Welcome to Grassroots Wavelengths!

Privacy Policy

We are very delighted that you have shown interest in our web­site. Data pro­tec­tion is of a par­tic­u­larly high pri­or­ity for the Cor­ax e.V. — Ini­ti­at­ive für Freies Radio (her­after called Cor­ax e.V.). The use of our Inter­net pages is pos­sible without any indic­a­tion of per­son­al data; how­ever, if a data sub­ject wants to use spe­cial enter­prise ser­vices via our web­site, pro­cessing of per­son­al data could become neces­sary. If the pro­cessing of per­son­al data is neces­sary and there is no stat­utory basis for such pro­cessing, we gen­er­ally obtain con­sent from the data sub­ject.

The pro­cessing of per­son­al data, such as the name, address, e-mail address, or tele­phone num­ber of a data sub­ject shall always be in line with the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), and in accord­ance with the coun­try-spe­cif­ic data pro­tec­tion reg­u­la­tions applic­able to the Cor­ax e.V.. By means of this data pro­tec­tion declar­a­tion, our enter­prise would like to inform the gen­er­al pub­lic of the nature, scope, and pur­pose of the per­son­al data we col­lect, use and pro­cess. Fur­ther­more, data sub­jects are informed, by means of this data pro­tec­tion declar­a­tion, of the rights to which they are entitled.

As the con­trol­ler, the Cor­ax e.V. has imple­men­ted numer­ous tech­nic­al and organ­iz­a­tion­al meas­ures to ensure the most com­plete pro­tec­tion of per­son­al data pro­cessed through this web­site. How­ever, Inter­net-based data trans­mis­sions may in prin­ciple have secur­ity gaps, so abso­lute pro­tec­tion may not be guar­an­teed. For this reas­on, every data sub­ject is free to trans­fer per­son­al data to us via altern­at­ive means, e.g. by tele­phone.

1. Definitions

The data pro­tec­tion declar­a­tion of the Cor­ax e.V. is based on the terms used by the European legis­lat­or for the adop­tion of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR). Our data pro­tec­tion declar­a­tion should be legible and under­stand­able for the gen­er­al pub­lic, as well as our cus­tom­ers and busi­ness part­ners. To ensure this, we would like to first explain the ter­min­o­logy used.

In this data pro­tec­tion declar­a­tion, we use, inter alia, the fol­low­ing terms:

a) Personal data

Per­son­al data means any inform­a­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (“data sub­ject”). An iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, dir­ectly or indir­ectly, in par­tic­u­lar by ref­er­ence to an iden­ti­fi­er such as a name, an iden­ti­fic­a­tion num­ber, loc­a­tion data, an online iden­ti­fi­er or to one or more factors spe­cif­ic to the phys­ic­al, physiolo­gic­al, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­tity of that nat­ur­al per­son.

b) Data subject

Data sub­ject is any iden­ti­fied or iden­ti­fi­able nat­ur­al per­son, whose per­son­al data is pro­cessed by the con­trol­ler respons­ible for the pro­cessing.

c) Processing

Pro­cessing is any oper­a­tion or set of oper­a­tions which is per­formed on per­son­al data or on sets of per­son­al data, wheth­er or not by auto­mated means, such as col­lec­tion, record­ing, organ­isa­tion, struc­tur­ing, stor­age, adapt­a­tion or alter­a­tion, retriev­al, con­sulta­tion, use, dis­clos­ure by trans­mis­sion, dis­sem­in­a­tion or oth­er­wise mak­ing avail­able, align­ment or com­bin­a­tion, restric­tion, eras­ure or destruc­tion.

d) Restriction of processing

Restric­tion of pro­cessing is the mark­ing of stored per­son­al data with the aim of lim­it­ing their pro­cessing in the future.

e) Profiling

Pro­fil­ing means any form of auto­mated pro­cessing of per­son­al data con­sist­ing of the use of per­son­al data to eval­u­ate cer­tain per­son­al aspects relat­ing to a nat­ur­al per­son, in par­tic­u­lar to ana­lyse or pre­dict aspects con­cern­ing that nat­ur­al person’s per­form­ance at work, eco­nom­ic situ­ation, health, per­son­al pref­er­ences, interests, reli­ab­il­ity, beha­viour, loc­a­tion or move­ments.

f) Pseudonymisation

Pseud­onymisa­tion is the pro­cessing of per­son­al data in such a man­ner that the per­son­al data can no longer be attrib­uted to a spe­cif­ic data sub­ject without the use of addi­tion­al inform­a­tion, provided that such addi­tion­al inform­a­tion is kept sep­ar­ately and is sub­ject to tech­nic­al and organ­isa­tion­al meas­ures to ensure that the per­son­al data are not attrib­uted to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son.

g) Controller or controller responsible for the processing

Con­trol­ler or con­trol­ler respons­ible for the pro­cessing is the nat­ur­al or leg­al per­son, pub­lic author­ity, agency or oth­er body which, alone or jointly with oth­ers, determ­ines the pur­poses and means of the pro­cessing of per­son­al data; where the pur­poses and means of such pro­cessing are determ­ined by Uni­on or Mem­ber State law, the con­trol­ler or the spe­cif­ic cri­ter­ia for its nom­in­a­tion may be provided for by Uni­on or Mem­ber State law.

h) Processor

Pro­cessor is a nat­ur­al or leg­al per­son, pub­lic author­ity, agency or oth­er body which pro­cesses per­son­al data on behalf of the con­trol­ler.

i) Recipient

Recip­i­ent is a nat­ur­al or leg­al per­son, pub­lic author­ity, agency or anoth­er body, to which the per­son­al data are dis­closed, wheth­er a third party or not. How­ever, pub­lic author­it­ies which may receive per­son­al data in the frame­work of a par­tic­u­lar inquiry in accord­ance with Uni­on or Mem­ber State law shall not be regarded as recip­i­ents; the pro­cessing of those data by those pub­lic author­it­ies shall be in com­pli­ance with the applic­able data pro­tec­tion rules accord­ing to the pur­poses of the pro­cessing.

j) Third party

Third party is a nat­ur­al or leg­al per­son, pub­lic author­ity, agency or body oth­er than the data sub­ject, con­trol­ler, pro­cessor and per­sons who, under the dir­ect author­ity of the con­trol­ler or pro­cessor, are author­ised to pro­cess per­son­al data.

k) Consent

Con­sent of the data sub­ject is any freely giv­en, spe­cif­ic, informed and unam­bigu­ous indic­a­tion of the data subject’s wishes by which he or she, by a state­ment or by a clear affirm­at­ive action, sig­ni­fies agree­ment to the pro­cessing of per­son­al data relat­ing to him or her.

2. Name and Address of the con­trol­ler

Con­trol­ler for the pur­poses of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), oth­er data pro­tec­tion laws applic­able in Mem­ber states of the European Uni­on and oth­er pro­vi­sions related to data pro­tec­tion is:

Cor­ax e.V. — Ini­ti­at­ive für Freies Radio

Unter­berg 11

06108 Halle (Saale)

Deutsch­land

Phone: +49 345 — 4700745

Email: info [ät] radiocorax.de

Web­site: www.radiocorax.de

3. Name and Address of the Data Protection Officer

The Data Pro­tec­tion Officer of the con­trol­ler is:

Stella Gebauer

c/o. Cor­ax e.V. — Ini­ti­at­ive für Freies Radio

Unter­berg 11

06108 Halle (Saale)

Deutsch­land

Phone: 0345 — 4700745

Email: ver­wal­tung [ät] radiocorax.de

Web­site: www.radiocorax.de

Any data sub­ject may, at any time, con­tact our Data Pro­tec­tion Officer dir­ectly with all ques­tions and sug­ges­tions con­cern­ing data pro­tec­tion.

4. Cookies

The Inter­net pages of the Cor­ax e.V. use cook­ies. Cook­ies are text files that are stored in a com­puter sys­tem via an Inter­net browser.

Many Inter­net sites and serv­ers use cook­ies. Many cook­ies con­tain a so-called cook­ie ID. A cook­ie ID is a unique iden­ti­fi­er of the cook­ie. It con­sists of a char­ac­ter string through which Inter­net pages and serv­ers can be assigned to the spe­cif­ic Inter­net browser in which the cook­ie was stored. This allows vis­ited Inter­net sites and serv­ers to dif­fer­en­ti­ate the indi­vidu­al browser of the dats sub­ject from oth­er Inter­net browsers that con­tain oth­er cook­ies. A spe­cif­ic Inter­net browser can be recog­nized and iden­ti­fied using the unique cook­ie ID.

Through the use of cook­ies, the Cor­ax e.V. can provide the users of this web­site with more user-friendly ser­vices that would not be pos­sible without the cook­ie set­ting.

By means of a cook­ie, the inform­a­tion and offers on our web­site can be optim­ized with the user in mind. Cook­ies allow us, as pre­vi­ously men­tioned, to recog­nize our web­site users. The pur­pose of this recog­ni­tion is to make it easi­er for users to util­ize our web­site. The web­site user that uses cook­ies, e.g. does not have to enter access data each time the web­site is accessed, because this is taken over by the web­site, and the cook­ie is thus stored on the user’s com­puter sys­tem. Anoth­er example is the cook­ie of a shop­ping cart in an online shop. The online store remem­bers the art­icles that a cus­tom­er has placed in the vir­tu­al shop­ping cart via a cook­ie.

The data sub­ject may, at any time, pre­vent the set­ting of cook­ies through our web­site by means of a cor­res­pond­ing set­ting of the Inter­net browser used, and may thus per­man­ently deny the set­ting of cook­ies. Fur­ther­more, already set cook­ies may be deleted at any time via an Inter­net browser or oth­er soft­ware pro­grams. This is pos­sible in all pop­u­lar Inter­net browsers. If the data sub­ject deac­tiv­ates the set­ting of cook­ies in the Inter­net browser used, not all func­tions of our web­site may be entirely usable.

5. Collection of general data and information

The web­site of the Cor­ax e.V. col­lects a series of gen­er­al data and inform­a­tion when a data sub­ject or auto­mated sys­tem calls up the web­site. This gen­er­al data and inform­a­tion are stored in the serv­er log files. Col­lec­ted may be (1) the browser types and ver­sions used, (2) the oper­at­ing sys­tem used by the access­ing sys­tem, (3) the web­site from which an access­ing sys­tem reaches our web­site (so-called refer­rers), (4) the sub-web­sites, (5) the date and time of access to the Inter­net site, (6) an Inter­net pro­tocol address (IP address), (7) the Inter­net ser­vice pro­vider of the access­ing sys­tem, and (8) any oth­er sim­il­ar data and inform­a­tion that may be used in the event of attacks on our inform­a­tion tech­no­logy sys­tems.

When using these gen­er­al data and inform­a­tion, the Cor­ax e.V. does not draw any con­clu­sions about the data sub­ject. Rather, this inform­a­tion is needed to (1) deliv­er the con­tent of our web­site cor­rectly, (2) optim­ize the con­tent of our web­site as well as its advert­ise­ment, (3) ensure the long-term viab­il­ity of our inform­a­tion tech­no­logy sys­tems and web­site tech­no­logy, and (4) provide law enforce­ment author­it­ies with the inform­a­tion neces­sary for crim­in­al pro­sec­u­tion in case of a cyber-attack. There­fore, the Cor­ax e.V. ana­lyzes anonym­ously col­lec­ted data and inform­a­tion stat­ist­ic­ally, with the aim of increas­ing the data pro­tec­tion and data secur­ity of our enter­prise, and to ensure an optim­al level of pro­tec­tion for the per­son­al data we pro­cess. The anonym­ous data of the serv­er log files are stored sep­ar­ately from all per­son­al data provided by a data sub­ject.

6. Routine erasure and blocking of personal data

The data con­trol­ler shall pro­cess and store the per­son­al data of the data sub­ject only for the peri­od neces­sary to achieve the pur­pose of stor­age, or as far as this is gran­ted by the European legis­lat­or or oth­er legis­lat­ors in laws or reg­u­la­tions to which the con­trol­ler is sub­ject to.

If the stor­age pur­pose is not applic­able, or if a stor­age peri­od pre­scribed by the European legis­lat­or or anoth­er com­pet­ent legis­lat­or expires, the per­son­al data are routinely blocked or erased in accord­ance with leg­al require­ments.

7. Rights of the data subject

  • a) Right of confirmation

    Each data sub­ject shall have the right gran­ted by the European legis­lat­or to obtain from the con­trol­ler the con­firm­a­tion as to wheth­er or not per­son­al data con­cern­ing him or her are being pro­cessed. If a data sub­ject wishes to avail him­self of this right of con­firm­a­tion, he or she may, at any time, con­tact any employ­ee of the con­trol­ler.

  • b) Right of access

    Each data sub­ject shall have the right gran­ted by the European legis­lat­or to obtain from the con­trol­ler free inform­a­tion about his or her per­son­al data stored at any time and a copy of this inform­a­tion. Fur­ther­more, the European dir­ect­ives and reg­u­la­tions grant the data sub­ject access to the fol­low­ing inform­a­tion:

    • the pur­poses of the pro­cessing;
    • the cat­egor­ies of per­son­al data con­cerned;
    • the recip­i­ents or cat­egor­ies of recip­i­ents to whom the per­son­al data have been or will be dis­closed, in par­tic­u­lar recip­i­ents in third coun­tries or inter­na­tion­al organ­isa­tions;
    • where pos­sible, the envis­aged peri­od for which the per­son­al data will be stored, or, if not pos­sible, the cri­ter­ia used to determ­ine that peri­od;
    • the exist­ence of the right to request from the con­trol­ler rec­ti­fic­a­tion or eras­ure of per­son­al data, or restric­tion of pro­cessing of per­son­al data con­cern­ing the data sub­ject, or to object to such pro­cessing;
    • the exist­ence of the right to lodge a com­plaint with a super­vis­ory author­ity;
    • where the per­son­al data are not col­lec­ted from the data sub­ject, any avail­able inform­a­tion as to their source;
    • the exist­ence of auto­mated decision-mak­ing, includ­ing pro­fil­ing, referred to in Art­icle 22(1) and (4) of the GDPR and, at least in those cases, mean­ing­ful inform­a­tion about the logic involved, as well as the sig­ni­fic­ance and envis­aged con­sequences of such pro­cessing for the data sub­ject.

    Fur­ther­more, the data sub­ject shall have a right to obtain inform­a­tion as to wheth­er per­son­al data are trans­ferred to a third coun­try or to an inter­na­tion­al organ­isa­tion. Where this is the case, the data sub­ject shall have the right to be informed of the appro­pri­ate safe­guards relat­ing to the trans­fer.

    If a data sub­ject wishes to avail him­self of this right of access, he or she may, at any time, con­tact any employ­ee of the con­trol­ler.

  • c) Right to rectification

    Each data sub­ject shall have the right gran­ted by the European legis­lat­or to obtain from the con­trol­ler without undue delay the rec­ti­fic­a­tion of inac­cur­ate per­son­al data con­cern­ing him or her. Tak­ing into account the pur­poses of the pro­cessing, the data sub­ject shall have the right to have incom­plete per­son­al data com­pleted, includ­ing by means of provid­ing a sup­ple­ment­ary state­ment.

    If a data sub­ject wishes to exer­cise this right to rec­ti­fic­a­tion, he or she may, at any time, con­tact any employ­ee of the con­trol­ler.

  • d) Right to erasure (Right to be forgotten)

    Each data sub­ject shall have the right gran­ted by the European legis­lat­or to obtain from the con­trol­ler the eras­ure of per­son­al data con­cern­ing him or her without undue delay, and the con­trol­ler shall have the oblig­a­tion to erase per­son­al data without undue delay where one of the fol­low­ing grounds applies, as long as the pro­cessing is not neces­sary:

    • The per­son­al data are no longer neces­sary in rela­tion to the pur­poses for which they were col­lec­ted or oth­er­wise pro­cessed.
    • The data sub­ject with­draws con­sent to which the pro­cessing is based accord­ing to point (a) of Art­icle 6(1) of the GDPR, or point (a) of Art­icle 9(2) of the GDPR, and where there is no oth­er leg­al ground for the pro­cessing.
    • The data sub­ject objects to the pro­cessing pur­su­ant to Art­icle 21(1) of the GDPR and there are no over­rid­ing legit­im­ate grounds for the pro­cessing, or the data sub­ject objects to the pro­cessing pur­su­ant to Art­icle 21(2) of the GDPR.
    • The per­son­al data have been unlaw­fully pro­cessed.
    • The per­son­al data must be erased for com­pli­ance with a leg­al oblig­a­tion in Uni­on or Mem­ber State law to which the con­trol­ler is sub­ject.
    • The per­son­al data have been col­lec­ted in rela­tion to the offer of inform­a­tion soci­ety ser­vices referred to in Art­icle 8(1) of the GDPR.

    If one of the afore­men­tioned reas­ons applies, and a data sub­ject wishes to request the eras­ure of per­son­al data stored by the Cor­ax e.V., he or she may, at any time, con­tact any employ­ee of the con­trol­ler. An employ­ee of Cor­ax e.V. shall promptly ensure that the eras­ure request is com­plied with imme­di­ately.

    Where the con­trol­ler has made per­son­al data pub­lic and is obliged pur­su­ant to Art­icle 17(1) to erase the per­son­al data, the con­trol­ler, tak­ing account of avail­able tech­no­logy and the cost of imple­ment­a­tion, shall take reas­on­able steps, includ­ing tech­nic­al meas­ures, to inform oth­er con­trol­lers pro­cessing the per­son­al data that the data sub­ject has reques­ted eras­ure by such con­trol­lers of any links to, or copy or rep­lic­a­tion of, those per­son­al data, as far as pro­cessing is not required. An employ­ees of the Cor­ax e.V. will arrange the neces­sary meas­ures in indi­vidu­al cases.

  • e) Right of restriction of processing

    Each data sub­ject shall have the right gran­ted by the European legis­lat­or to obtain from the con­trol­ler restric­tion of pro­cessing where one of the fol­low­ing applies:

    • The accur­acy of the per­son­al data is con­tested by the data sub­ject, for a peri­od enabling the con­trol­ler to veri­fy the accur­acy of the per­son­al data.
    • The pro­cessing is unlaw­ful and the data sub­ject opposes the eras­ure of the per­son­al data and requests instead the restric­tion of their use instead.
    • The con­trol­ler no longer needs the per­son­al data for the pur­poses of the pro­cessing, but they are required by the data sub­ject for the estab­lish­ment, exer­cise or defence of leg­al claims.
    • The data sub­ject has objec­ted to pro­cessing pur­su­ant to Art­icle 21(1) of the GDPR pending the veri­fic­a­tion wheth­er the legit­im­ate grounds of the con­trol­ler over­ride those of the data sub­ject.

    If one of the afore­men­tioned con­di­tions is met, and a data sub­ject wishes to request the restric­tion of the pro­cessing of per­son­al data stored by the Cor­ax e.V., he or she may at any time con­tact any employ­ee of the con­trol­ler. The employ­ee of the Cor­ax e.V. will arrange the restric­tion of the pro­cessing.

  • f) Right to data portability

    Each data sub­ject shall have the right gran­ted by the European legis­lat­or, to receive the per­son­al data con­cern­ing him or her, which was provided to a con­trol­ler, in a struc­tured, com­monly used and machine-read­able format. He or she shall have the right to trans­mit those data to anoth­er con­trol­ler without hindrance from the con­trol­ler to which the per­son­al data have been provided, as long as the pro­cessing is based on con­sent pur­su­ant to point (a) of Art­icle 6(1) of the GDPR or point (a) of Art­icle 9(2) of the GDPR, or on a con­tract pur­su­ant to point (b) of Art­icle 6(1) of the GDPR, and the pro­cessing is car­ried out by auto­mated means, as long as the pro­cessing is not neces­sary for the per­form­ance of a task car­ried out in the pub­lic interest or in the exer­cise of offi­cial author­ity ves­ted in the con­trol­ler.

    Fur­ther­more, in exer­cising his or her right to data port­ab­il­ity pur­su­ant to Art­icle 20(1) of the GDPR, the data sub­ject shall have the right to have per­son­al data trans­mit­ted dir­ectly from one con­trol­ler to anoth­er, where tech­nic­ally feas­ible and when doing so does not adversely affect the rights and freedoms of oth­ers.

    In order to assert the right to data port­ab­il­ity, the data sub­ject may at any time con­tact any employ­ee of the Cor­ax e.V..

  • g) Right to object

    Each data sub­ject shall have the right gran­ted by the European legis­lat­or to object, on grounds relat­ing to his or her par­tic­u­lar situ­ation, at any time, to pro­cessing of per­son­al data con­cern­ing him or her, which is based on point (e) or (f) of Art­icle 6(1) of the GDPR. This also applies to pro­fil­ing based on these pro­vi­sions.

    The Cor­ax e.V. shall no longer pro­cess the per­son­al data in the event of the objec­tion, unless we can demon­strate com­pel­ling legit­im­ate grounds for the pro­cessing which over­ride the interests, rights and freedoms of the data sub­ject, or for the estab­lish­ment, exer­cise or defence of leg­al claims.

    If the Cor­ax e.V. pro­cesses per­son­al data for dir­ect mar­ket­ing pur­poses, the data sub­ject shall have the right to object at any time to pro­cessing of per­son­al data con­cern­ing him or her for such mar­ket­ing. This applies to pro­fil­ing to the extent that it is related to such dir­ect mar­ket­ing. If the data sub­ject objects to the Cor­ax e.V. to the pro­cessing for dir­ect mar­ket­ing pur­poses, the Cor­ax e.V. will no longer pro­cess the per­son­al data for these pur­poses.

    In addi­tion, the data sub­ject has the right, on grounds relat­ing to his or her par­tic­u­lar situ­ation, to object to pro­cessing of per­son­al data con­cern­ing him or her by the Cor­ax e.V. for sci­entif­ic or his­tor­ic­al research pur­poses, or for stat­ist­ic­al pur­poses pur­su­ant to Art­icle 89(1) of the GDPR, unless the pro­cessing is neces­sary for the per­form­ance of a task car­ried out for reas­ons of pub­lic interest.

    In order to exer­cise the right to object, the data sub­ject may con­tact any employ­ee of the Cor­ax e.V.. In addi­tion, the data sub­ject is free in the con­text of the use of inform­a­tion soci­ety ser­vices, and not­with­stand­ing Dir­ect­ive 2002/58/EC, to use his or her right to object by auto­mated means using tech­nic­al spe­cific­a­tions.

  • h) Automated individual decision-making, including profiling

    Each data sub­ject shall have the right gran­ted by the European legis­lat­or not to be sub­ject to a decision based solely on auto­mated pro­cessing, includ­ing pro­fil­ing, which pro­duces leg­al effects con­cern­ing him or her, or sim­il­arly sig­ni­fic­antly affects him or her, as long as the decision (1) is not is neces­sary for enter­ing into, or the per­form­ance of, a con­tract between the data sub­ject and a data con­trol­ler, or (2) is not author­ised by Uni­on or Mem­ber State law to which the con­trol­ler is sub­ject and which also lays down suit­able meas­ures to safe­guard the data subject’s rights and freedoms and legit­im­ate interests, or (3) is not based on the data subject’s expli­cit con­sent.

    If the decision (1) is neces­sary for enter­ing into, or the per­form­ance of, a con­tract between the data sub­ject and a data con­trol­ler, or (2) it is based on the data subject’s expli­cit con­sent, the Cor­ax e.V. shall imple­ment suit­able meas­ures to safe­guard the data subject’s rights and freedoms and legit­im­ate interests, at least the right to obtain human inter­ven­tion on the part of the con­trol­ler, to express his or her point of view and con­test the decision.

    If the data sub­ject wishes to exer­cise the rights con­cern­ing auto­mated indi­vidu­al decision-mak­ing, he or she may, at any time, con­tact any employ­ee of the Cor­ax e.V..

  • i) Right to withdraw data protection consent

    Each data sub­ject shall have the right gran­ted by the European legis­lat­or to with­draw his or her con­sent to pro­cessing of his or her per­son­al data at any time.

    If the data sub­ject wishes to exer­cise the right to with­draw the con­sent, he or she may, at any time, con­tact any employ­ee of the Cor­ax e.V..

8. Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the leg­al basis for pro­cessing oper­a­tions for which we obtain con­sent for a spe­cif­ic pro­cessing pur­pose. If the pro­cessing of per­son­al data is neces­sary for the per­form­ance of a con­tract to which the data sub­ject is party, as is the case, for example, when pro­cessing oper­a­tions are neces­sary for the sup­ply of goods or to provide any oth­er ser­vice, the pro­cessing is based on Art­icle 6(1) lit. b GDPR. The same applies to such pro­cessing oper­a­tions which are neces­sary for car­ry­ing out pre-con­trac­tu­al meas­ures, for example in the case of inquir­ies con­cern­ing our products or ser­vices. Is our com­pany sub­ject to a leg­al oblig­a­tion by which pro­cessing of per­son­al data is required, such as for the ful­fill­ment of tax oblig­a­tions, the pro­cessing is based on Art. 6(1) lit. c GDPR. In rare cases, the pro­cessing of per­son­al data may be neces­sary to pro­tect the vital interests of the data sub­ject or of anoth­er nat­ur­al per­son. This would be the case, for example, if a vis­it­or were injured in our com­pany and his name, age, health insur­ance data or oth­er vital inform­a­tion would have to be passed on to a doc­tor, hos­pit­al or oth­er third party. Then the pro­cessing would be based on Art. 6(1) lit. d GDPR. Finally, pro­cessing oper­a­tions could be based on Art­icle 6(1) lit. f GDPR. This leg­al basis is used for pro­cessing oper­a­tions which are not covered by any of the above­men­tioned leg­al grounds, if pro­cessing is neces­sary for the pur­poses of the legit­im­ate interests pur­sued by our com­pany or by a third party, except where such interests are over­rid­den by the interests or fun­da­ment­al rights and freedoms of the data sub­ject which require pro­tec­tion of per­son­al data. Such pro­cessing oper­a­tions are par­tic­u­larly per­miss­ible because they have been spe­cific­ally men­tioned by the European legis­lat­or. He con­sidered that a legit­im­ate interest could be assumed if the data sub­ject is a cli­ent of the con­trol­ler (Recit­al 47 Sen­tence 2 GDPR).

9. The legitimate interests pursued by the controller or by a third party

Where the pro­cessing of per­son­al data is based on Art­icle 6(1) lit. f GDPR our legit­im­ate interest is to carry out our busi­ness in favor of the well-being of all our employ­ees and the share­hold­ers.

10. Period for which the personal data will be stored

The cri­ter­ia used to determ­ine the peri­od of stor­age of per­son­al data is the respect­ive stat­utory reten­tion peri­od. After expir­a­tion of that peri­od, the cor­res­pond­ing data is routinely deleted, as long as it is no longer neces­sary for the ful­fill­ment of the con­tract or the ini­ti­ation of a con­tract.

11. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We cla­ri­fy that the pro­vi­sion of per­son­al data is partly required by law (e.g. tax reg­u­la­tions) or can also res­ult from con­trac­tu­al pro­vi­sions (e.g. inform­a­tion on the con­trac­tu­al part­ner). Some­times it may be neces­sary to con­clude a con­tract that the data sub­ject provides us with per­son­al data, which must sub­sequently be pro­cessed by us. The data sub­ject is, for example, obliged to provide us with per­son­al data when our com­pany signs a con­tract with him or her. The non-pro­vi­sion of the per­son­al data would have the con­sequence that the con­tract with the data sub­ject could not be con­cluded. Before per­son­al data is provided by the data sub­ject, the data sub­ject must con­tact any employ­ee. The employ­ee cla­ri­fies to the data sub­ject wheth­er the pro­vi­sion of the per­son­al data is required by law or con­tract or is neces­sary for the con­clu­sion of the con­tract, wheth­er there is an oblig­a­tion to provide the per­son­al data and the con­sequences of non-pro­vi­sion of the per­son­al data.

12. Existence of automated decision-making

As a respons­ible com­pany, we do not use auto­mat­ic decision-mak­ing or pro­fil­ing.

This Pri­vacy Policy has been gen­er­ated by the Pri­vacy Policy Gen­er­at­or of the DGD — Your Extern­al DPO that was developed in cooper­a­tion with Ger­man Law­yers from WILDE BEUGER SOLMECKE, Cologne.