Book the studio
Apply
Book solebox studio
Apply

Data Protection

Privacy policy, as of March 2024

We (Sole Brothers GmbH, hereinafter also referred to as "solebox") appreciate your interest in our website. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your personal data.

1 General information

In this privacy policy, we would like to inform you about the processing of your personal data when using our website and the associated functions, as well as our social media presence.

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4 No. 1 GDPR). This includes, for example, your name, your telephone number, your address and your contact details that you provide to us. This does not include anonymized data that cannot be directly linked to your person.

2 Responsible body and contact

Sole Brothers GmbH

Schanzenstraße 41

51063 Cologne

Phone: 0800 4110000

E-mail: support@solebox.com

3 Data protection officer

solebox has appointed a data protection officer. You can reach the data protection officer by email at: privacy@solebox.com

4 Automated data collection

By accessing this website, the accessing device automatically transmits the following data for technical reasons

- Browser type and browser version

- Operating system used

- referrer URL

- Host name of the accessing computer

- Time of the server request

- IP address

- If JavaScript is activated, the browser also transmits the resolution and color depth of the browser window

The data is stored for the following purposes:

- Ensuring the security of the IT systems

- Defense against attacks on our online offering and IT systems

- Ensuring the proper operation of this online offering

The IP address is only stored for a period of 7 days. Processing is based on our legitimate interests in ensuring the security of the IT systems, defending against attacks on our online offer and IT systems and ensuring the proper operation of this online offer in accordance with Art. 6 para. 1 lit. f) GDPR.

5 Making contact

If you send us inquiries via our contact form or by other means (telephone, email), we will process your details relating to the inquiry, including your contact details (in particular your name, email address and, if applicable, your telephone number) for the purpose of processing the inquiry and any follow-up questions.

The processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in the effective processing of your request and, in the case of requests in connection with contracts, to enable the initiation and execution of the respective contractual relationship. If you yourself are a (potential) contractual partner, the processing of inquiries about contracts takes place for the initiation and execution of the respective contractual relationship (Art. 6 para. 1 lit. b) GDPR).

The data you transmit to us in the course of contacting us will remain with us until the purpose for data storage/processing no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected. For example, we store inquiries about contracts or of potential legal relevance during the general limitation period, i.e. three years from the end of the year in which we received your inquiries.

The storage is based on our legitimate interest, the proper documentation of our business operations and the safeguarding of our legal positions (Art. 6 para. 1 lit. f) GDPR).

6 solebox studio online booking

So that we can check your online booking request for the solebox studio, we need the following information

- First name and surname

- e-mail address

- Link to your website / one of your social media profiles

We use a service provider - anny GmbH - to offer the room booking solution on our website. For this purpose, this service provider processes your aforementioned personal data.

After we have received your online booking request, we will first send you a confirmation of receipt of the request by e-mail. Following our availability check, we will send you a further email confirming or rejecting the room booking request.

We carry out the processing for the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b) GDPR.

The data you send to us in the course of the room booking request will remain with us until the purpose for data storage/processing no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected. For example, we store inquiries about contracts or of potential legal relevance during the general limitation period, i.e. three years from the end of the year in which we received your inquiries.

The storage is based on our legitimate interest, the proper documentation of our business operations and the safeguarding of our legal positions (Art. 6 para. 1 lit. f) GDPR).

7 Events and seminars

To register for our events and seminars, we need the following information

- First name and surname

- e-mail address

We use a service provider - anny GmbH - to offer event and seminar registrations on our website. For this purpose, this service provider processes your aforementioned personal data.

Following your registration, we will send you further information about the event or seminar by email.

We carry out the processing for the implementation of (pre-)contractual measures in accordance with Art. 6 para. 1 lit. b) GDPR.

The data you provide to us when registering for our event / seminar will remain with us until the purpose for data storage / processing no longer applies (e.g. after your registration has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected. For example, we store contracts or documents of potential legal relevance for the general limitation period, i.e. three years from the end of the year in which we received your inquiries.

The storage is based on our legitimate interest, the proper documentation of our business operations and the safeguarding of our legal positions (Art. 6 para. 1 lit. f) GDPR).

8 Surveys and competitions

We use the following data to check your eligibility to participate in our competitions and to contact you using the contact details you provide us with:

- First and last name

- email address

In addition, we process additional information, such as your data in connection with your Instagram profile, your clothing size or shoe size, which you provide to us on a voluntary basis.

We use a service provider - anny GmbH - to offer the surveys and competitions on our website.

Following your participation in the survey or registration for the competition, we will send the winners further information about the survey / competition by e-mail.

We carry out the processing for the implementation of (pre-)contractual measures in accordance with Art. 6 para. 1 lit. b) GDPR.

We will retain the data you provide to us in the course of requesting information about our survey and competitions until the purpose for data storage/processing no longer applies (e.g. after completion of the competition or survey). Mandatory statutory provisions - in particular retention periods - remain unaffected. For example, we store contracts or documents of potential legal relevance for the general limitation period, i.e. three years from the end of the year in which we received your inquiries.

The storage is based on our legitimate interest, the proper documentation of our business operations and the safeguarding of our legal positions (Art. 6 para. 1 lit. f) GDPR).

9 Marketing newsletter

If you give us your consent, we will use your contact details (first name, surname and email address) to send you our newsletter by email.

We use the so-called double opt-in procedure for sending the newsletter, i.e. we will only send you a newsletter by email if you have expressly confirmed to us beforehand that we should activate the newsletter service.

We will then send you a notification email and ask you to confirm that you wish to receive our newsletter by clicking on a link contained in this e-mail.

Your data will be processed on the basis of your consent (Art. 6 para. 1 lit. a) GDPR).

If you no longer wish to receive newsletters from us, you can revoke your consent at any time by sending a message to our contact details (under section 2). There is also an unsubscribe link in the respective newsletter.

We also store information in order to be able to prove your consent. This information includes your name, your email address and the time of consent. This processing is based on Art. 6 para. 1 lit. c) in conjunction with Art. 7 para. 1 GDPR.

If you withdraw your consent, we will delete your data immediately. Further storage to prove consent is based on our legitimate interest, the proper documentation of our business operations and the assertion, safeguarding or defense of claims (Art. 6 para. 1 lit. f) GDPR).

10 Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies to recognize your browser on your next visit (persistent cookies).

We use the following cookie categories:

- Cookies that are technically necessary for the operation of our website:

These cookies are technically necessary for the operation and functionality of the website. They help to make the website technically accessible and usable and provide essential and basic functionalities, such as navigation on the website, the correct display of the website in the Internet browser or consent management. The website cannot function properly without these cookies

- Functional / analysis cookies

These cookies are used to measure online traffic and analyze behavior. This enables us to better understand the use of our website and improve our services.

- Marketing cookies

These cookies enable us to draw your attention to relevant solebox advertising campaigns and to show you personalized solebox content based on your interests, including on third-party websites. In addition, we can use targeting to limit the frequency with which an advertisement appears and reduce the number of times it is displayed to you.

The legal basis for the use of technically necessary cookies is Section 25 (2) No. 1 TTDSG and the associated processing of personal data Art. 6 (1) sentence 1 lit. f) GDPR to safeguard our legitimate interests. Our legitimate interests lie in particular in being able to provide you with a technically optimized, user-friendly and needs-based website and to ensure the security of our systems. Otherwise, we only use cookies in accordance with Section 25 (1) TTDSG on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

If we use cookies on the basis of your consent, you can revoke your consent at any time with effect for the future by adjusting your cookie settings here [OC5]. Alternatively, you can change your settings at any time via the link "Cookie preferences [OC6] ". You can find the link in the footer of the website. Your revocation does not affect the legality of the processing carried out up to the revocation.

10.1 Google Analytics

If you give us your consent, we use the Google Analytics service of Google Ireland Limited ("Google"). We comply with the currently applicable terms of use for Google Analytics and the terms of the Google Data Processing Agreement and, if your personal data is processed in an unsafe third country, we have concluded the standard contractual clauses approved by the EU Commission with Google LLC in accordance with Art. 46 para. 2 lit. c) GDPR. According to section 10.3 of the Google order processing agreement, the transmitted data is stored in the following locations (so-called "data center locations"): www.google.com/about/datacenters/locations/.

For this reason, we only use Google Analytics if you also consent to the transfer to the data center locations listed above. In some cases, the third countries in which the data centers are located or from which processing is carried out do not have an adequate level of data protection on the basis of a decision by the European Commission (a list of the so-called safe third countries can be found at: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). The transfer to insecure third countries is associated with risks for your personal data. These risks cannot be excluded solely by the conclusion of standard contractual clauses between us and the company in the third country. Nevertheless, the Google order processing provisions (see privacy.google.com/businesses/processorterms/ in the section "Appendix 2") contain a large number of technical and organizational measures designed to ensure the security of your personal data.

Please take the aforementioned circumstances into account when granting your consent.

You can find basic information on the processing of your personal data by Google here: policies.google.com/privacy?hl=en.

If you have consented to its use, Google Analytics collects pseudonymous data about your use of our website, including your shortened IP address, and uses cookies. The information generated by the cookies about your use of the website (including your shortened IP address) will be transmitted to and stored by Google on servers in the data center locations listed above. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and generating other analyses and evaluations relating to website activity and internet usage. Google may also link this data with other data about you, such as your search history, your personal account, usage data from other devices and other data that Google has stored about you. Google may also transfer this information to third parties where required to do so by law (e.g. government authorities) or where such third parties process the information on Google's behalf.

The data stored by Google Analytics is stored for a period of 14 months. After this period, Google Analytics only stores aggregated statistics. The use of Google Analytics is based on your consent (Art. 6 para. 1 lit. a) GDPR).

You can find more information about Google's use of data here: support.google.com/analytics/answer/6004245?hl=en.

11 Integrated third-party content

We have also integrated content from third-party providers on our website. This content is loaded from the servers of the respective providers so that your end device transmits certain technically necessary data to the third-party provider. In particular, it cannot be ruled out that these providers may take note of the IP address assigned to you. Insofar as personal data is processed, this is done by the respective third-party providers on their own responsibility. You can find more information on how these third-party providers process your personal data in the privacy policies of the respective third-party providers to which we refer below. The integration by us is based on our legitimate interests in being able to provide our users with the corresponding content and functionalities and to be able to operate our website economically in accordance with Art. 6 para. 1 lit. f) GDPR. Specifically, we integrate the following third-party content:

11.1 YouTube

We embed YouTube videos on our website. YouTube is a service of Google LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, USA, for users from the EU of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). There is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the USA. Google LLC is a company certified under the Data Privacy Framework.

You can find Google's privacy policy at https://policies.google.com/privacy.

12 Our social media presences

If our websites contain symbols of the following social media providers, we use these to passively link to the pages of the respective providers.

12.1 General information

We operate the aforementioned pages or profiles on various social media platforms. In this context, the processing of personal data described below takes place.

If you interact with us via our social media pages or our posts, we will collect and process the data provided by you in this respect, including your user name and any profile photo, for example if you mark or share a post with "Like", comment on it or provide other content. The processing in this regard is regularly carried out on the basis of our legitimate interest in providing the corresponding functions on our social media pages (Art. 6 para. 1 lit. f) GDPR) and, if applicable, on the basis of your consent to the operator of the respective network (Art. 6 para. 1 lit. a) GDPR) or your contractual relationship with the operator (Art. 6 para. 1 lit. b) GDPR). Please also note that this content is published on our relevant social media pages in accordance with your account settings and can be accessed by anyone worldwide.

Further data processing may be carried out by us in order to receive and process inquiries or messages via our social media pages (Art. 6 para. 1 lit. f) GDPR). We have a legitimate interest in the effective processing of your request or message.

If you would like us to remove content uploaded by you on our social media page, please send us an email with your request to our contact details mentioned above (under section 2).

In addition, the respective operators collect and process your personal data under their own responsibility under data protection law when you visit our social media pages and/or interact with them or our posts. This applies in particular if you are registered or logged in to the relevant social media network. Even if you are not registered with a social media network, the operators collect certain personal data when you visit the site, such as unique identifiers linked to your browser or device. Please note that this data may be merged across different platforms and services if they are operated by the same operator. Further information can be found in the privacy policies of the respective operators, to which we refer below.

12.2 Facebook

You can find our Facebook presence on Facebook at https://www.facebook.com/solebox.

For users outside the USA and Canada, Facebook is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For users in the USA and Canada, Meta Platforms Inc, 1601 Willow Road Menlo Park, CA 9402, USA, is the operator of Facebook ("Meta Platforms").

Even if you are not registered with Facebook and visit our Facebook fan page, Meta Platforms may collect pseudonymous usage data from you. You can find more information in Meta Platforms' privacy policy at https://de-de.facebook.com/about/privacy/ and at https://www.facebook.com/legal/terms/information_about_page_insights_data. In the privacy policy, you will also find information about the settings options for your Facebook account.

Meta Platforms may share your data within the Meta group of companies and with other third parties. This may result in the transfer of personal data to the USA and other third countries for which there is no adequacy decision by the EU Commission. For data transfers to the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the USA. In addition, Facebook Ireland will use the standard contractual clauses approved by the EU Commission in accordance with Art. 46 para. 2 lit. c) GDPR. You can also find further information on this in the Meta Platforms data policy.

We are also jointly responsible with Meta Platforms Ireland Limited for the processing of so-called Insights data when you visit our Facebook fan page. Meta Platforms Ireland Limited uses this insights data to analyze behavior on our Facebook fan page and provides us with this data in anonymized form. For this purpose, we have concluded an agreement with Meta Platforms Ireland Limited on joint responsibility for data processing. If you would like to view this, please send us an email with your request to our contact details mentioned above (under section 2). Meta Platforms Ireland Limited undertakes, among other things, to assume primary responsibility under the GDPR for the processing of Insights data and to comply with all obligations under the GDPR with regard to the processing of Insights data. The processing serves our legitimate economic interests in the optimization and needs-based design of our Facebook fan page, Art. 6 para. 1 lit. f) GDPR.

We would also like to draw your attention to the following: If you visit or like our Facebook page as a registered Facebook user, Meta Platforms Ireland Limited. collects personal data from you. If you are not registered with Facebook and visit the Facebook page, Meta Platforms may collect pseudonymous usage data from you.

Specifically, the following information is collected by Meta Platforms:

- Viewing a page or a post or video from a page

- Subscribing or unsubscribing to a page

- Marking a page or a post with "Like" or "No longer like"

- Recommend a page in a post or comment

- Comment on, share or react to a page post (including the type of reaction)

- Hide a page post or report it as spam

- Click on a link that leads to the page from another page on Facebook or from a website outside of Facebook

- Hover over the name or profile picture of a page to see a preview of the page content

- Clicking on the website button, phone number button, "Plan route" button or any other button on a page

- Information about whether you are logged in via a computer or mobile device while visiting a page or interacting with it or its content

For more information, please see Meta Platforms' privacy policy at: https://www.meta.com/de-de/help/quest/articles/accounts/privacy-information-and-settings/meta-privacy-policies/. For more information about how Meta Platforms uses your data when you visit or like our Facebook page, please visit: https://www.facebook.com/legal/terms/information_about_page_insights_data.

12.3 Instagram

You can find our Instagram presence at https://www.instagram.com/solebox/.

For users outside the USA and Canada, Instagram is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta Platforms").

For more information on how Meta Platforms processes your data, please refer to Instagram's data policy at https://help.instagram.com/155833707900388.

12.4 Pinterest

Our Pinterest presence is available at https://www.pinterest.de/solebox/.

For users within the EEA, Pinterest is operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. For users in the USA, Pinterest is operated by Pinterest, Inc. 651 Brannan Street, San Francisco, CA 94107, USA.

Further information can be found in Pinterest's privacy policy at https://policy.pinterest.com/de/privacy-policy.

12.5 TikTok

Our TikTok presence is available at https://www.tiktok.com/@solebox.

For users within the European Economic Area and Switzerland, TikTok is operated by TikTok Technology Limited 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok Ireland") and in the United Kingdom by TikTok Information Technologies UK Limited, One London Wall, 6th Floor, London, England, EC2Y 5EB ("TikTok UK"). For users in the USA, TikTok Inc, 5800 Bristol Parkway, Culver City, CA 90230, USA is the operator of TikTok. For all other users outside the European Economic Area, the United Kingdom, Switzerland and the USA, TikTok Pte. Ltd, 1 Raffles Quay, #26-10, South Tower, Singapore is the operator of TikTok.

Further information can be found in TikTok's privacy policy at: https://www.tiktok.com/legal/privacy-policy?lang=en#privacy-eea (for users within the European Economic Area, the United Kingdom and Switzerland), https://www.tiktok.com/legal/privacy-policy?lang=en#privacy-us (for users within the USA) and https://www.tiktok.com/legal/privacy-policy?lang=en#privacy-row (for all other users outside the European Economic Area, the United Kingdom, Switzerland and the USA).

13 Automated individual decision-making or profiling measures

We do not use automated processing to make a decision or profiling.

14 Disclosure of data

Your data will only be passed on beyond the scope described in this data protection notice to the extent described below:

14.1 Disclosure to third parties

If it is necessary to investigate unlawful use of our website and services or for legal prosecution, personal data will be forwarded to external consultants (e.g. lawyers), law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are concrete indications of unlawful or abusive behavior. Disclosure may also take place if this serves the assertion, exercise or defense of claims. We are also legally obliged to provide information to certain public authorities on request. These are law enforcement authorities, authorities that prosecute administrative offenses subject to fines and the tax authorities.

In addition, your personal data may also be passed on if we are exposed to other claims by third parties, which may include information about your data.

As part of administrative processes and the organization of our business, financial accounting and compliance with legal obligations, such as archiving, we disclose or transfer your data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.

This data is passed on on the basis of our legitimate interest in combating misuse, prosecuting criminal offenses and asserting, exercising or defending claims as well as maintaining our business activities and performing our tasks, Art. 6 para. 1 lit. f) GDPR or on the basis of a legal obligation pursuant to Art. 6 para. 1 lit. c) GDPR

Your data will be passed on to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods. The shipping company will only use your personal data to process the delivery. To process payments, we pass on your payment data to the credit institution or PayPal or other payment service providers commissioned with the payment. Your data will not be passed on to other third parties or used for advertising purposes. The legal basis for data processing is Art. 6 para. 1 lit. b) GDPR. Once the contract has been fully processed and the purchase price has been paid in full, your data will be blocked for further use and deleted after the retention periods under tax and commercial law have expired.

14.2 Forwarding to contract processors

We rely on contractually affiliated third-party companies and external service providers, so-called processors (see Art. 4 No. 8, 28 GDPR), to provide the services. In such cases, personal data is passed on to these processors to enable them to continue processing. These processors process personal data on our behalf and are strictly bound by our instructions.

In addition to the processors already mentioned in this data protection notice, we also use the following categories of processors:

- IT service provider.

- Cloud service provider.

- Software service providers.

14.3 Disclosure in the context of corporate transactions

As part of the further development of our business, the structure of our company may change as a result of a change in legal form or the establishment, acquisition or sale of subsidiaries, parts of companies or components. In such transactions, user information is shared with the part of the company to be transferred. Whenever personal data is passed on to third parties to the extent described above, we ensure that this is done in accordance with this data protection notice and the relevant data protection laws.

The disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances, Art. 6 para. 1 lit. f) GDPR.

15 Provision of your data

You are neither legally nor contractually obliged to provide your data.

However, the provision of your data is necessary to a certain extent so that we can provide you with the functions on our website and our services. In particular, the provision of your data is necessary so that we can receive and process your inquiries to us, so that we can enable the initiation or execution of the contract and so that you can use the community functions in connection with our social media presences. It is also necessary to provide your data in order to receive and process your application.

If it is necessary to enter your data, we will indicate this when you enter it by marking it as a mandatory field. The provision of further data is voluntary. If you do not provide the required data, we will not be able to provide the corresponding functions and services, in particular we will not be able to accept and process your inquiries and/or initiate or execute the contract. In addition, you will not be able to use the community functions of our social media presences. If you do not provide us with the required data in connection with your application, we will not be able to consider your application. If voluntary information is affected, failure to provide it will mean that we will not be able to provide the corresponding functions and services or will not be able to provide them to the usual extent.

16 Transfer to third countries

We also process data in countries outside the European Economic Area ("EEA"), in so-called third countries, or transfer data to recipients in these third countries.

If your personal data is transferred to recipients outside the European Economic Area beyond the cases described in this data protection notice, we will transfer your data to third countries for which an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR exists.

If such an adequacy decision does not exist, we use the standard contractual clauses approved by the EU Commission pursuant to Art. 46 para. 2 lit. c) GDPR when structuring the contractual relationships with the recipients in third countries. You can request a copy of these standard contractual clauses and information on the additional measures we have taken to ensure an adequate level of data protection from our contact details (under section 2).

17 Change of purpose

Your data will only be processed for purposes other than those described if this is permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide you with all other relevant information.

18 Deletion of your data

Unless otherwise stated, we will delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs. As a rule, we store your personal data for the duration of the user or contractual relationship via the website plus a period of 30 days during which we keep backup copies after deletion.

If you delete your user account, your profile will be completely and permanently deleted. However, we will retain backup copies of your data for a period of 30 days before these are also permanently deleted, unless this data is required for longer for legal reasons or for criminal prosecution or to secure, assert or enforce legal claims.

We will also continue to store your data,

- if we are obliged to do so for legal reasons, Art. 6 para. 1 lit. c) GDPR. If we are legally obliged to retain your data, we will store it for the legally prescribed period. Legal requirements for storage may arise in particular from the retention periods of the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention period under these regulations is generally between 6 and 10 years from the end of the year in which the relevant process was completed, e.g. we have finally processed your request,

- if the data is required longer for criminal prosecution or for the assertion, exercise or defense of legal claims. This is also our legitimate interest, Art. 6 para. 1 lit. f) GDPR. Data is then stored until the conclusion of the relevant process plus the statutory limitation period.

If data must be stored for legal reasons, processing will be restricted. The data will then no longer be available for further use.

19 Your rights as a data subject

You have the rights described below with regard to the processing of your personal data. To assert your rights, you can write to us using the contact details provided (under section 2).

19.1 Right to information

You have the right to receive information from us at any time upon request about the personal data processed by us concerning you within the scope of Art. 15 GDPR and § 34 BDSG.

19.2 Right to rectification of inaccurate data

In accordance with Art. 16 GDPR, you have the right to demand that we rectify your personal data without undue delay if it is inaccurate.

19.3 Right to erasure

You have the right to demand that we erase the personal data concerning you under the conditions described in Art. 17 GDPR and Section 35 BDSG. In particular, these conditions provide for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under Union law or the law of the Member State to which we are subject.

19.4 Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between you and us, for the period required to verify the accuracy and in the event that you request restricted processing instead of deletion in the event of an existing right to deletion; furthermore, in the event that the data is no longer required for the purposes pursued by us, but you need it for the assertion, exercise or defense of legal claims and if the successful exercise of an objection between you and us is still disputed.

19.5 Right to data portability

You have the right to receive from us the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR.

19.6 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based, inter alia, on point (e) or (f) of Article 6(1) GDPR pursuant to Article 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If we process personal data concerning you for direct marketing purposes, including profiling, you have the right to object to this processing. Following your objection, we will cease processing.

19.7 Right of withdrawal

If the processing is based on Art. 6 para. 1 lit. a) GDPR, you have the right to withdraw your consent at any time with effect for the future.

19.8 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority of your choice. The supervisory authority responsible for North Rhine-Westphalia is

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestr 2-4

40213 Düsseldorf

Telephone: 0211/38424-0

Fax: 0211/38424-10

E-mail: poststelle@ldi.nrw.de

20 Data processing when exercising your rights

Finally, we would like to point out that we process the personal data you provide when exercising your rights in accordance with Art. 7 para. 3 sentence 1 GDPR and Art. 15 to 22 GDPR for the purpose of implementing these rights and to be able to provide evidence of this and, if necessary, to defend legal positions. The processing of your data to fulfill your rights as a data subject is based on the legal basis of Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 15 to 22 GDPR and § 34 para. 2 BDSG. Insofar as we process the personal data for the purposes of legal defense, this is also our legitimate interest, Art. 6 para. 1 lit. f) GDPR.

For the sake of completeness, we would like to point out that your personal data in connection with your request will be stored for the duration of the regular limitation period of three years, starting at the end of the year in which your request was finally processed by us, in order to exercise your rights to fulfill the statutory documentation obligations under the GDPR, in particular to prove that your request was answered on time.

The legal basis for storage is Art. 6 para. 1 lit. f) GDPR. It is in our legitimate interest to provide and document the aforementioned proof.

This personal data will be blocked and will not be processed for other purposes unless the processing is necessary for the establishment, exercise or defense of legal claims. This is then also our legitimate interest, Art. 6 para. 1 lit. f) GDPR.

You are neither contractually nor legally obliged to provide your personal data, but we may refuse to fulfill your request to exercise your rights as a data subject in accordance with Art. 12 para. 2 sentence 2 GDPR if you do not provide us with the data required for your unambiguous identification, if necessary after being requested to do so.

21 Changes to this data protection notice

We reserve the right to change the data protection information in accordance with the current legal requirements or an adaptation of the data processing. Please check the data protection information before you use our offers in order to be up to date with any changes.