HM business travel GmbH
Friedrichstr. 51
42105 Wuppertal (Germany)

Managing director: Marc Hasenack
Head office: Wuppertal

Wuppertal district court

Commercial Register 31282
Taxpayer ID no. DE 814047927

Phone: +49(0)202-384848-0
Facsimile: +49(0)202-384848-22
Email info@hm-businesstravel.com

Privacy policy

Thank you for your interest in our website. The protection of your personal data is important to us. We observe the legal regulations on data protection and data security.

In particular, we are subject to the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act in the version applicable since 25 May 2018 (BDSG) and the German Telemedia Act (TMG). Accordingly, we are in particular entitled to collect and use personal data insofar as this is necessary to enable you to use our website at www.hm-businesstravel.com including all services and functions contained therein.

Below you will find information on which personal data we collect when you use our website and the services and functions it contains, and how we use this data and for what purposes.

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law is:

HM business travel GmbH
Bahnstrasse 16
40212 Düsseldorf
Tel.: +49-211-59890470
E-Mail: info@hm-businesstravel.com
Website: www.hm-businesstravel.com

II. Name and address of the Data Protection Officer

The data protection officer of the controller is:

Johannes Schwiegk
180° Datenschutz GmbH
Hansaallee 321
D-40549 Düsseldorf, Germany
Phone: +49-211-17607255
E-Mail: datenschutz@180-datenschutz.de
Website: https://www.180-datenschutz.de/

III. General information on data processing

1. Scope of processing of personal data
We process the personal data of our users only to the extent necessary to provide a functioning website as well as our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 para. 1 sentence 1 lit. a) GDPR serves as the legal basis.
Art. 6 para. 1 sentence 1 lit. b) GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1, sentence 1, lit. c) GDPR serves as the legal basis.
Art. 6 para. 1 sentence 1 lit. d) GDPR serves as a legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f) GDPR serves as the legal basis for the processing.

3. Data erasure and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in European Union regulations, laws or other provisions to which the controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:

– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Contents of the request (concrete page)
– Access status/HTTP status code
– Amount of data transferred in each case
– Web page from which the request comes
– Browser
– Operating system and its interface
– Language and version of the browser software

We cannot assign this data to specific persons. We do not merge this data with other data sources.
The legal basis for the temporary storage of data is Art. 6 para. 1 sentence 1 lit. f) GDPR.

2. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The storage also takes place in order to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our legitimate interest in data processing pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.

3. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data to provide the website, this is the case when the session in question has ended. In addition, the data will be deleted at the latest after seven days. Storage going beyond this is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

4. Possibility of opposition and removal
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

V. Use of cookies

a) Description and scope of data processing
In addition to the aforementioned data, cookies are stored on your computer when you use this website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to us. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective. This website uses the following types of cookies, the scope and function of which are explained below:
Transient Cookies
Persistent Cookies

Transient cookies are automatically deleted when you close your browser. These include in particular session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser. You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that in this case you may not be able to use all the functions of this website. When you visit our website, an information banner informs you about the use of cookies for analysis purposes and refers you to this data protection declaration. In this context, there is also an indication of how the storage of cookies in the browser settings can be prevented.

b) Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 sentence 1 lit. f) GDPR.

c) Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change. The user data collected by technically necessary cookies are not used to create user profiles. The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies tell us how the website is used and enable us to continually optimise our services. Our legitimate interest in the processing of personal data pursuant to Art. 6 Para. 1 sentence 1 lit. f) GDPR also lies in these purposes.

d) Duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

VI. Newsletter

1. Description and scope of data processing
You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input mask will be transmitted to us.
We verify your consent to receive our newsletter by e-mail by using the so-called double opt-in procedure. This means that we first ask you to actively confirm your agreement to receive the newsletter by sending an e-mail to the e-mail address you provided during the subscription process before we start sending it to you. We use the confirmation information to document and, if necessary, prove your consent.
No data will be passed on to third parties in connection with data processing for the dispatch of newsletters. The data will be used exclusively for the dispatch of the newsletter.

2. Legal basis for data processing
Legal basis for the processing of data after registration for the newsletter is your consent according to Art. 6 para. 1 sentence 1 lit. a) GDPR.

3. Purpose of the data processing
The collection of the user’s e-mail address serves to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user’s e-mail address will therefore be stored as long as the newsletter subscription is active.

5. Possibility of objection and removal
The subscription of the newsletter can be cancelled by the affected user at any time. For this purpose there is a corresponding link in every newsletter.
The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent. If you revoke your consent, we will delete this data and no longer send you any newsletters.

VII. Contact form, reservation inquiry form and e-mail contact

1. Description and scope of data processing
Contact forms and reservation enquiry forms are available on our website, which can be used for electronic contact. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored.
Your explanation of the processing of the data with reference to this data protection declaration will be documented during the sending process.
Alternatively, you can contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.
The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation.

2. Legal basis for data processing
Legal basis for the processing of the data is your consent according to art. 6 para. 1 lit. a) GDPR.
If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.

3. Purpose of data processing
The processing of the personal data from the input mask serves us exclusively for the processing of the establishment of contact and/or reservation inquiry. If you contact us by e-mail, this is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the forms and to ensure the security of our information technology systems.

4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the forms and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.

5. Possibility of objection and removal
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.

VIII. Applications

1. Description and scope of data processing
Your applicant data will be reviewed by the personnel department after receipt of your application. Suitable applications are then forwarded internally to the department managers responsible for the vacant position. Then the further procedure will be coordinated. In the company only those persons have access to your data who need it for the proper course of our application procedure. The data is processed exclusively in computer centres in the Federal Republic of Germany.

2. Legal basis for data processing
Legal basis for the processing of your personal data in this application procedure is primarily § 26 BDSG in the version valid since 05/25/2018. Accordingly, the processing of the data required in connection with the decision on the establishment of an employment relationship is permissible.
Should the data be necessary for legal prosecution after completion of the application procedure, it may be processed on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GPDR. Our interest then lies in the assertion or defence of claims.

3. Purpose of data processing
We process the data you have sent us in connection with your application in order to assess your suitability for the position (or any other open position in our company) and to complete the application process.

4. Duration of storage
Candidate data will be deleted after 6 months in the event of rejection.
In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There the data will be deleted after two years.
If you have been awarded a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system.

IX. Web analysis by Google Analytics

1. Scope of processing of personal data
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Analytics places cookies on the user’s computer (for cookies, see above) and enables us to analyze your use of our website. The information generated by the cookies about your use of our website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States. By activating IP anonymisation (on our website, Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymised collection of IP addresses, the IP address of Google users is, however, shortened beforehand within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. The full IP address is only transferred to a Google server in the USA in exceptional cases and shortened there. For the cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
This information is used by Google on our behalf to evaluate your use of our website, to compile reports on website activity and to provide other services relating to the use of our website and the internet. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. The IP address determined by Google Analytics is not merged with other data from Google.

2. Legal basis for the processing of personal data
The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f) GPDR.

3. Purpose of data processing
The processing of users’ personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. Our legitimate interest in the processing of data in accordance with Art. 6 para. 1 sentence 1 lit. f) GPDR also lies in these purposes. By anonymizing the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.

4. Duration of storage
The data is deleted as soon as it is no longer needed for our recording purposes.

5. Possibility of opposition and removal
You can prevent cookies from being stored on your computer by setting the browser software accordingly. In this case you may not be able to use all functions of our website to their full extent. In order to prevent Google from collecting the data generated by the cookies and related to your use of our website (including your IP address) and Google from processing this data, a browser plug-in is available for download and subsequent installation at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can also prevent Google Analytics from collecting cookies by clicking on the following link (the link must be clicked again after each deletion of your cookies). This link sets an opt-out cookie that prevents your data from being collected when you visit these websites in the future:

Disable Google Analytics

X. Using Facebook plug-ins (like button)

1. Scope of processing of personal data
On our pages there are plug-ins of the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA and Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland integrated. You can recognize the Facebook plug-ins by the Facebook logo or the “Like” button on our page. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/
When you visit our pages, the plug-in establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate visiting our pages with your user account.
In addition, we maintain an online presence on Facebook known as a fan page in order to communicate with the customers, prospects and users active there and inform them about our services.
When using the fan page or the plug-ins, your data may be processed outside the European Union. This can result in risks for you, because it can, for example, make it more difficult to enforce your rights. For the cases in which personal data is transferred to the USA, Facebook has subjected itself to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

2. Legal basis for the processing of personal data
The legal basis for the use of Facebook plug-ins is Art. 6 para. 1 sentence 1 lit. f) GDPR.
If Facebook asks you to consent to the data processing described above, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a) GDPR.
In addition, on the basis of an agreement on the joint processing of personal data pursuant to Art. 26 GDPR in conjunction with the declaration deposited under this link https://www.facebook.com/legal/terms/page_controller_addendum.

3. Purpose of the data processing
Facebook plug-ins make it easier to share content on social platforms.
When users post content on Facebook, we reach more potential customers. In addition, we are able to carry out a so-called reach analysis if necessary.
In addition, Facebook generally processes user data for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the user’s interests. For these purposes, cookies are usually stored on the user’s computer in which the user’s usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users.

4. Duration of storage
We would like to point out that as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook’s data protection declaration at https://de-de.facebook.com/policy.php. and especially for fan page pages: https://www.facebook.com/legal/terms/information_about_page_insights_data

5. Possibility of opposition and removal
If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account.
An opt-out option is available at: https://www.facebook.com/settings?tab=ads

XI. Using Google Maps

1. Scope of processing of personal data
On this page map material of the service “Google Maps” is integrated. Provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. The data processed includes in particular your IP address and your location data, which however are not collected without your consent (e.g. through the corresponding settings of your browser). The data can be processed in the USA.

2. Legal basis for the processing of personal data
The legal basis for the use of Google Maps is Art. 6 para. 1 sentence 1 lit. f) GDPR.

3. Purpose of data processing
By using Google Maps, we are able to visually display geographic information and provide you with an easy way to find a route from any location to our business location. Furthermore, by using Google Maps, we are also able to display routes and distances from airports and the respective trade fair locations to the hotels presented by us on our website.

4. Duration of storage
We would like to point out that we have no concrete knowledge of the data transmitted and its use by Google. Further information about Google Maps can be found at https://maps.google.com/help/terms_maps.html. The valid data protection regulations of Google can be called up under https://www.google.com/policies/privacy/.

5. Possibility of objection and removal
The processing of the data by Google can be changed and excluded at https://adssettings.google.com/authenticated.

XII. Using Google reCAPTCHA

1. Scope of processing of personal data
To protect input forms on our site, we use the service “reCAPTCHA”. Provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. To the best of our knowledge, the referrer URL, IP address, website visitor behavior, operating system, browser and length of visit information, cookies, display instructions and scripts, user input behavior, and mouse movements in the “reCAPTCHA” checkbox area are transmitted to Google. The data can be processed in the USA.
Google uses the information obtained in this way, among other things, to digitize books and other printed products and to optimize services such as Google Street View and Google Maps (e.g. house number and street name recognition).

2. Legal basis for the processing of personal data
The legal basis for the use of Google reCAPTCHA is Art. 6 para. 1 Sentence 1 lit. f) GDPR.

3. Purpose of data processing
We use the service to protect input forms on our site. Through the use of this service it can be distinguished whether the corresponding input is of human origin or whether it is misused by automated mechanical processing.

4. Duration of storage
We would like to point out that we have no concrete knowledge of the data transmitted and its use by Google beyond the data mentioned above. The valid data protection regulations of Google can be called up under https://www.google.com/policies/privacy/.

5. Possibility of objection and removal
The IP address provided as part of “reCAPTCHA” will not be merged with any other data held by Google unless you are logged into your Google account at the time you use the “reCAPTCHA” plug-in. If you wish to prevent “Google” from transmitting and storing data about you and your behaviour on our website, you must log out of “Google” before visiting our site or using the reCAPTCHA plug-in. The processing of the data by Google can be changed and excluded at https://adssettings.google.com/authenticated

XIII. Using Google Web Fonts

1. Scope of processing of personal data
Our site uses so-called web fonts of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland for the uniform representation of fonts. When you access a page, your browser loads the web fonts you need into its browser cache to display text and fonts correctly.
To do this, the browser you’re using must connect to Google’s servers. This will enable Google to know that your IP address has been used to access our website.

2. Legal basis for the processing of personal data
The legal basis for the use of Google Web Fonts is Art. 6 para. 1 Sentence 1 lit. f) GDPR.

3. Purpose of data processing
We use the service for the uniform presentation of fonts and in the interest of a uniform and appealing presentation of our online presence.

4. Duration of storage
We would like to point out that we have no concrete knowledge of the data transmitted and its use by Google beyond the data mentioned above. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq. The valid data protection regulations of Google can be found at https://www.google.com/policies/privacy/.

5. Possibility of objection and removal
You can set your browser so that the fonts are not loaded by the Google servers (e.g. by installing browser add-ons like NoScript or Ghostery for Firefox). If your browser does not support Google Web Fonts or if you block access to the Google servers, the text will be displayed in the system’s default font. The processing of the data by Google can be changed and excluded at https://adssettings.google.com/authenticated.

XIV. Use of the live chat function of tawk.to

1. Scope of processing of personal data
Our site uses an opportunity that allows our customers and interested parties to contact us directly and live if they have any questions or problems. We use software from Tawk.to Inc., 187 East Warm Springs Rd. Suite B298 Las Vegas, Nevada 89119, USA.
As soon as you call the live chat function, a connection to the servers of Tawk.to will be established. Tawk.to stores your IP address and sets a cookie on your computer (for cookies see above).
In addition, the following data is collected, processed and stored:
• Contents of the chat
• Date and time of the call
• Browser type and browser version
• URL of the website you previously visited
• The amount of data sent
The data collected will not be used to identify you personally and will be pseudonymised.
For the cases in which personal data is transferred to the USA, Tawk.to has subjected itself to the EU-US Privacy Shield , https://www.privacyshield.gov/participant?id=a2zt00000008SblAAE&status=Active.
For more information about the information Tawk.to collects, how Tawk.to uses that information, and to whom the service may transfer the information, please visit https://www.tawk.to/data-protection/

2. Legal basis for the processing of personal data
The legal basis for the use of Tawk.to is Art. 6 para. 1 sentence 1 lit. f) GDPR.

3. Purpose of data processing
We use Tawk.to to increase the satisfaction of our customers and visitors to our website. By offering live chat, we are able to help customers and potential customers in real time and reduce the hurdles of contacting them.
Furthermore, the software helps us to further develop our online presence and its appealing presentation.

4. Duration of storage
We would like to point out that we do not have any concrete knowledge of the transmitted data or its use by Tawk.to beyond the data mentioned above. However, Tawk.to guarantees not to extract any information, to encrypt all data and to use the data only for the provision, support and improvement of the service quality as well as in legally prescribed cases. Tawk.to’s current Privacy Policy can be found at https://www.tawk.to/privacy-policy/

5. Possibility of objection and removal
As a user, you have the option of not using the live chat function at any time.
In addition, you can prevent the storage of cookies by setting your browser accordingly; in this case, the live chat function and other functions of our website may no longer be fully available to you.
Furthermore, we have the option of deleting contacts in the software. The software also guarantees automated deletion of user accounts.

XV. Using Instagram

1. Scope of processing of personal data
On our pages functions of the service Instagram are integrated. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the data transmitted or of its use by Instagram.

2. Legal basis for the processing of personal data
The legal basis for the use of Instagram is Art. 6 sentence 1 lit. f) GDPR.

3. Purpose of data processing
Using Instagram makes it easier to share content.
When users post content to Instagram, we reach more potential customers. In addition, the use of Instagram helps us to further promote and disseminate our company and the services we offer.

4. Duration of storage
We would like to point out that, as the provider of these pages, we do not have any knowledge of the content of the transmitted data or of its use by Instagram.
Please refer to Instagram’s privacy policy for more information:
instagram.com/about/legal/privacy/

5. Possibility of opposition and removal
If you do not want Instagram to be able to assign the visit to our pages to your Instagram user account, please log out of your Instagram user account.

XVI. Using Xing

1. Scope of processing of personal data
Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time you access one of our pages that contains Xing functions, a connection is established to Xing servers. To the best of our knowledge, personal data is not stored. In particular, no IP addresses are stored or the usage behaviour evaluated. Further information on data protection and the Xing Share button can be found in Xing’s data protection declaration at www.xing.com/app/share.

2. Legal basis for the processing of personal data
The legal basis for the use of Xing is Art. 6 para. 1 sentence 1 lit. f) GDPR.

3. Purpose of data processing
Using Xing makes it easier to share content.
The use of Xing serves to recruit new employees and to make our company and the offered services more known and disseminated.

4. Duration of storage
To the best of our knowledge, no personal data is stored when you connect to Xing’s servers. In particular, no IP addresses are stored or the usage behaviour evaluated.

5. Objection and removal possibility
An objection or removal possibility is not necessary, since no storage of personal data takes place.

XVII. Using Twitter

1. Scope of processing of personal data
On our pages, functions of the Twitter service are integrated. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland is responsible for the data processing of persons living outside the United States.
Twitter Inc. is committed to the principles of the EU-US Privacy Shield. You can find out more at: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
We have no influence on the type and extent of the data processed by Twitter, the type of processing and use or the disclosure of this data to third parties. Nor do we have any effective means of control in this respect. When you use Twitter, your personal data is collected, transmitted, stored, disclosed and used by Twitter Inc. and transmitted, stored and used in the United States, Ireland and any other country in which Twitter Inc. does business, regardless of where you reside. Twitter will process your voluntarily entered data such as name and user name, e-mail address, telephone number or the contacts in your address book when you upload or synchronize it.
Second, Twitter also evaluates the content you share based on what topics you are interested in, stores and processes confidential messages you send directly to other users, and may determine your location based on GPS data, wireless network information, or your IP address to send you advertisements or other content.

2. Legal basis for the processing of personal data
The legal basis for the use of Twitter is Art. 6 para. 1 sentence 1 lit. f) GDPR.

3. Purpose of data processing
We use Twitter mainly for our own tweets and retweets. In selected cases we will also communicate via direct messages and reply to retweets and comments as far as the exchange of information on our services or products is concerned. We will not take note of any submissions, complaints, etc. via Twitter and will not answer them.

4. Duration of storage
We would like to point out that, as the provider of these pages, we do not have any knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in Twitter’s privacy policy at twitter.com/privacy.

5. Possibility of objection and removal
You can change your privacy settings on Twitter in the account settings at twitter.com/account/settings. In addition, you can restrict Twitter access to contact and calendar data, photos, location data, etc. on mobile devices (smartphones, tablet computers). However, this depends on the operating system you are using.
More information on these issues is available on the following Twitter support pages:
https://support.twitter.com/articles/105576#
https://help.twitter.com/en/twitter-for-websites-ads-info-and-privacy
You can find out more about the possibility of viewing your own data on Twitter here: https://support.twitter.com/articles/20172711#
Information about the conclusions drawn from Twitter can be found here:
https://twitter.com/your_twitter_data
Information on the existing personalisation and data protection settings can be found here (with further references):

You also have the option of requesting information via the Twitter privacy form or the archive requirements:
https://support.twitter.com/forms/privacy
https://support.twitter.com/articles/20170320#

XVIII. Rights of the data subject

If your personal data are processed, you are the data subject within the meaning of the GDPR and you are entitled to the following rights towards the controller:

1. Right of access
You shall have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

(1) the purposes of the processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to rectification
You shall have the right to obtain from the controller without undue delay the rectification of your inaccurate personal data. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to restriction of processing
You shall have the right to obtain from the controller restriction of processing where one of the following applies:
(1) if the accuracy of your personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you opposes the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
(4) you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of yours.
Where processing has been restricted, such personal data with the exception of storage may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
If the processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure (“right to be forgotten”)

a) Duty to erasure
You shall have the right to obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase your data without undue delay where one of the following grounds applies:
(1) Your Personal data shall no longer be necessary in relation to the purposes for which they were collected or otherwise processed;
(2) You withdraw your consent on which the processing is based according to Art. 6 para. 1 sentence 1 lit. a) or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing;
(3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR;
(4) Your personal data have been unlawfully processed;
(5) Your personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject;
(6) Your personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.
b) Information to third parties
Where the controller has made your personal data public and is obliged to erase them, the controller, taking account of available technology and the costs of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing your personal data that you has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by European Union or of Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in according with Art. 9 para. 2 lit. h) and i) as well as Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, in so far as the right referred to in a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.

5. Right to information
The controller shall communicate any rectification or erasure of your personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request it.

6. Right to data portability
You have the right to receive your personal data that you have provided to a controller in a structured, commonly and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR; and
(2) the processing is carried out by automated means.
In exercising your right, you also have the right to request that your personal data transmitted directly from one controller to another, where technically feasible.
The right to data portability shall not apply to the processing to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The right shall not adversely affect the rights and freedoms of others.

7. Right to object
a) You shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based in Article 6 para. 1, sentence 1, point e) or f), including profiling based on those provisions. The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
b) If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing; which includes profiling to the extent that it is related to such direct marketing.
c) If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
d) In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent at any time
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning on you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and the controller,
(2) is authorised by European Union or of Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests; or
(3) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR unless Art. 9 para. 2 lit. a) or g) GDPR applies and suitable measures to safeguard your rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take implement suitable measures to safeguard your rights and freedoms as well as your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

XIX. Changes to this Privacy Policy

The further development of the Internet and our Internet offering may also affect the handling of personal data. We therefore reserve the right to amend this data protection declaration in future within the framework of the applicable data protection laws and, if necessary, to adapt it to changed data processing. The current version of the data protection declaration is always available under the heading “Data protection”.

Copyrights – Images:

© Copyright 2018 – Photo courtesy of Das mechanische Auge. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Webdesign by Werbeagentur Onelio