Privacy policy

A Information about the person in charge

I Name and contact details of the person in charge

Quality in pathology - QuIP GmbH
Managing Director: Thomas Pilz 
Reinhardtstraße 1 
Corner Reinhardtstraße and Friedrichstraße
10117 Berlin 
Germany 

E-Mail: office@quip.eu
Phone: +49 30 9210717-0

II Contact details of the data protection officer appointed by the person in charge

Data protection officer: Maik Gyrnich 
Reinhardtstraße 1 
Corner Reinhardtstraße and Friedrichstraße
10117 Berlin 
Germany 

E-Mail: datenschutz@quip.eu
Phone: +49 30 9210717-0

B Information on the processing of personal data

I Informational use of the website

In the case of purely informational use of the website, the browser used on your terminal device sends certain information to the server of our website for technical reasons, for example your IP address. We do not process this information and no web server log files are saved. 

In order to provide the administrative functions for cookie consent for this website, data from absolutely necessary cookies (à Section C) are temporarily processed on our web server in order to determine whether you have already given consent when you visit the website again. 

II Use of web analysis technologies

Web analysis service software Google Analytics: 

Google Analytics from Google LLC. is a tool that measures how users interact with website content. As a user navigates between web pages, Google Analytics provides site owners with JavaScript tags (libraries) that can be used to record information about the page a user has viewed, such as the URL of the page. 

Google Analytics' JavaScript libraries use HTTP cookies to "remember" what a user has done on previous pages / interactions with the site, but ONLY after consenting to the cookie settings.  The cookie content on the page saves the settings, which have been accepted for one year. 

Web analysis service software Matomo:  

On this website, data is collected and saved using the web analysis service software Matomo, a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, ("Matomo") on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6 Para. 1 lit. f DSGVO. From this data, pseudonymized user profiles can be created and evaluated for the same purpose. We do not use cookies for this purpose. The data collected with Matomo technology (including your pseudonymised IP address) is processed on our servers.  

The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor of this website and is not combined with personal data about the bearer of the pseudonym. If you do not agree with the saving and evaluation of this data from your visit, you can object to the saving and use of this data when you first visit the site. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. 

You have the possibility to prevent your actions from being analyzed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improve usability for you and other users. Your visit to this website is currently recorded by Matomo Web Analytics. It is possible that a third-party provider works with such technologies as well.

See also Section C Cookies.

III Use of online contact forms

On the website, we offer you the possibility to get in touch with us via contact forms. We use the information you provide in the contact forms to process your request and for transferring them by e-mail. There will be no further processing or storage of your data beyond this point. 

When using the contact forms on the website, the browser used on your terminal device sends certain information to the server of our website, for example your IP address, for technical reasons. This data is not processed or saved at this point. 

IV Use of the online registration form

On the website we offer you the possibility to register your institute for participation in our proficiency tests via an online registration form. We process the information you provide in the registration form for the following purposes: 

  • Processing of the registration and implementation of pre-contractual measures with your institute including pre-contractual communication,
  • Fulfillment of the contract with your institute on the basis of our General Terms and Conditions for participation in proficiency tests including contractual communication, exchange of services, invoicing and payment processing,
  • Proper bookkeeping and storage for the fulfilment of contractual and legal, in particular commercial and tax law, storage obligations,
  • Retention of information for evidentiary purposes for the possible assertion, exercise or defense of legal claims

If you give your consent at the end of the registration process, we will also use the e-mail address you provided during registration to send you regular information about updates to the program and information about proficiency tests via an e-mail newsletter. 

When you use the registration form on the website, the browser used on your device sends certain information to the server of our website for technical reasons, such as your IP address. We process this information to provide the registration form on the website. 

You will find more detailed information on this below: 

Details on personal data processed

Categories of personal data processed
Personal data contained in the categories
Sources of the data
Obligation to provide the data
Storage duration
Logout
Contact person data
Personal information that you provide in the registration form on the website. This includes salutation, title, first name, last name, e-mail address, password, your role in the institute, language for e-mails
Users of the registration form
Provision is not required by law or contract. There is no obligation to provide the data. The provision is necessary for the conclusion of a contract. In the event that the data is not provided, we cannot process your registration.
Data will be stored for the duration of the contract with your institute. We also store this data for evidence purposes, for the possible assertion, exercise or defence of legal claims, for a transitional period of three years from the end of the year in which the contract was terminated and, in the event of any legal disputes, until their termination. We will also store this data beyond this period should there be any legal, in particular commercial and tax, retention obligations. Depending on the type of documents, there may be commercial and tax law obligations to retain the data for six or ten year s (§ 147 German Fiscal Code (AO), § 257 German Commercial Code (HGB).
 
Institute data
Information about your institute, which you provide in the registration form on the website. This includes the following mandatory information: Name of the hospital, name of the institute, VAT ID number, address, telephone number, e-mail address, fax number, whether the institute is involved in patient care. This also includes the following optional information: (differing) billing address, certification address
Users of the registration form
Provision is not required by law or contract. There is no obligation to provide the data. The provision is necessary for the conclusion of a contract. In the event that the data is not provided, we cannot process your registration.
Data will be stored for the duration of the contract with your institute. We also store this data for evidence purposes, for the possible assertion, exercise or defence of legal claims for a transitional period of three years from the end of the year, in which the contract was terminated and, in the event of any legal disputes, until their termination. We also store this data beyond this period, should there be any legal, in particular commercial and tax, retention obligations. Depending on the type of documents, there may be commercial and tax law obligations to retain the data for six or ten year s (§ 147 German Fiscal Code (AO), § 257 German Commercial Code (HGB).
 
Newsletter opt-in data: For the consent to receive an e-mail newsletter, a Double-Opt-In (DOI) procedure is required for the evidential logging of subscriptions and subscription cancellations.
Protocol data: Data that is generated during the registration and cancellation of the newsletter for technical reasons. This includes the date and time of subscription to the newsletter, date and time of sending the subscription notification using the double opt-in procedure, date and time of confirmation of the subscription using the double opt-in procedure, as well as, the IP address of the terminal device used for confirmation, date and time of any cancellation of the newsletter.
Newsletter Subscribers
Provision is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not provided, we cannot provide you with a newsletter.
We save this data, as long as, you are registered for our newsletter. In addition, we save this data for evidence purposes, for the possible assertion, exercise or defense of legal claims for a transitional period of three years from the end of the year, in which you unsubscribed and in the event of any legal disputes, until they are settled.
To unsubscribe from the newsletter, you will find the following text and link at the bottom of every newsletter: "If you no longer wish to receive this e-mail (to: *********), you can unsubscribe free of charge here."
Registration Form HTTP Data
Protocol data: data that is technically generated, when contact forms on the website are called up via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes IP address, type and version of your Internet browser, operating system used, the page called up, the page previously visited (referred URL), date and time of the call.
Users of the website
Provision is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not provided, we cannot provide the content accessed on the website.
Data is stored in server log files in a form that allows the identification of the persons concerned for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). In the case of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully resolved.
 

Details on the processing of personal data

Purpose of the processing of personal data
Categories of personal data processed
Automated decision making
Legal basis and any legitimate interests
Receiver
Processing the registration and implementation of pre-contractual measures with your institute including pre-contractual communication.
Contact person data, institute data
There is no automated decision making.
Article 6 (1) (f) of the basic data protection regulation (balancing of interests). Our legitimate interest is the processing of your registration and the implementation of pre-contractual measures with your institute.
 
Provision of our registration form on the website: For this purpose HTTP data is temporarily processed on our web server.
Registration form HTTP data.
There is no automated decision making
Article 6 (1) (f) of the basic data protection regulation (balancing of interests). Our legitimate interest is the processing of your registration and the implementation of pre-contractual measures with your institute.
Hosting-Provider
Fulfilment of the contract with your institute on the basis of our general terms and conditions for participation in proficiency tests, including contractual communication, exchange of services, invoicing and payment processing.
Contact person data, institute data
There is no automated decision making
Article 6 (1) (f) of the basic data protection regulation (balancing of interests). Our legitimate interest is the processing of your registration and the implementation of pre-contractual measures with your institute.
 
Ensuring the security of the IT infrastructure used for the provision of the form, in particular for the identification, elimination and evidential documentation of faults (e.g. DDoS attacks): For this purpose, data is temporarily stored and evaluated in log files on our web server.
Registration form HTTP data.
There is no automated decision making
Article 6 (1) (f) of the basic data protection regulation (balancing of interests). Our legitimate interest is to ensure the security of the IT infrastructure used for the provision of the form, in particular for the identification, elimination and evidential documentation of faults (e.g. DDoS attacks).
Hosting-Provider
Proper bookkeeping and storage for the fulfilment of contractual and legal, in particular commercial and tax law, storage obligations.
Contact person data, institute data
There is no automated decision making
Article 6 (1) (c) of the basic data protection regulation (fulfilment of a legal obligation).
 
Storage and processing for evidence purposes for the possible assertion, exercise or defense of legal claims
Contact person data, institute data
There is no automated decision making
Article 6 (1) (f) of the basic data protection regulation (balancing of interests). Our legitimate interest is the assertion, exercise or defense of legal claims.
 
Sending the e-mail newsletter to newsletter subscribers with regular information on updates to the program and information on proficiency tests.
Contact person data, newsletter opt-in data
There is no automated decision making
Article 6 (1) (a) of the basic data protection regulation (consent).
E-mail newsletter provider
Double-Opt-In procedure for confirming e-mail newsletter subscription: For this purpose, we send an e-mail message with the request for confirmation to the e-mail address provided during registration. A subscription only becomes effective when the subscriber confirms the e-mail address by clicking on the confirmation link contained in the e-mail. [A Double-Opt-In (DOI) procedure is required for the evidential logging of subscriptions and unsubscriptions in order to consent to the sending of an e-mail newsletter].
Contact person data, newsletter opt-in data
There is no automated decision making
Article 6 (1) (f) of the basic data protection regulation (balancing of interests). Our legitimate interest is the legally secure documentation of your consent to receive the newsletter.
E-mail newsletter provider

Details of the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Receiver
Role of the receiver
Seat of the receiver
Adequacy decision or appropriate or adequate safeguards for transfers to third countries and/or international organisations
E-mail newsletter provider
Order Processor
EU
 
Hosting-Provider Order
Order Processor
EU
 
Web analysis service
Order Processor
New Zealand
no cookies are generated or IP addresses are saved

V Use of online map service plug ins

This site uses the Mapbox map service via an API. The provider is MapBox Inc., 740 15th St NW, Washington, DC 20005, USA. 

To use the functions of Mapbox it is necessary to save your IP address. This information is usually transferred to a Mapbox server in the USA and stored there. The provider of this site has no influence on this data transfer. For this reason, the Google cookies _ga and _gid are used (see also Section C III).

Mapbox Maps is used in the interest of an appealing presentation of our online offers and an easy findability of the places we have indicated on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. 

You can find more information on handling user data in the Mapbox data protection declaration.

VI Other recipients (processors) of personal data

Enclosed you will find a list of other recipients or processors of personal data:

Receiver
Task/reason
Used Data
Registered office of the recipient
Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States
Cloud & web space for homepage quip.eu and QS Monitor
all relevant billing and shipping data
United States
BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main
Payment service provider for purchase on account
all relevant invoice and bank data
Germany
CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany
Newsletter dispatch
Name, address, e-mail
Germany
CloudFlare Inc., 101 Townsend St,, San Francisco, CA 94107, United States
Web analysis service
anonymized user behavior on the website quip.eu
United States
Datev eG, Paumgartnerstr. 6 – 14, 90429 Nürnberg
Accounting, annual accounts and dunning
all relevant invoice and bank data
Germany
General Logistics Systems, Germany GmbH & Co. OHG, GLS Germany-Straße 1 – 7, 36286 Neuenstein
Dispatch service provider
all relevant shipping data
Germany
Google Analytics der Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA „Google“)
Web analysis service
anonymized user behavior on the website quip.eu
United States
Hetzner Online GmbH Industriestr. 25, 91710 Gunzenhausen
Website Hosting
all relevant content of the website "quip.eu
Germany
InnoCraft Ltd., 150 Willis St, 6011 Wellington
Web analysis service
Anonymized user behavior on the PD-L1 Portal website
New Zealand
intertrex GmbH, Königstadt-Terrassen, Schönhauser Allee 10/11, 10119 Berlin
Dispatch service provider
all relevant invoice and delivery data
Germany
LimeSurvey GmbH, Survey Services & Consulting, Papenreye 63, 22453 Hamburg
Survey tool
all necessary information for anonymous and personalized surveys
Germany
MSD SHARP&DOHME GMBH, Lindenplatz 1, 85540 Haar
Website Hosting QS Monitor
no access to personal data or entries of the participants
Germany
Smart In Media GmbH, Dürener Str. 276, 50935 Köln
Programming Webshop & Zerpa (evaluation and certification tool), PD-L1 Portal Hosting (incl. PathoZoom)
all relevant invoice and shipping data, results of proficiency tests
Germany
Tealium Inc., 11095 Torreyana Road, San Diego, CA 92121 United States
Web analysis service
anonymized user behavior
United States
Your Secure Cloud GmbH, Konrad-Stör-Straße 3, 90455 Nürnberg
Cloud- & Webspace
all relevant invoice and shipping data
Germany
37 Grad Analyse und Beratung GmbH, Overstolzenstraße 2a, 50677 Köln
Concept, design and programming of the website
all relevant data for creating the website
Germany

C Information on the use of cookies

We use cookies in connection with the website and the offers provided on the website. You will find more detailed information on this below. 

I General information about cookies

Cookies are small text files containing information that can be placed on the user's end device via the browser when visiting a website. The cookie and the information stored in it can be retrieved when the website is called up again using the same terminal device. 

First and third party cookies

Depending on where a cookie comes from, so-called first-party cookies and third-party cookies can be distinguished: 

First party cookies
Cookies that are set and retrieved by the website operator as data controller or by a processor commissioned by the website operator. 

Third party cookies
Cookies that are set and accessed by data controllers other than the website operator who are not acting as processors on behalf of the website operator. 

Transient and persistent cookies

Depending on the validity period, so-called transient and persistent cookies can also be distinguished:

Transient cookies (session cookies)
Cookies that are automatically deleted when you close your browser. 

Persistent Cookies 
Cookies, which remain stored on your end device for a certain period of time after closing the browser. 

Consent free and consent requiring cookies

Depending on their function and purpose, the use of certain cookies may require the user's consent. In this respect, cookies can be distinguished according to whether the user's consent is required for their use: 

Consent free cookies 
Cookies whose sole purpose is to carry out the transmission of a message via an electronic communication network. 

Cookies that are strictly necessary for the provider of an Information Society service explicitly requested by the subscriber or user to provide this service ("cookies strictly necessary") 

Cookies requiring consent 
Cookies for all purposes other than those mentioned above. 

II Management of the cookies used on this website

Granting consent to the use of cookies and managing cookies via cookie dashboard 

Insofar as the use of certain cookies requires the consent of the user, we only use these cookies when you use the website if you have given your prior consent. For information on whether consent is required for the use of a cookie, please refer to the information on the cookies used on this website in Section C.III. Data protection information. 

When you access our website, we will display a so-called "cookie banner" in which you can declare your consent to the use of cookies on this website by clicking a button. By clicking on the button provided for this purpose, you have the opportunity to consent to the use of all cookies described in detail in Section C.III. of this data protection information. Alternatively, you have the option of making an individual selection of cookies by clicking on the "Cookie Dashboard" button. In the "cookie dashboard" of this website, you also have the option of individually adjusting the selection you have made at a later date. 

We also store your consent and, if applicable, your individual selection of cookies in the form of a cookie ("opt-in cookie") on your end device in order to determine whether you have already given your consent when you call up the website again. The opt-in cookie has a limited validity period of 6 months. 

Essential cookies cannot be deactivated using the cookie management function of this website. However, you can deactivate these cookies generally in your browser at any time. 

Management of cookies via browser settings 

You can also manage the use of cookies in your browser settings. Different browsers offer different ways to configure the cookie settings in the browser. 

However, we would like to point out that some functions of the website may not function or may no longer function properly if you generally deactivate cookies in your browser. 

III Cookies used on the websites "www.quip.eu" , "PD-L1 Portal" and "QS Monitor

The following cookies from Matomo, Google Analytics, Tealium Inc. and CloudFlare Inc. are used on our websites: 

Description
First Party/Third Party
Purpose and content
Period of validity
Requirement of consent
Used on
_cfduid
Third Party
This cookie is used to identify individual clients behind a shared IP address and to apply security settings on a per-client basis. This serves in particular for faster delivery of web content. It does not correspond to any user ID in your web application and does not store any personal data. Partner: Cloudflare (see also: https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-Cloudflare-cfduid-cookie-do- )
Persistent, Period of validity: 5 years
No
PD-L1 Monitor
_ga
Third Party
This analysis cookie from Google Analytics to distinguish users, which we use indirectly, for the map service on our homepage. This cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website. Partner: Mapbox / Google (see section B – V)
Persistent, Period of validity: 2 years
Yes
Homepage quip.eu, PD-L1 Monitor, QS Monitor
_gid
Third Party
This analysis cookie from Google Analytics to distinguish users, which we use indirectly, for the map service on our homepage. This cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website. Partner: Mapbox / Google (see section B - V)
Transistent, Period of validity: Session/24 hours
Yes
Homepage quip.eu, PD-L1 Monitor, QS Monitor
utag_main
Third Party
Is used to assign a timestamp, the number of page views and a unique ID. This information is used within our analysis tools are used to enrich the collected data (Tealium Inc).
Transistent, Period of validity: 1 year
Yes
Homepage quip.eu, PD-L1 Monitor, QS Monitor
_cfduid
Third Party
Improve website performance and reliability by Load balancing between servers from CloudFlare (CloudFlare Inc).
Transistent, Period of validity: 7 years, 2 months
Yes
Homepage quip.eu, PD-L1 Monitor, QS Monitor
_gat
Third Party
This analysis cookie from Google Analytics is used to throttle the request rate. When Google Analytics is delivered via Google Tag Manager, this cookie is named
Transistent, Period of validity: Session/1 minute
Yes
Homepage quip.eu, QS Monitor
AMP_TOKEN
Third Party
Contains a token that can be used to retrieve a client ID from the AMP Client ID Service. Other possible values are opt-out, in-flight request, or an error while retrieving a client ID from the AMP Client ID Service.
Transistent, Period of validity: Session/30 seconds to 1 year
Yes
Homepage quip.eu
_gac_
Third Party
Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, the conversion tags on the Google Ads website will read this cookie unless you sign out.
Transistent, Period of validity: Session/ 90 days
No
Homepage quip.eu
__utma
First Party
Used to differentiate between users and sessions. The cookie is created when the Javascript library is executed and there are no existing __utma cookies. The cookie is updated each time data is sent to Google Analytics
Transistent, Period of validity: 2 years from set/update
Yes
Homepage quip.eu
__utmt
First Party
Is used to throttle the request rate.
Transistent, Period of validity: 10 minutes
No
Homepage quip.eu
__utmb
First Party
Used to define new sessions/visits. The cookie is created when the Javascript library is executed and no existing __utmb cookies are present. The cookie is updated each time data is sent to Google Analytics.
Transistent, Period of validity: 30 minutes from Set/Update
Yes
Homepage quip.eu
__utmc
First Party
Not used in ga.js. Set for interoperability with urchin.js. In the past, this cookie was run in conjunction with the cookie to determine if the user was in a new session/visit.
Transistent, Period of validity: End of the browser session
Yes
Homepage quip.eu
__utmz
First Party
Not used in ga.js. Set for interoperability with urchin.js. In the past, this cookie was run in conjunction with the cookie to determine if the user was in a new session/visit.
Transistent, Period of validity: End of the browser session
Yes
Homepage quip.eu
__utmv
First Party
Is used to store user-defined variable data at the visitor level. This cookie is created when a developer uses the method with a user-defined variable at the visitor level. This cookie was also used for the deprecated method. The cookie is updated each time data is sent to Google Analytics. _setCustomVar_setVar
Transistent, Period of validity: 2 years from Set/Update
Yes
Homepage quip.eu
catAccCookies
Third Party
This cookie is used to store your opt-in for cookie usage. This cookie stores as values, either a "1" as consent to cookie use or a "0" if you have not agreed to it.
Persistent, Period of validity: 30 days
Yes
PD-L1 Monitor
mltlngg_language
Third Party
This cookie is used for the language settings of the website content. This cookie stores as values, either "German" or "English
Transistent, Period of validity: Session/24 Hours
No
PD-L1 Monitor
PHPSESSIONID
Third Party
This cookie is used to recognize the user. This cookie contains your PHP session ID for further processing on the website. Partner: Wordpress.
Transistent
No
PD-L1 Monitor

D Information on data subjects' rights

As a data subject, you have the following rights about the processing of your personal data: 

  • Right to information (Article 15 of the basic data protection regulation)
  • Right of rectification (Article 16 of the basic data protection regulation)
  • Right of cancellation ("right to be forgotten") (Article 17 of the basic data protection regulation)
  • Right to limit processing (Article 18 of the basic data protection regulation)
  • Right to data transferability (Article 20 of the basic data protection regulation)
  • Right of opposition (Article 21 of the basic data protection regulation)
  • Right to withdraw consent (Article 7(3) of the basic data protection regulation)
  • Right to appeal to the supervisory authority (Article 77 of the basic data protection regulation)

To exercise your rights, you can contact us using the contact information provided in section A. For information on any specific modalities and mechanisms that may facilitate the exercise of your rights, in particular to exercise your rights to data transfer and opposition, please refer, where applicable, to the information on the processing of personal data in Section B of this Privacy Policy.

Below you will find more detailed information on your rights with regard to the processing of your personal data: 

I Right to information

As a data subject, you have a right of access under the conditions of Article 15 of the basic data protection regulation. 

This means in particular that you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you also have the right of access to this personal data and to the information listed in Article 15(1) of the Basic Data Protection Regulation. This includes, for example, information on the purposes of the processing, the categories of personal data processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Article 15(1)(a), (b) and (c) of the Basic Data Protection Regulation). 

The full extent of your right of access can be found in Article 15 of the Basic Data Protection Regulation, which can be accessed via this link

II Right of rectification

As a data subject, you have a right of rectification under the conditions of Article 16 of the basic data protection regulation. 

In particular, this means that you have the right to ask us to correct incorrect personal data concerning you without delay and to complete incomplete personal data. 

The full extent of your right of rectification can be found in Article 16 of the Basic Data Protection Regulation, which you can access via this link

III Right to deletion ("Right to be forgotten")

As a data subject, you have a right to deletion ("right to be forgotten") under the conditions of Article 17 of the basic data protection regulation. 

This means that, in principle, you have the right to demand that we delete personal data relating to you immediately and we are obliged to delete personal data immediately if one of the reasons listed in Article 17(1) of the Basic Data Protection Regulation applies. This may be the case, for example, if personal data are no longer necessary for the purposes for which they were collected or otherwise processed (Article 17(1)(a) of the Basic Data Protection Regulation). 

If we have made the personal data public and we are obliged to delete them, we are also obliged to take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the personal data that a data subject has requested them to delete all links to these personal data or copies or replications of these personal data (Article 17(2) of the Basic Data Protection Regulation). 

The right of erasure ("right to be forgotten") does not apply, by way of exception, if the processing is necessary for the reasons listed in Article 17(3) of the basic data protection regulation. This may be the case, for example, if the processing is necessary for the fulfilment of a legal obligation or for the establishment, exercise or defence of legal claims (Article 17(3)(a) and (e) of the basic data protection regulation). 

The full extent of your right of cancellation can be found in Article 17 of the Basic Data Protection Regulation, which can be accessed via this link

IV Right to limit processing

As a data subject, you have a right to limit the processing of data under the conditions of Article 18 of the basic data protection regulation. 

This means that you have the right to ask us to restrict processing if one of the conditions listed in Article 18(1) of the Basic Data Protection Regulation is met. This may be the case, for example, if you dispute the accuracy of your personal data. In this case, the restriction of processing will be for a period of time that allows us to verify the accuracy of the personal data (Article 18(1)(a) of the Basic Data Protection Regulation). 

Restriction means the marking of stored personal data with the aim of limiting their future processing (Article 4(3) of the Basic Data Protection Regulation). 

The full extent of your right to limit the processing can be found in Article 18 of the Basic Data Protection Regulation, which can be accessed via this link

V Right to data transferability

As a data subject, you have a right to data transferability under the conditions of Article 20 of the basic data protection regulation. 

This means that, in principle, you have the right to receive the personal data concerning you that you have provided us with in a structured, common and machine-readable format and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on an agreement pursuant to Article 6(1)(a) or Article 9(2)(a) of the Basic Data Protection Regulation or on a contract pursuant to Article 6(1)(b) of the Basic Data Protection Regulation and that the processing is carried out by means of automated procedures (Article 20(1) of the Basic Data Protection Regulation). 

For information on whether a processing operation is based on a consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the basic data protection regulation or on a contract pursuant to Article 6(1)(b) of the basic data protection regulation, please refer to the information on the legal basis of the processing operation in Section B of this Privacy Information. 

When exercising your right to data transferability, you also have the basic right to request that the personal data be transferred directly from us to another controller, insofar as this is technically feasible (Article 20(2) of the Basic Data Protection Regulation). 

The full extent of your right to restrict processing can be found in Article 20 of the Basic Data Protection Regulation, which can be accessed via this link

VI Right of objection

As a data subject, you have a right of objection under the conditions of Article 21 of the basic data protection regulation. 

We will expressly draw your attention to your right to object as a data subject at the latest at the time of the first communication with you. 

You will find more detailed information on this below: 

Right of objection for reasons arising from the specific situation of the data subject 

As a data subject, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) or (f) of the basic data protection regulation, including profiling based on these provisions. For information on whether a processing operation is carried out on the basis of Article 6(1)(e) or (f) of the basic data protection regulation, please refer to the information on the legal basis of the processing operation in Section B of this Privacy Notice.
In the event of an objection for reasons arising from your particular situation, we will no longer process the personal data concerned unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. 

The full extent of your right of objection can be found in Article 21 of the Basic Data Protection Regulation, which you can access via this link

Right to object to direct mail 

Where personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing. 
For information on whether and to what extent personal data are processed for the purpose of direct marketing, please refer to the information on the purposes of processing in Section B of this Privacy Notice. 
In the event of an objection to processing for direct marketing purposes, we will no longer process the personal data concerned for these purposes. 

The full extent of your right to object can be found in Article 21 of the basic data protection regulation, which can be accessed via this link

VII Right to Revocation of Consent

If the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the basic data protection regulation, you as a data subject have the right to withdraw your consent at any time pursuant to Article 7(3) of the basic data protection regulation. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation. We will inform you of this before giving consent. 

For information on whether a processing operation is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the basic data protection regulation, please refer to the information on the legal basis of the processing operation in Section B of this data protection information. 

VIII Right to complain to a supervisory authority

As a data subject, you have the right to lodge a complaint with a supervisory authority under the conditions laid down in Article 77 of the basic data protection regulation. 

The supervisory authority responsible for us is: 

Berlin Commissioner for Data Protection and Freedom of Information 
Friedrichstrasse 219 
10969 Berlin
Germany

Phone: 030/138 89-0
Fax: 030/215 50 50
E-Mail: mailbox@datenschutz-berlin.de

E Information on the terms of the basic data protection regulation used in this data protection information

The terms used in this data protection information have the meaning assigned to them in the basic data protection regulation. 

The full scope of the definitions in the basic data protection regulation can be found in Article 4 of the basic data protection regulation, which can be accessed via this link

More detailed information on the most important terms of the basic data protection regulation used in this data protection information is provided below: 

  • "Personal data" shall mean any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person 
  • "data subject" shall mean the natural person identified or identifiable in each case to whom personal data relating to him relate. 
  • "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 
  • "profiling" means any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular with a view to analysing or predicting aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, location or movement of that natural person 
  • "controller" shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or by the law of the Member States, provision may be made for the controller to be designated in accordance with Union law or the law of the Member States, or for the specific criteria for such designation to be laid down
  • "processor" means any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller 
  • "recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person, agency, body or other body is a third party. However, authorities which may receive personal data in the course of a specific investigation carried out pursuant to Union law or the law of the Member States shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection provisions and in accordance with the purposes of the processing; 
  • "third party" means any natural or legal person, public authority, agency or any other body, other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data 
  • "international organization" means an organization under international law and its subsidiary bodies or any other body set up by, or on the basis of, an agreement concluded between two or more countries 
  • "third country" means a country that is not a member state of the European Union ("EU") or the European Economic Area ("EEA"); 
  • "special categories of personal data" means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data or data concerning the sexual life or sexual orientation of a natural person 

F Status and changes to this data protection information

This data protection information has the status 21.08.2020. 
Due to technical developments and/or changes in legal and/or official regulations, it may be necessary to adapt this data protection information. 

The current data parotection information can be accessed here at any time.