III. GENERAL DATA PRIVACY INFORMATION
1. Information regarding the Data Protection Officer
The Schiedel GmbH Data Protection Officer is: Sebastian Kraska, +49 (0) 89 18917360, BMIGroup@iitr.de
2. Legal basis for processing
Art. 6 para. 1 lit. a and Art. 7 GDPR serves Schiedel GmbH as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. The legal basis for the processing of data to fulfil the legal obligations of Schiedel GmbH is Art. 6 Para. 1 lit. c GDPR. The legal basis for processing to safeguard the legitimate interests of Schiedel GmbH is Art. 6 para. 1 lit. f GDPR.
3. Automated decision making
Schiedel GmbH foregoes automatic decision making and profiling.
4. Right to lodge a complaint with the supervisory authority
5. Rights of the data subject vis-à-vis Schiedel GmbH
If the Schiedel GmbH processes “personal data” from you as a “controller” within the meaning of the GDPR, you – as a so-called “data subject” within the meaning of the GDPR – have certain rights against the Schiedel GmbH which you will be informed of below.
If you would like to exercise one of these rights as a data subject, please contact our data protection officer or the following address: BMIgroup@iitr.de
A consent given by you can be revoked in principle using the same technical method as the consent.
As the person concerned, you have the following rights vis-à-vis Schiedel GmbH:
5.1 Right to confirmation
According to Art. 15 GDPR, every data subject has the right to ask the controller to confirm whether they are processing personal data.
5.2 Right to information
According to Art. 15 GDPR, every person affected by the processing of personal data has the right to information about this personal data and the following information:
- the processing purposes;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right to correction or deletion of the personal data relating to them or to restriction of processing by the person responsible or a right to object to this processing;
- the right to lodge a complaint with a supervisory authority;
- if the personal data is not collected from the data subject: all available information about the origin of the data;
- the existence of automated decision-making, including profiling, in accordance with Article 22 Paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
The data subject also has the right to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transfer.
The controller provides a copy of the personal data that are the subject of the processing.
5.3 Right to rectification
According to Art. 16 GDPR, every data subject has the right to request that the controller immediately correct any incorrect personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
5.4 Right to erasure (right to be forgotten)
According to Art. 17 GDPR, every person affected by the processing of personal data has the right to require the person responsible to delete their personal data immediately, unless there is an exception according to Art. 17 Para. 3 GDPR and one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- The data subject withdraws their consent on which the processing was based in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 Letter a GDPR, and there is no other legal basis for the processing.
- The data subject objects to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Article 21 (2) GDPR.
- The personal data was processed illegally.
- The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject.
- The personal data were collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
If the personal data were made public by Schiedel GmbH, as the person responsible, is obliged to delete the personal data in accordance with Art. 17 Para. 1 GDPR, then Schiedel GmbH applies Taking into account the available technology and implementation costs, appropriate measures, including technical ones, to inform other data controllers who process the published personal data that the data subject has deleted all links from these other data controllers has requested this personal data or copies or replications of this personal data.
5.5 Right to restriction of processing
According to Art. 18 GDPR, every person affected by the processing of personal data has the right to request the controller to restrict processing if one of the following conditions is met:
- The data subject disputes the accuracy of the personal data for a period of time that enables the person responsible to check the accuracy of the personal data.
- The processing is unlawful, the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted.
- The controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.
- The data subject has objected to processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the data subject.
5.6 Right to data portability
According to Art. 20 GDPR, every person affected by the processing of personal data has the right to receive the personal data concerning them, which was provided to a responsible person by the data subject, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that
- the processing on the consent according to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or based on a contract in accordance with Art. 6 Para. 1 Letter b GDPR and
- processing is carried out using automated processes.
Furthermore, when exercising their right to data portability in accordance with Art. 20 Para. 1 GDPR, the data subject has the right to have the personal data transferred directly from one controller to another, insofar as this is technically feasible and if not the rights and freedoms of others are compromised.
However, this right to data portability does not apply to processing that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.
5.7 Right to object
According to Art. 21 GDPR, every person affected by the processing of personal data has the right, for reasons that arise from their particular situation, at any time against the processing of personal data concerning them, which is based on Art. 6 Para. 1 lit. e or lit. f GDPR, to file an objection. This also applies to profile based on these provisions.
Schiedel GmbH will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defence of legal claims.
If Schiedel GmbH processes personal data in order to carry out direct advertising, the data subject has the right to object to the processing of personal data for the purpose of such advertising at any time in accordance with Article 21 (2) GDPR. This also applies to profile insofar as it is connected to such direct advertising. If the data subject objects to Schiedel GmbH processing for direct marketing purposes, Schiedel GmbH will no longer process the personal data for these purposes.
In addition, the data subject has the right under Article 21 (3) GDPR to object to the processing of personal data relating to him or her, which is carried out at Schiedel GmbH for scientific or historical research purposes, for reasons that arise from their particular situation for statistical purposes in accordance with Art. 89 Para. 1 GDPR, to object unless such processing is necessary to fulfil a task in the public interest.
5.8 Right to withdraw consent
Any person affected by the processing of personal data has the right to revoke their consent to the processing of personal data at any time. However, the withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.