Data Privacy Policy
We are pleased that you are visiting the Athesia Kalenderverlag GmbH website ((hereinafter also referred to as „ATHESIA KALENDERVERLAG”). The following contains information about the collection and processing of personal data by us and your rights with the use of our website:
I. Name and address of the responsible party
Responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Athesia Kalenderverlag GmbH
Ottobrunner Straße 41
82008 Unterhaching
GERMANY
Phone.: +49 89 693 378-0
Fax: +49 89 693 378-139
E-Mail: web@athesia-verlag.de
Website: www.athesia-verlag.de
II. Name and address of the Data Protection Officer
You can reach the Data Protection Officer of the responsible party at:
Mümtaz Kilic
Rechtsanwalt | udiszert DSB
Rechtsanwaltskanzlei Kilic
Neidhartstraße 20
86159 Augsburg
GERMANY
Phone: +49 821 4552265
Fax: +49 821 4552266
E-mail: mk@ra-kilic.de
Website: www.kanzlei-kilic.de
III. Data Processing in general
1. Extent of the processing of personal data
We process the personal data of our users, in principle, only to the extent of what is necessary to provide a functional website as well as our contents and services. The processing of the personal data of our users takes place regularly only with the consent of the user. An exception in such cases is when prior consent is not possible for factual reasons and the processing of the data is permitted by legal provisions.
Moreover, we will collect personal data (e.g. e-mail address, name, phone number and company) within the operation of our websites only if you make such data available (e.g. if you register on our website www.athesia-werbekalender.de and create an account, participate in sweepstakes or use our contact form) and if we have the authorization to do so with your consent or on the basis of a legal regulation for processing and use. Information required to render a service is indicated accordingly, any other information is voluntary. We basically use such data for the purpose of which you provided us the data, e.g. to answer your inquiry, to process your inquiry or to provide you with access to certain information or offers.
2. Legal basis for the processing of personal data
Insofar as consent has been obtained by the person concerned to process personal data, Art. 6(1)(a) of the EU Data Protection Basic Regulation (GDPR) serves as the legal basis.
When processing personal data to fulfill a contract, the contracting party, which is the person concerned, Art. 6(1 lit)(b) of the GDPR serves as the legal basis. This also applies to processing required for the execution of pre-contractual measures.
Insofar as the processing of personal data is necessary to meet a legal obligation which our company is subject to, Art. 6(1)(c) of the GDPR serves as the legal basis.
In case the vital interests of the person concerned or another natural person make the processing of personal data necessary, Art. 6(1)(d) of the GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and outweigh the interests, fundamental rights and freedoms of the person concerned, then Art. 6(1 lit)(f) GDPR serves as the legal basis for the processing.
3. Data deletion and storage period
The personal data of the person concerned will be deleted or blocked as soon as there is no longer a purpose for the storage. Storage can also take place if provided for by European or national legislators in regulations, laws or other provisions the responsible party is subject to. Blocking or deletion of the data shall also take place when the mandatory storage period by the aforementioned standards expires.
IV. Providing the website and creating log files
1. Description and extent of the data processing
Whenever our website is called up, our system records data and information automatically from the system of the calling computer.
The following data is collected:
- IP address,
- date and time of the request
- time zone difference to Greenwich Mean Time
- content of the request
- access Status/https-status code,
- the transferred data volume
- website from which the request comes
- browser,
- the operating system and its interface
- language and version
The data is also stored in the log files of our system. The information is stored in the log files of our system solely for the purposes of the technical administration of our website. This data will not stored together with other personal data of the user, neither transferred to third parties.
2. Legal basis for the data processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must be stored for the length of the session.
Storage in log files takes place to ensure the functionality of the website. The data also serves to optimize the website and to ensure the security of our information system. An evaluation of the data for marketing purposes does not take place in this regard.
Our legitimate interest in data processing is for these purposes in accordance with Art. 6(1)(f) GDPR.
4. Storage period
The data will be deleted as soon as the purpose of the data’s collection is no longer necessary. Collecting the data to be provided to the website will end with each session.
In case the storage of IP addresses in log files takes place:
If the data is stored in log files, this will be for the duration of seven days at the most. Storage beyond that point is possible. In which case the IP addresses of the users are deleted or distorted to prevent attributing to the requesting client.
5. Objection and removal option
The collecting of data for the website and the storing of data in log files are essential to operate the website. Therefore the user has no possibility to object.
V. Use of cookies
1. Description and extent of the data processing
On various occasions, cookies are used on our apps and websites in order to provide you with targeted information and to store your search settings. Cookies are small text files sent to your PC or end device from our web and normally stored on your hard drive for the browser you use. Cookies cannot run any programs nor transfer viruses onto your computer, but serve only to provide us the information needed to make your visit to our website easier and more effective. A cookie contains a character string which enables the clear identification of the browser whenever the website is visited again. If you have an account on any of our websites, we use cookies to identify you for subsequent visits, otherwise you would have to make a new login with each visit. The stored information is saved separately from any other data that might have been provided to us. In particular, the data of cookies will not be linked with any of your additional data.
Our websites use cookies to the following extent:
- Session IDs (temporärer Einsatz),
- persistent Cookies (zeitlich beschränkter Einsatz),
- Third-Party-Cookies (von Drittanbietern).
Session IDs allow the various requests by your browser to be assigned to a common session, so that your computer will be recognized when you return to the website.
We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change.
In particular, the following data is stored and transferred in the cookies:
- Language settings
- Article in a shopping cart
- Log-in information: User name, password encrypted if user selects option “remember my login data”
We also use cookies on our website to enable an analysis of the user’s surfing behavior.
In this respect, especially the following data can be transferred:
- Search terms entered
- Frequency of page views
- Utilization of website functions
User data collected in this manner are pseudonymized through technical precautions. Therefore the user visiting the website cannot be identified. The data will not be stored together with other personal data.
When calling up our website, an info banner lets the users know that cookies are used for purposes of analysis and they are referred to this data protection declaration. It will also be pointed out that the storing of cookies can be prevented in the browser settings.
2. Legal basis for the data processing
The legal basis for the processing of personal data with the use of cookies is Art.6(1)(f) GDPR.
3. Purpose of the data processing
The reason for using technically necessary cookies is to simplify the use of websites for the users. Some of the functions of our website cannot be offered without the use of cookies. For those, it is necessary that the browser can also be recognized after a page change.
We need cookies for the following uses:
- Language settings
- Article in a shopping cart
- Search terms entered
The user data collected by technically necessary cookies will not be used to create user profiles.
The use of analysis cookies serve the purpose of improving the quality of our website and its contents. The analysis cookies show us how our website is used and help us to constantly optimize our offer.
At this point we need to describe the purpose of using analysis cookies in more detail.
Our legitimate interest in data processing is for these purposes in accordance with Art. 6(1)(f) GDPR.
4. Storage period, possibilities for objection and removal
Cookies are stored on the user’s computer and from there transferred to our page. It follows that you as the user have the complete control over the use of cookies. By changing your settings in your Internet browser, you can deactivate or limit the transfer of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. The deactivating of cookies for our website can possibly lead to a restricted use of all of the website’s functions.
The session IDs are then deleted when you log out or close the browser. Persistent cookies will be deleted automatically after a specified time, which can vary depending on the cookie.
VI. Web analysis by Google Analytics
1. Extent of the processing of personal data
For the purpose of customizing and continually optimizing our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/intl/en/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereafter “Google”). In this context, pseudonymised usage profiles are created and cookies (see point 4) are used. The information generated by the cookie about your use of this website such as
- browser-type / version,
- operating system used,
- Referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of server request,
are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and the design of these websites according to their needs. This information may also be transferred to third parties if required by law or if third parties process this data in the order. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible (IP-masking). Legal basis for the processing of personal data
2. Legal basis for the processing of personal data
The legal basis for the processing of personal data with the use of cookies is Art.6(1)(f) GDPR.
3. Purpose of the data processing
The processing of the user’s personal data enables us to do an analysis of the user’s surfing behavior. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us improve our website and its user-friendliness. Our legitimate interest in data processing is for these purposes in accordance with Art. 6(1)(f) GDPR. By anonymizing the IP address, the user’s interest in protecting personal data is sufficiently taken into account.
4. Storage period
Since the IP addresses are anonymized and thus an assignment to a specific or identifiable person is not possible (IP masking), the duration of storage of the anonymized data from paragraph 1 is not subject to data protection relevance.
5. Objection and removal option
Cookies are stored on the user’s computer and from there transferred to our page. It follows that you, as the user, have the complete control over the use of cookies. By changing your settings in your Internet browser, you can deactivate or limit the transfer of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. The deactivating of cookies for our website can possibly lead to a restricted use of all of the website’s functions.
In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=de).
VII. Link to services of third parties
Diese Erklärung zum Datenschutz gilt nur für unsere Internetseiten und deren Unterseiten. Unsere Internetseiten können Links auf andere Anbieter enthalten, auf die sich diese Erklärung nicht erstreckt. Wenn Sie unsere Internetseiten über einen Link verlassen, wird empfohlen, die Datenschutzbestimmung jeder Internetseite, die personenbezogene Daten sammelt, sorgfältig zu lesen.
1. Social Media Buttons
We have integrated buttons with graphics of Facebook and Instagram on our homepage so that you can find ATHESIA KALENDERVERLAG on those social media platforms with one click. In the interest of the most extensive protection of your data, the buttons are only integrated as a link to the respective services. This assures that data transfer to any operator of the social network will not take place without previous activation on your part. After clicking the button, you will be forwarded to the provider and can then visit the pages of ATHESIA KALENDERVERLAG on each of the platforms, find out about activities and topics around ATHESIA KALENDERVERLAG, leave your comments and exchange ideas with others. Third-party pages are operated exclusively by the same. We neither have any influence on the data collected there and the data processing nor do we have any knowledge about the full extent of data collection, the purpose thereof as well as the storage periods. Information on the handling of your personal data when using those websites is available in the data protection regulations of the provider.
2. Integration of Facebook
Our website uses the plug-in of the Facebook social network. Facebook.com is a service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is also operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as “Facebook.”
Through certification according to the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Facebook guarantees that it will follow the EU’s data protection regulations when processing data in the United States.
The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website.
Further information about the possible plug-ins and their respective functions is available from Facebook at
https://developers.facebook.com/docs/plugins/
If the plug-in is stored on one of the pages you visit on our website, your browser will download an icon for the plug-in from Facebook’s servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address. In addition, the date and time of your visit to our website will also be recorded.
If you are logged in to Facebook while visiting one of our plugged-in websites, the information collected by the plug-in from your specific visit will be recognized by Facebook. The information collected may then be assigned to your personal account at Facebook. If, for example, you use the Facebook Like button, this information will be stored in your Facebook account and published on the Facebook platform. If you want to prevent this, you must either log out of Facebook before visiting our website or use an add-on for your browser to prevent the Facebook plug-in from loading.
Further information about the collection and use of data as well as your rights and protection options in Facebook’s privacy policy found at
https://www.facebook.com/policy.php
3. Integration of Instagram
We have integrated components of the Instagram service on our website. Instagram is a service that qualifies as an audiovisual platform, allowing users to share photos and videos, and also disseminate such data to other social networks.
Instagram’s operating company is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
By calling up one of the individual pages of this website, which is operated by us and on which an Instagram component (Insta-Button) has been integrated, your Internet browser on your information technology system is automatically prompted by the respective Instagram component, a representation of the corresponding component Download from Instagram. As part of this technical process, Instagram is aware of which specific subpage of our website you are visiting.
If you are logged in to Instagram at the same time, with each visit to our website by you and during the entire duration of your stay on our website, Instagram recognizes which specific subpage you have visited. This information is collected through the Instagram component and assigned through Instagram to your Instagram account. If you use one of the Instagram buttons integrated on our website, the data and information transferred with it are assigned to your personal Instagram user account and saved and processed by Instagram.
Instagram always receives information via the Instagram component that you have visited our website if you are simultaneously logged into Instagram at the time of accessing our website; this happens regardless of whether you click on the Instagram component or not. If you do not wish to have this information transmitted to Instagram, you can prevent it from being logged out of your Instagram account before you visit our website.
For more information and the applicable privacy policies of Instagram, please visit https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
VIII. Registration for raffle and newsletter
1. Description and extent of the data processing
On our website is the opportunity to participate in our currently offered sweepstakes and subscribe to a free newsletter. At the registration for the raffle or the newsletter, the data from the input mask will be sent to us. These data are:
- title
- first name
- last name
- street
- ZIP / city
- country
- date of birth
- your e-mail
- telephone number (optional)
Required fields for participation in the raffle are the fields marked with *.
In addition, the following data is collected at registration;
- IP address of the requesting computer
- Date and time of registration
For the processing of the data, your consent will be obtained and this data protection declaration will be referred to during registration.
2. Legal basis for the data processing
Legal basis for the processing of data, after the user registers for the raffle or the newsletter, is the submitting of the user’s consent Art. 6(1)(a) GDPR.
In the case of a profit commitment pursuant to § 661a BGB, Art. 6(1)(b) DSGVO, if the processing is necessary to fulfill a contract of which the data subject is a party.
3. Purpose of the data processing
The collection of the data of the user serves to determine a winner by lot on the basis of the submitted participants and to deliver the winner the winners and, if desired, to deliver the newsletter as well as to provide the newsletter text with a personal name.
4. Storage period
The data will be deleted as soon as the purpose of the data’s collection is no longer necessary The data of the participants will therefore be stored until the winners have been determined and if a consent has been given for the receipt of newsletters until the revocation of this consent. The data of the winners will be kept until the expiration of legal storage and limitation periods.
Any other personal data collected during registration will usually be deleted after a period of seven days.
5. Objection and removal option
The subscription to the raffle and – if you have given us your consent – the subscription to the newsletter newsletter can be cancelled by the user at any time. For this purpose, simply send a message to gewinnspiel@athesia-verlag.de and you will find a link in each newsletter.
At this point, it is also possible to withdraw your consent to the storage of your personal data that was collected during registration.
For the raffle and newsletter registration, we use the so-called double-opt-in method. This means that we send a confirmation e-mail to your e-mail address and ask you to confirm your wish to receive our newsletter. You have a week’s time to confirm, otherwise your registration will be deleted automatically. As far as you confirm your wish to receive the newsletter, we will store your e-mail address until you unsubscribe the newsletter. The storage serves the purpose of sending you our newsletter on current topics about ATHESIA KALENDERVERLAG. Required information for the sending of the newsletter is only your e-mail address. Any other information marked separately is voluntary and will be used to personalize the newsletter. Such data will also be deleted in case of cancellation.
IX. Contact form and e-mail contact
6. Description and extent of the data processing
There is a contact form on our website which can be used for electronic contacting. If the user takes advantage of it, the data entered into the input mask will be transferred to us and stored. The data consists of:
- E-mail address
- ,Your name
- Company
- Postal code
- Place
During registration, the following data will also be stored:
- The IP address of the user
- Date and time of registration
For the processing of the data, your consent will be obtained and this data protection declaration will be referred to during registration.
As an alternative, contacting is also possible via the e-mail address provided. In this case, the user’s personal data submitted with the e-mail will be stored.
In this context, no further data will be transferred to any third parties. The data will only be used to process the conversation.
7. Legal basis for the data processing
Legal basis for the processing of data, after the user registers for the newsletter, is the submitting of the user’s consent Art. 6(1)(a) GDPR.
Legal basis for the processing of data transferred by e-mail is Art. 6(1)(f) GDPR. If e-mail contact is aimed for after concluding a contract, the legal basis for processing is also Art. 6(1)(b).
8. Purpose of the data processing
The processing of personal data from the input mask serves only for contacting. In case of contacting by e-mail, here is also a legitimate interest in the processing of the data.
To ensure your contact to the nearest ATHESIA KALENDERVERLAG location, we will also transfer your data, if necessary, to a ATHESIA KALENDERVERLAG branch office or subsidiary near you.
Any other personal data processed during dispatch serves to prevent misuse of the contact form and to ensure the safety of our information technology systems.
9. Storage period
The data will be deleted as soon as the purpose of the data’s collection is no longer necessary. This is the case when the conversation with the user is finished, for the personal data from the input mask of the contact form and the data has been sent by e-mail. The conversation is finished when it can be assumed that the matter has finally been clarified.
The additional personal data collected during dispatch will be deleted after a period of seven days.
10. Objection and removal option
The user can at any time withdraw his consent to the processing of his personal data. If the user contacts us by e-mail, he has the option to object to the storage of his personal data. In this case, the conversation can no longer continue.
You can also submit the withdrawal of your consent and the objection to storage anytime in text form (e-mail).
In this case, all personal data that was stored in the course of contacting will be deleted.
X. Registration
1. Description and extent of the data processing
We offer users on our website www.athesia.werbekalender.de the option to register with their personal data to order in our online shop. The data will then be entered into an input mask, transferred to us and stored.
The following details are collected during the registration process:
- your first name
- Your last name
- telephone
- password
Billing-/ Shipping Address:
- title
- company or agency
- first name
- last name
- telephone
- road
- ZIP
- city
- VAT ID.Nr.
- country
Those marked with * are mandatory. Further personal data will only be collected only on a voluntary basis, such as for a request or registration.
During registration, the following data will also be stored:
- IP address of the user
- Date and time of registration
The user’s consent to process such data will be obtained during registration and reference will be made to the regulations of the terms of use as well as the provisions of this data protection declaration and agreed on and legally binding for the duration of the user relationship.
2. Legal basis for the data processing
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6(1)(a) GDPR.If the registration serves to fulfill a contract of which the user is a party (e.g. order in the online shop) or the implementation of pre-contractual measures, the legal basis for the data processing is also Art. 6(1)(b) GDPR.
3. Purpose of the data processing
You need the user account to order in our shop. In your user account, you can change or supplement your billing and shipping addresses, view your orders and place repeat orders.
If you use our online shop, we process your data necessary for the registration. Furthermore, we process the voluntarily provided data for the time of your use of the online shop as far as this is necessary for the provision of the functionality.
In particular, we require and process your shipping and billing address as the intended shipping and billing address for the delivery and billing of the ordered products.
If you register on an online shop of one of our cooperation partners, we will pass personal data that you have specified for the execution of the order. Furthermore, our cooperation partner receives personal data such as your contact details and order data. If you are forwarded to the website of the cooperation partner, we recommend that you read the privacy statement on the website of the cooperation partner prior to the provision of personal data, as this privacy policy does not extend to their websites.
The other (technical) data collected for the registration and ordering process serve to prevent misuse of the online shop and to ensure the security of our information technology.
4. Storage period
The data will be deleted as soon as the purpose of the data’s collection is no longer necessary.
This is the case for the data collected during registration, if registration is withdrawn or amended on our website.
For data collected to perform a contract (e.g. order the products) or for the implementation of pre-contractual measures, whenever the data is no longer necessary for the implementation of the contract. Also, after concluding a contract, it can become necessary to store the personal data of the contract partner in order to meet contractual or legal obligations.
We will process and store your personal data as long as needed to meet our contractual and legal obligations.
Moreover, we are subject to various retention and documentation obligations from, among other things, the commercial code (HGB) and the tax code (AO). The specified deadlines for retention and documentation are usually six to ten years.
The storage period is finally assessed according to limitation periods which are usually three years in accordance to §§ 195 ff. of the Civil Code (BGB), but in certain cases can be up to thirty years, although the regular limitation period is three years.
5. Objection and removal option
Users have the option to cancel registration at any time. You can modify your stored data anytime.
You can delete and manage your account and change your information in the protected customer area.
If the data is necessary to perform a contract or to implement pre-contractual measures, a premature deletion of the data is only possible if not prevented by contractual or legal obligations (see X 4.).
XI. Data security
We maintain current technical measures to ensure data security, in particular for the protection of your personal data from risks during data transfers as well as the acquiring of knowledge by third parties. These measures are adjusted according to the current state of the art. All of the information you provide to ATHESIA KALENDERVERLAG in message forms are securely transmitted using the latest internet security technology and used only for the purposes specified. We use a SSL (Secure Sockets Layer Protocol) based data transmission procedure. This protocol enables all of the data that is transmitted between your browser and our server to be fully encrypted. This protects your data from being manipulated or accessed by unauthorized third parties during transmission.
XII. Rights of the person concerned
If you process personal data, you are the person concerned. GDPR and you have the following rights against the responsible party:
1. Right to information
You can request a confirmation from the responsible party of whether your personal data is being processed by us.
If your data is being processed, you can request the following information from the responsible party:
(1) the purpose of the processing of your personal data;
(2) the categories of personal data being processed;
(3) the recipients or categories of the recipients to which the said personal data have been or will be disclosed;
(4) the expected storage period of your personal data or, in case concrete information is not available, criteria for the setting of the storage period;
(5) the existence of a right to correction or deletion of your personal data, a right to the limitation of processing by the responsible party or a right of objection against the processing.
(6) the existence of a right to appeal with a supervisory authority;
(7) all available information about the origin of the data, if the personal data was not collected from the person concerned;
(8) the existence of automatic decision making, including profiling as per Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and the effects hoped for of such a processing for the person concerned.
You have the right to request information about whether your personal data will be transferred to a third country or an international organisation. In this connection, you can ask about the suitable guarantees as per Art. 46 GDPR relating to the transfer.
2. Right of correction
You have a right of correction and/or completion against the responsible party, insofar as your processed personal data is not correct or incomplete. The responsible party is to make adjustments immediately.
3. Right to limit processing
You can request a limitation of the processing of your personal data on the following conditions:
(1) if you dispute the correctness of your personal data for a long enough period to allow the responsible party ample time to check the correctness of your personal data.
(2) the processing is unlawful and you refuse the deletion of the personal data and request, instead, limiting the use of personal data;
(3) the responsible party has no further need of the personal data, however you have need of the data for the establishment, exercise and defense of legal claims or
(4) if you have objected to the processing as per Art. 21(1) GDPR and it is not yet sure if the responsible party’s legitimate reasons outweigh your reasons.
If the processing of your personal data has been limited, such data – except for storage purposes – may only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal entity or for reasons of an important public interest of the European Union or a member state.
If limiitation was according to the above conditions, you will be informed before the limitation is removed.
5. Right of deletion
- Obligation to delete
You can request of the responsible party to delete your personal data immediately, and the responsible party is obligated to delete the data immediately, provided one of the following reasons apply:
(1) Your personal data is no longer needed for the purposes the data was collected or otherwise processed.
(2) You revoke your consent for the processing that was based on Art. 6 (1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing of your data.
(3) As per Art. 21 (1) GDPR, you enter an objection against the processing and there are no other overriding legitimate reasons for the processing, or as per Art. 21(2) GDPR, you enter an objection against the processing.
(4) Your personal data was unlawfully processed.
(5) The deletion of your personal data is to meet a legal obligation in accordance with European Union law or that of the member states, which the responsible party is subject to.
(6) Your personal data was collected with regard to the services of the information society as per Art. 8(1) GDPR.
- Information to third parties
If the responsible party made your personal data public and if he is obligated to delete your data according to Art. 17(1) GDPR, he is to take suitable measures, in consideration of available technology and the costs of implementation, also of a technical kind, to inform you that as the person concerned, the deletion of all links to the respective personal data has been requested, including copies or replications of the personal data.
- Exceptions:
The right to have data deleted does not apply insofar as processing is necessary
(1) to practise the right of freedom of opinion and information;
(2) to meet a legal obligation that requires processing according to the law of the European Union or member states,which the responsible party is subject to, or for the performance of a task that is in the public’s interest or the excercise of official authority that has been transferred to the responsible party.
(3) for reasons of public interest in the area of public health as per Art.9(2)(h)(i) as well as Art. 9(3) GDPR.
(4) for archive, scientific or historical research purposes in the public’s interest in accordance with Art. 89(1) GDPR, insofar as the right mentioned in Section a) renders the expected realization of the objectives of processing impossible or seriously affected, or
(5) for the establishment, exercise or defense of legal claims.
5. Right to information
If you have asserted the right of correction, deletion or limitation against the responsible party, he is obligated to inform all those recipients in possession of your personal data of the correction or deletion of the data or the limitation of processing, unless it proves to be impossible or involves disproportionate effort.
You have the right to be informed about those recipients by the responsible party.
6. Right to data portability
You have the right to receive your personal data, which you provided to us, in a structured, conventional and machine-readable format. Moreover, you have the right to transfer the data to another responsible party without hindrance by us whom you provided with your personal data, as long as
(1) the processing is based on consent according to Art.6(1)(a) GDPR or Art. 9(2)(a) GDPR or in a contract as per Art.6(1)(b) GDPR and
(2) the processing takes place by means of automated processes.
In exercising this right, you also have the right to cause that your personal data be directly transferred from one responsible party to another, if technically possible. The freedom and rights of other persons must not hereby be affected.
The right to data portability does not apply to a processing of personal data which is necessary to perform a task, which is in the public’s interest or in exercising official authority transferred to us.
7. Right of objection
You have the right, for reasons stemming from your special situation, to object to the processing of your personal data, on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling supported by these provisions.
If you file an objection, us will no longer process your personal data unless he can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedom, or the processing serves the establishment, exercise or defense of legal claims.
You have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling, insofar as it is directly related to direct advertising.
If you object to the processing for purposes of direct advertising, we will no longer process your personal data for such purposes.
You have the option, relating to the use of services of the information society – regardless of Directive 2002/58/EC – to exercise your right of objection by means of automated processing, where technicl specifications are used.
8. Right of withdrawal from the declaration of consent under data protection law
You have the right to withdraw from your declaration of consent under data protection law at any time. After consent has been withdrawn, the legality of the processing done up to the time of the withdrawal remains unaffected.
9. Automated decision in individual cases, profiling included
You have the right not to be subject to a decison solely based on automated processing – profiling included – which has indirect legal effects for you or otherwise affect you adversely. This does not apply, if the decision
(1) is necessary for the conclusion or fulfillment of a contract between you and us,
(2) is permissible as per legal regulations of the European Union or member states, which us is subject to, and those legal regulationss contain appropriate measure to ensure you rights and freedoms as well as your legitimate interests or
(3) is made with your expressed consent.
However, those decisions must not be based on special categories of personal data in accordance with Art. 9(1) GDPR, as far as Art. 9(2)(a) or (g) GDPR does not apply and suitable measures have been taken to protect the rights and freedoms as well as their legitimate interests.
In regards to (1) and (3) of the mentioned cases, us is to take suitable measures to ensure the rights and freedoms as well as their legitimate interests, which is to include at least the right to obtain the intervention of a person on the part of us, to present one’s own point of view and to challenge the decision.
10. Right of appeal with a supervisory authority
Irrespective of another administrative or judicial remedy, you have the right of appeal with a supervisory authority, in particular with the member state of your residence, your workplace or the place of the presumed infringement, if you are of the opinion that the processing of your personal data is in violation of the GDPR.
The supervisory authority, where you made your appeal, shall inform the complainant of the status and results of the appeal, including the possibility of a judicial remedy as per Art. 78 GDPR.
The competent supervisory authority for ATHESIA KALENDERVERLAG – the Bavarian State Office for Data Protection Supervision – can be contacted at:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
GERMANY
Address
P.O. Box 606
91511 Ansbach
GERMANY
Phone: +49 (0) 981 53 1300
Telefax: +49 (0) 981 53 98 1300
E-mail: poststelle@lda.bayern.de