreement and thus guarantees compliance with a European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). You can view the data protection regulations of the shipping service provider under the following link: https://mailchimp.com/legal/privacy/. The use of the service corresponds to our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. We have an order processing contract with the provider in accordance with Art. 28 para. 3 sentence 1 GDPR concluded.
JTL-eazyAuction
The order processing for the product JTL-eazyAuction takes place via the service provider “JTL-Software” (JTL-Software-GmbH, Rheinstrasse 7, 41836 Hückelhoven). Name, address and, if applicable, other personal data are stored in accordance with Art. 6 Para. 1 lit. b GDPR only passed on to JTL software for processing the online order. Your data will only be passed on to the extent that this is actually necessary for the processing of the order and thus the contractual obligations. Details on data protection at JTL-Software and the data protection declaration of JTL-Software-GmbH can be viewed at the following link: https://www.jtl-software.de/datenschutz.
b) Shipping service provider:
DHL
In the event that the shipment is made via DHL, we will pass on your respective data to Deutsche Post AG, Charles-de-Gaulle-Strasse 20, 53113 Bonn.
DPD
In the event that the shipment is made via DPD, we will provide your respective data to
DPD Deutschland GmbH, Wailandtstrasse 1, 63741 Aschaffenburg.
Hermes
In the event that the shipment is made via Hermes, we will pass on your respective data to Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg.
UPS
In the event that the shipment is made via UPS, we pass on your respective data to United Parcel Service Deutschland Inc. & Co.OHG, Görlitzer Straße 1, 41460 Neuss.
GLS
In the event that the shipment is made via GLS, we will give your respective data to
General Logistics Systems Germany GmbH & Co.OHG, GLS Germany-Straße 1 - 7, 36286 Neuenstein.
c) Payment service provider
PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal, we give your payment details to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values ​​(so-called score values). As far as score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is used to calculate the score values. Further data protection information can be found in the PayPal data protection principles: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
13. Third party tools and plugins
We use third-party tools on our website, e.g. for the analysis of usage data in order to be able to optimally design our online offers and our website with a view to user-friendliness and optimization. The tools generally use "cookies" (for definition see "Cookies" above). Data processing takes place on the basis of the legal provisions of Art. 6 Para. 1 lit f GDPR (legitimate interest).
In order to respect your privacy, the data that may allow a reference to your person, such as IP address, login or device IDs, anonymized or pseudonymized as early as possible. The specific tools are:

Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies" which are saved on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the anonymized, i.e. shortened IP address) is usually transmitted to a Google server in the USA and stored there.
The IP anonymization "_anonymizeIp ()" is activated on our website. With this option, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. This prevents your IP address from being personalized. The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases. In these exceptional cases, this processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the installation of cookies by setting your browser software accordingly. In this case, however, you must expect that you will no longer be able to use all the functions of our website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: //tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on the aforementioned link. An opt-out cookie is set which prevents the future collection of your data when you visit our website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found under the following link in the Google Analytics help: https://support.google.com/analytics/answer/6004245?hl=de
14. Social media plugins
We use buttons (“plugins”) from social networks on our website so that you can act with and about us. With these plugins different functions are made possible, which are given by the different social networks.
The legal basis for the use of social media plugins in relation to the processing of personal data is Art. 6 Para. 1 f GDPR, whereby our legitimate interest in the provision of interaction options for the purpose of direct advertising (recital 47 GDPR) and in the needs-based design of our internet services to interact with social networks to which you belong.
a) We use Shariff Share Button for data protection reasons
With Shariff you can use the integrated social media plugins while maintaining your privacy. "Shariff" (ʃɛɹɪf) was developed by the German computer magazine c’t, which allows share buttons to be integrated in compliance with data protection and the requirements of the General Data Protection Regulation (GDPR - Directive (EU) 2016/679) to be met. More information about the Shariff project can be found in the Github project or on the information page of the c’t magazine.
The usual social media share buttons transmit your user data to the respective operator each time the page is accessed and provide the social networks with precise information about your behavior on the website visited (user tracking). You do not have to be logged in or be a member of the network. A Shariff button, on the other hand, only establishes direct contact between the social network and visitors when the latter actively clicks on the share button. This prevents Shariff from leaving a digital trace on every page you visit and improves data protection. Thanks to Shariff, the "likes" are only displayed on our website.
b) Facebook
We use plugins from the social network "Facebook", Menlo Park, CA 94025, USA (Facebook). You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our website. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/.
If you activate the plugin, the plugin will establish a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can refer to the content of our pages in your Facebook profile.
We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or their use by Facebook and that we are not responsible for Facebook's data processing. For more information, see Facebook's privacy policy at http://de-de.facebook.com/policy.php
c) Twitter
We use functions of the social network "Twitter". These are offered by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. This data is also transmitted to Twitter. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or of their use by Twitter. For more information, see Twitter's privacy policy at http://twitter.com/privacy.
d) Pinterest
We use functions of the social network "Pinterest". These are offered by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA. If you use the Pinterest plugin, your browser establishes a direct connection to the servers of Pinterest Inc., whereby a corresponding Pinterest component is downloaded from Pinterest. More information about Pinterest can be found at https://pinterest.com. As part of this process, Pinterest receives knowledge of which specific subpage of our website you are visiting. If you are logged into Pinterest at the same time, Pinterest can assign every page view to your Pinterest and save this data as well as log data. The protocol data includes your IP address, the address of visited websites with integrated Pinterest functions, as well as the activities carried out on them (e.g. the "Remember" button), search processes, type and settings of the browser, date and time of your visit Inquiry, your use of Pinterest as well as cookie and device data. If you do not want such assignment and storage, you must log out of your Pinterest account beforehand. The privacy policy published by Pinterest on the collection, processing and use of personal data by Pinterest can be found at https://policy.pinterest.com/de/privacy-policy.
15. Rights of the data subject
If personal data is processed by you, you are the person concerned in the sense of GDPR and you have the following rights vis-à-vis the person responsible:
Right to information (Art. 15 GDPR) - You, as the person responsible, can request confirmation from us as to whether personal data concerning you will be processed by us.

In the case of processing, you can request the following information from us: the purposes for which the personal data are processed; the categories of personal data that are processed; the recipients or the categories of recipients to whom the personal data concerning you have been or will be disclosed; the planned duration of the storage of your personal data or, if specific information is not possible, criteria for determining the storage duration; the existence of a right to correction or deletion of your personal data, a right to restriction of processing by the person responsible or a right to object to this processing; the right to lodge a complaint with a supervisory authority; all available information about the origin of the data if the personal data is not collected from the data subject; the existence of automated decision-making, including profiling, in accordance with Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject. You also have the right to request information as to whether the personal data relating to you are transferred to a third country or to an international organization. In this context, you can request the appropriate guarantees in accordance with Art. 46 GDPR to be informed in connection with the transmission.
Right to rectification (Art. 16 GDPR) - You have the right to immediate correction and / or completion towards the person responsible, if the processed personal data that concern you are incorrect or incomplete.
Right to deletion (Art. 17 GDPR) - You, as the person responsible, can request that the personal data concerning you be deleted immediately. In this case, we are obliged to delete this data immediately if one of the following reasons applies: (1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed ) You revoke your consent on which the processing was based in accordance with Art. 6 para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR was based, and there is no other legal basis for the processing. (3) According to Art. 21 para. 1 GDPR and there is no overriding legitimate reason for the processing, or you file an objection pursuant to Art. Art. 21 para. 2 GDPR to object to processing. (4) The personal data concerning you have been unlawfully processed. (5) The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject. (6) The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
Have we made the personal data concerning you public and are we acc. 17 para. 1 GDPR, we take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you as the data subject Person has asked us to delete all links to this personal data or copies or replications of this personal data.
The right to erasure does not exist insofar as processing is necessary (1) to exercise the right to freedom of expression and information; (2) to fulfill a legal obligation which requires processing in accordance with the law of the Union or the Member States to which the controller is subject, or to perform a task which is in the public interest or in the exercise of official authority vested in the controller has been; (3) for reasons of public interest in the area of ​​public health in accordance with Art. 9 Para. 2 lit. h and i and Art. 9 Para. 3 GDPR; (4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes acc. Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or (5) to assert, exercise or defend legal claims.
Right to restriction of processing (Art. 18 GDPR) - You can request the restriction of the processing of your personal data under the following conditions: if you contest the accuracy of your personal data for a period of time that enables the person responsible, the accuracy review personal data; the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted; the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or if you have objected to processing in accordance with Article 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of your personal data has been restricted, this data - apart from its storage - may only be obtained with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest the Union or a Member State. If the restriction of processing according to the above You will be informed by the person responsible before the restriction is lifted.
Right to information (Art. 19 GDPR) - If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he or she is obliged to correct or delete the data to all recipients to whom the personal data concerning you have been disclosed or to restrict processing, unless this proves to be impossible or involves a disproportionate effort. You have the right vis-à-vis the person responsible to be informed about these recipients.

Right to data portability (Art. 29 GDPR) - You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that (1) the processing is based on consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract acc. Art. 6 para. 1 lit. b GDPR is based and (2) processing is carried out using automated processes.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other people must not be affected by this. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.
16. Right to object
You have the right, for reasons that arise from your particular situation, at any time against the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f DSGVO takes place to object; this also applies to profiling based on these provisions.
If you exercise your right to object, we will no longer process the personal data relating to you, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend of legal claims.
If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option of exercising your right to object in connection with the use of information society services using automated procedures that use technical specifications.
17. Right to withdraw the data protection declaration of consent
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
18. Automated decision in individual cases including profiling

You have the right not to be subjected to a decision based solely on automated processing - including profiling - which has legal effect on you or similarly significantly affects you. This does not apply (1) if the decision is necessary for the conclusion or performance of a contract between you and the controller, (2) is permissible due to Union or Member State law to which the controller is subject and this legislation takes appropriate measures to protect your rights and freedoms as well as your legitimate interests or (3) with your express consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. With regard to the cases mentioned in (1) and (3), the person responsible takes appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to express your own position and heard the appeal of the decision.
19. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or the place of the alleged violation, if you believe that the processing of your personal data is against the GDPR violates. The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.
20. Further data protection information
If you have any further questions regarding data protection, please do not hesitate to contact us. Our contact details can be found above under the information on the person responsible for this data protection declaration or in our imprint.
This data protection declaration is provided by RA Kai Harzheim, Hamburg - www.shopabsicherung.de
As of August 6th, 2019