PRIVACY POLICY 

itp gmbh (collectively, “itp”, “we” or “us”) respect your privacy and are committed to protecting your personal data. We collect, process and use your personal data in accordance with the terms of this privacy policy and the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications and Digital Services Data Protection Act (TDDDG).

This privacy policy sets out what personal data we collect, process and use about you. We therefore ask you to read the following information carefully. 

This Privacy Notice applies to online and offline processing by us as a data controller, including but not limited to our mobile applications, our website (www.taster.de) and its subdomains, including our careers page. This Privacy Notice also applies whenever it is referenced by a URL or presented in printed form, whether at our physical locations, during in-person events, roadshows, or in connection with any itp activity where this Privacy Notice is made available to you.

1 Name and address of the data controller 

itp gmbh
Rathausstr. 75-79
66333 Völklingen
Telefon: +49 6898 85091 0
E-Mail: itp@taster.de

2 Name and address of our data protection officer

Ingenieurbüro Bernd Hölle GmbH
Gerhard-Kindler-Straße 3
D-72770 Reutlingen
Tel: +49 (0) 7121 820 17 40
E-Mail: itp@ibh-datenschutz.de

3 General information on data processing 

3.1 Scope of personal data processing 

We collect and use your personal data only to the extent necessary to provide a fully functional website and to deliver services to you. The collection and use of your personal data generally takes place only with your consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law. 

3.2 Legal basis for data processing

Provided you have consented to the data processing, we process your personal data on the basis of Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, where special categories of data are processed in accordance with Article 9(1) of the GDPR.

Where you have consented to the storage of cookies or to access to information on your device (e.g. via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) of the German Telemedia Act (TDDDG). You may withdraw your consent at any time. 

If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. Furthermore, we process your data where this is necessary to comply with a legal obligation, on the basis of Article 6(1)(c) of the GDPR. 

Data processing may also take place on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR. The relevant legal bases in each individual case are set out in the following paragraphs of this privacy policy. 

3.3 Information on the transfer of data to third countries

As explained in this privacy policy, we use services provided by companies some of which are based in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. in countries where the level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate measures in accordance with Art. 44 et seq. GDPR to ensure an adequate level of data protection for any data transfers. These include, amongst other things, the European Union’s standard contractual clauses or binding internal data protection regulations. 

If a transfer to a third country is planned and there is no adequacy decision or suitable safeguards in place, there is a possibility and a risk that authorities in the relevant third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your rights as a data subject cannot be guaranteed. 

3.4 Withdrawal of your consent to data processing 

Many data processing operations are only possible with your express consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.

3.5 Retention period

Unless a more specific retention period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a valid request for erasure or withdraw your consent to data processing, your data will be erased unless we have other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, erasure will take place once these grounds no longer apply. 

3.6 SSL or TLS encryption 

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the fact that the address bar in your browser changes from ‘http://’ to ‘https://’ and by the padlock icon in your browser bar. 

When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties. 

3.7 Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact enquiries, meta and communication data, contractual data, contact details, names, website visits and other data generated via a website.

We use the following hosting provider:  

VegaSystems GmbH & Co. KG

he servers are located within the European Union, specifically at Region Halberstädter Str. 99, 33106 Paderborn, Deutschland

VegaSystems GmbH & Co. KG acts as a data processor within the meaning of Article 28 of the GDPR. 

A corresponding contract for data processing has been concluded. 

Further information on data protection at VegaSystems GmbH & Co. KG can be found at: Datenschutz

4 Creation of server log files 

4.1 Description and purpose of data processing 

The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used 
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address 

This data is not merged with other data sources. 

4.2 Legal basis for data processing 

This data is collected on the basis of Article 6(1)(f) of the GDPR in conjunction with Section 25(2)(2) of the TDDDG. The website operator has a legitimate interest in ensuring the technically error-free display and optimisation of its website – to this end, server log files must be collected. 

4.3 Duration of storage 

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case once the respective session has ended. 

5 Use of cookies 

5.1 Description and purpose of data processing 

Our website uses so-called ‘cookies’. Cookies are small text files that do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser. 

In some cases, cookies from third-party companies may also be stored on your device when you visit our site (third-party cookies). These enable us or you to use certain services provided by the third-party company (e.g. cookies for processing payment services). 

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them. Other cookies are used to analyse user behaviour or display advertising. 

5.2 Legal basis for data processing

Cookies that are required to carry out the electronic communication process (necessary cookies), to provide specific functions you have requested (functional cookies), or to optimise the website (e.g. cookies for measuring website traffic) are stored on the basis of Article 6(1)(c) of the GDPR in conjunction with Section 25(2)(2) of the TDDDG, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure the technically flawless and optimised provision of its services. Where consent to the storage of cookies has been requested, the storage of the relevant cookies takes place exclusively on the basis of this consent (Article 6(1)(a) of the GDPR, Section 25(2)(1) of the TDDDG); consent may be withdrawn at any time. 

You can configure your browser so that you are informed when cookies are set and only allow cookies on a case-by-case basis, exclude the acceptance of cookies in specific cases or generally, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. 

5.3 Duration of storage 

You can disable or restrict the transmission of cookies by changing the settings in your web browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. 

For detailed information on the cookies used on this website and their respective storage periods, please refer to our Cookie Consent Management Tool. 

6 Cookies used  

The following cookies are used on our website: 

Technically necessary 

  • Session cookies
  • CSRF cookies
  • Time zone

Optional, not automatically enabled 

  • Google Tag Manager
  • Wishlist
  • Sendinblue Tracker

7 Contact via email or telephone 

7.1 Description and purpose of data processing 

Information on how to contact us electronically (contact form and direct email contact) is published on our website. If a user contacts us electronically, personal data is transmitted to us and stored. This data may include: 

  • Salutation 
  • Title (optional)
  • First name 
  • Surname
  • Company
  • Email address
  • Telephone number
  • Address 
  • Message 

At the time the message is sent, the following data is also stored: 

  • The user’s IP address
  • Date and time of the message

When you contact us, your enquiry, including all personal data contained therein, will be stored and processed by us for the purpose of handling your request. 

Contacting us does not result in the data being passed to third parties. The data is used exclusively for the purpose of processing the conversation. 

7.2 Legal basis for data processing 

The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR). 

7.3 Duration of storage 

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data entered via the contact form and that sent by email, this is the case once the relevant conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively resolved.  

8 e-commerce (online shop) 

8.1 Description and purpose of data processing 

Online shop / Processing of data (customer and contract data) 

If you wish to place an order via our online shop, it is necessary for the conclusion of the contract that you provide personal data which we require to process your order. Mandatory fields required for the processing of contracts are marked separately; further details are optional. We process the data you provide to process your order. To this end, your payment details will be passed on to our bank.

To complete your order, you must create a customer account in the online shop. In addition to processing your data to fulfil your order, we may also process the data you provide to inform you about other interesting products in our range or to send you emails containing technical information. 

The following data is collected when you register a customer account in the online shop: 

  • Title 
  • Title (optional)
  • First name 
  • Surname
  • Customer number (optional) 
  • Company 
  • Department details (optional)
  • VAT number (optional) 
  • Email address 
  • Password 
  • Address
  • Firma
  • Country 
  • Telephone number 

8.1.1 Data transfer upon conclusion of a contract for online shops, retailers and goods dispatch

When you order products from us, we pass on your personal data to the transport company responsible for delivery. Only data that the relevant service provider requires to fulfil its task is disclosed.

8.1.2 Credit checks

Our products can only be ordered on account. As part of this order, where we provide the goods in advance, we may carry out a credit assessment procedure (scoring). To this end, we will pass on the data you have entered (e.g. name, address) to a credit reference agency. The likelihood of non-payment is determined on the basis of this data. If the risk of non-payment is deemed excessive, we may refuse to deliver the goods.

8.2 Legal basis for data processing

Data processing in the online shop is carried out for the purpose of fulfilling a contract with you on the basis of Article 6(1)(b) of the GDPR. Provided you have given your consent in accordance with Article 6(1)(a) of the GDPR, we will pass on your email address to the transport company responsible for delivery so that they can inform you by email about the dispatch status of your order; you may withdraw your consent at any time.

8.3 Duration of storage 

You can delete your customer account at any time in the customer area. Your user account will be automatically deleted after five years of inactivity.

We are obliged under commercial and tax law to store your address, payment and order data for a period of ten years. Your data is used to comply with legal obligations.

9 Handling of applicant data

9.1 Description and purpose of data processing

We offer you the opportunity to apply for a position with us (e.g. by email). Below, we provide information on the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other legal provisions, and that your data will be treated as strictly confidential.

When you send us an application, we process your associated personal data (e.g. contact and communication details, application documents, notes taken during interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship. Your personal data will be shared within itp exclusively with those persons involved in processing your application.

9.2 Legal basis for data processing

The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Article 6(1)(b) of the GDPR (general pre-contractual processing) and – provided you have given your consent – Article 6(1)(a) of the GDPR. Consent may be withdrawn at any time.

If your application is successful, the data you have submitted will be stored in our data processing systems on the basis of Section 26 of the BDSG and Article 6(1)(b) of the GDPR for the purpose of carrying out the employment relationship.

9.3 Duration of storage

If we are unable to offer you a position, you decline a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Article 6(1)(f) of the GDPR) for up to 6 months from the conclusion of the application process (rejection or withdrawal of the application).

Unless it is apparent that due to an actual or potential legal dispute for which the data will be required, the data will be deleted and the physical application documents destroyed at the six-month point. If the data has been retained due to an actual or potential legal dispute, deletion will take place once the purpose for continued retention no longer applies.

Your data may also be retained for a longer period if you have given your consent (Article 6(1)(a) of the GDPR) or if statutory retention obligations prevent its deletion.

If we do not offer you a position, there may be the option of adding you to our candidate pool. If you are added to the pool, all documents and details from your application will be transferred to the applicant pool so that we can contact you should suitable vacancies arise. Inclusion in the applicant pool is based solely on your explicit consent (Art. 6(1)(a) GDPR). Consent is voluntary and is unrelated to the current application process. The data subject may withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.

10 Facebook and Instagram

10.1 Description and purpose of data processing

When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller responsible for all of this processing of personal data is Meta Platforms Ireland Limited (Ireland/EU – “Meta”). Further information on the processing of personal data by Meta is available at https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

Meta provides us with statistics and insights in an anonymised form for our Facebook and Instagram pages, which help us gain an understanding of the types of actions people take on our page (so-called “Page Insights”). These Page Insights are generated on the basis of certain information about people who have visited our page. This processing of personal data is carried out by Meta and us as joint controllers.

We are unable to link the information obtained via Page Insights to individual Facebook profiles that interact with our Facebook page. We have entered into a joint controller agreement with Meta, which sets out the allocation of data protection obligations between us and Meta. Details regarding the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data.

10.2 Legal basis for data processing

The legal basis for our processing of data in this regard is our legitimate interest in providing users with effective information and communicating with them, in accordance with Article 6(1)(f) of the GDPR.

Please note that, in accordance with Meta’s privacy policy, user data may also be processed in the USA or other third countries. Meta transfers user data only to countries for which an adequacy decision has been issued by the European Commission pursuant to Article 45 of the GDPR or on the basis of appropriate safeguards pursuant to Article 46 of the GDPR.

10.3 Right to object and right to erasure

Meta offers the option to object to certain data processing activities; relevant information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.

With regard to this data processing, you also have the option of exercising your data subject rights (see “Your rights”) against Meta. Further information on this can be found in Meta’s privacy policy at https://www.facebook.com/privacy/explanation.

11 LinkedIn

11.1 Description and purpose of data processing

LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is solely responsible for the processing of personal data when you visit our LinkedIn page. Further information on the processing of personal data by LinkedIn is available at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit our LinkedIn company page, follow the page or engage with it, LinkedIn processes personal data to provide us with statistics and insights in an anonymised form. This gives us an understanding of the types of actions people take on our page (known as Page Insights). To this end, LinkedIn processes, in particular, data that you have already provided to LinkedIn via the information in your profile, such as data on job title, country, industry, length of service, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any of your personal data via Page Insights. We only have access to the aggregated Page Insights. Furthermore, it is not possible for us to draw conclusions about individual members based on the information in the Page Insights. This processing of personal data within the scope of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these insights.

We have entered into a joint controller agreement with LinkedIn, which sets out the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum.

LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn using the contact details provided in the privacy policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us using the contact details provided to exercise your rights in relation to the processing of personal data within the context of Page Insights. In such cases, we will forward your enquiry to LinkedIn.

LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority responsible for overseeing the processing of Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.

11.2 Legal basis for data processing

The legal basis for such data processing by us is our legitimate interest in effectively informing users and communicating with them in accordance with Article 6(1)(f) of the GDPR.

Please note that, in accordance with LinkedIn’s privacy policy, personal data may also be processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision has been issued by the European Commission pursuant to Article 45 of the GDPR or on the basis of appropriate safeguards pursuant to Article 46 of the GDPR.

12 XING

12.1 Description and purpose of data processing

We use the social media platform provided by XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany. We process your data in connection with our XING account for the purposes of communication and, where applicable, to carry out pre-contractual or contractual measures.

We process personal data when you contact us via our XING account, e.g. by sending a direct message. If you contact us via our accounts, we will process the content of your message as well as any other personal data transmitted in the process. Please note that, in addition to the data and content you actively provide, we may also have access to further information regarding your user profile, your posts and, for example, ‘Likes’. Access to this information depends on the privacy settings you have configured in your user account.

We use the data strictly for the specific purpose of communicating with you or processing your enquiry.

We and Xing share joint responsibility for the data agreement. Xing collects data from logged-in users and other visitors using cookies, pixels, local storage and other tracking technologies. In addition, user behaviour is tracked via emails sent out, by monitoring which emails are opened and when, and which links within the emails are clicked. We do not use any analytics tools on the platform that provide us with statistical analyses of user interaction. Xing does not currently provide an agreement on joint responsibility within the meaning of Article 26(1)(2) of the GDPR, which specifies which controller fulfils which data protection obligations under the GDPR.

Details of which data is processed by XING and for what purposes can be found in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

Information on the available personalisation and privacy settings can be found here: https://privacy.xing.com/de/ihre-privatsphaere.

You also have the option of requesting information via the XING contact form: https://www.xing.com/support/contact/security/data_protection

12.2 Legal basis for data processing

The legal basis for processing is Article 6(1)(f) of the GDPR. Our legitimate interest, which prevails following a balancing of interests, lies in communicating with you and responding to your enquiries and other matters. Insofar as we are able to do so and provided that we have also processed the data outside of Xing (e.g. by sending you an email), the data you have actively provided will be deleted by us once the purpose for processing no longer applies, i.e. specifically once a contact with you has been definitively terminated. This does not apply to data stored by Xing’s system as part of our communication; we have no influence over the deletion of this data. Mandatory statutory retention periods remain unaffected.

Personal data and other information are transferred by Xing to countries within the EU. According to Xing, data transfers to third countries take place exclusively in compliance with the legally prescribed conditions for permissibility. (https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person/drittlaender).

13 Privacy Notice for our customers, prospective customers and suppliers

13.1 Description and scope of data processing

We process personal data that we receive from you in connection with a prospective or existing business relationship. We receive this data directly from you, for example, when you make an enquiry about our products, when placing an order, during contact at a trade fair, or through an order placed by us for the supply of products and services. The data is stored internally in our customer and supplier management system.

Specifically, we process the following data:

  • Name of the contact person
  • Contact details
  • Address of the relevant company
  • Data relating to the execution of an order
  • Correspondence (e.g. written communication with you)

Within our company, only those employees who require your data to fulfil our contractual and legal obligations have access to it. Service providers and vicarious agents contracted by us may receive data for these purposes, provided that the persons involved are bound by confidentiality and written data protection instructions are observed. These are essentially companies from the categories listed below:

Support/maintenance of IT applications, archiving, document and data carrier destruction, purchasing/procurement, debt collection, tax advisors for the preparation of monthly and annual financial statements, postal and transport services, payment transactions, the assertion of legal claims and defence in legal disputes.

Data may be transferred to entities in countries outside the European Economic Area (EU/EEA) (so-called third countries) if this is necessary to fulfil a contractual obligation towards the prospective customer, customer or supplier, or if it is in our legitimate interest, or if you have given us your consent. In this context, the processing of data in a third country may also take place in connection with the engagement of service providers within the framework of data processing on behalf of the controller. Insofar as no decision by the European Commission regarding an adequate level of data protection in the country in question is in place, we ensure, in accordance with EU data protection regulations, through appropriate contracts and suitable technical and organisational measures, that your rights and freedoms are adequately protected and guaranteed.

13.2 Legal basis for data processing

To fulfil contractual obligations in accordance with Article 6(1)(b) of the GDPR. Example: the initiation, conclusion, performance and termination of a contract with you for the supply of our products and services or for the procurement of products and services.

Within the framework of the balancing of interests pursuant to Article 6(1)(f) of the GDPR: where necessary, we process your data beyond the actual performance of the contract to safeguard the legitimate interests of ourselves or third parties. Examples: Support enquiries, advertising/market and opinion research, provided you have not objected to the use of your data, credit checks, the assertion of legal claims and defence in legal disputes.

On the basis of your consent pursuant to Article 6(1)(a) of the GDPR, provided you have given us consent to process personal data for specific purposes.

On the basis of legal requirements pursuant to Article 6(1)(c) of the GDPR, i.e. various legal obligations, e.g. Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (Abgabenordnung) and the German Standards for the Digitalisation of Accounting (GoBD) regarding the retention of tax-relevant data and other relevant laws.

13.3 Purpose of data processing

The collection of your personal data serves the purpose of initiating, concluding, performing and terminating a contract with you; to supply our products and services, including the handling of complaints; to procure products and services; for advertising, market research and opinion polling, provided you have not objected to the use of your data; for credit checks; and to assert legal claims and defend against legal disputes.

13.4 Duration of storage

Your personal data will be stored for as long as is necessary to fulfil our contractual and legal obligations. Once the data is no longer required to fulfil contractual or legal obligations, it will be deleted.

13.5 Right to object and right to erasure

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) of the GDPR (data processing based on a balancing of interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

We may also process your data for direct marketing purposes in the course of delivering our products and services, in accordance with legal provisions. You have the right to object at any time to the processing of your personal data for the purposes of such marketing. This also applies to profiling, insofar as it is related to such direct marketing. If you object to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes. The objection may be made in any form.

14 Data subject rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us, the controller:

14.1 Right of access

The right, pursuant to Article 15 of the GDPR, to request information about your personal data processed by us. In particular, you may request information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data where it was not collected by us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details.

14.2 Right to rectification

The right to request that we rectify any inaccurate personal data concerning you without delay and, where necessary, to have incomplete personal data completed (Article 16 of the GDPR).

14.3 Right to restriction of processing

The right to request, in accordance with Article 18 of the GDPR, the restriction of the processing of your personal data where you contest the accuracy of the data, the processing is unlawful but you oppose its erasure and we no longer require the data, but you need it for the establishment, exercise or defence of legal claims, or you have objected to the processing in accordance with Article 21 of the GDPR.

14.4 Right to erasure

The right to request that we erase personal data concerning you without undue delay, provided that one of the grounds listed in Article 17 of the GDPR applies, e.g. if the data is no longer required for the purposes for which it was collected (right to erasure).

14.5 Right to be informed

If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller of these recipients.

14.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller to whom the personal data has been provided, without hindrance from us.

14.7 Right to object

The right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defence of legal claims (Art. 21 GDPR).

If your personal data is processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes.

14.8 Right to withdraw consent

You have the right to withdraw your consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to withdrawal.

14.9 Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

Our competent supervisory authority is: Independent Data Protection Centre Saarland, Fritz-Dobisch-Str. 12, 66111 Saarbrücken

Date: 29 January 2026