Privacy Policy 

of Your Family Entertainment AG, Türkenstraße 87, 80799 Munich, Germany

Version as of May 24, 2018

Your Family Entertainment AG (hereinafter: “YFE” or “we”) takes the protection of your personal data seriously. With this privacy policy, we would like to inform you in detail about which data we collect, process and use from you when you contact us, in the context of (pre-) contractual negotiations, as a user of our websites, our applications or through other interactions with us, and for what purpose.

Your personal data will be processed in accordance with the provisions of the European General Data Protection (hereinafter: GDPR), the German Federal Data Protection Act (hereinafter: FDPA), and the German Telemedia Act (hereinafter: GTA).

This privacy policy applies to all interactions you have with YFE, unless individually regulated otherwise.

If you contact YFE as a representative of a company, please provide this information to the current and future authorized representatives and beneficial owners in your company, as well as any co-obligated persons. This includes, for example, the board of directors, management, authorized signatories or project managers.

1. Who is responsible for your data?

Responsible for the lawful collection, processing and use of your data pursuant to Art. 30, par. 1 GDPR is

Your Family Entertainment AG
Managing board: Dr. Stefan Piech
Registration court AG Munich, Registration number: HRB 164992
Türkenstraße 87
80799 Munich
Telephone: 0049 (0) 89-997271-0
Telefax: : 0049 (0) 89 997271-91
Email: info@yfe.tv

(responsible body)

Contact details of our data protection officer according to Art. 30, par. 1a GDPR:

PROLIANCE GmbH / www.datenschutzexperte.de
Data protection officer
Leopoldstr. 21
80802 München
Email:
datenschutzbeauftragter@datenschutzexperte.de

2. Which data do you need to provide and which data sources do we use and process?

To use the website www.yfe.tv (hereinafter: the website), it is generally not necessary to provide any personal data.

2.1. Cookies and general data

Our website uses cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.

You can prevent the setting of cookies by our websites at any time by adjusting the appropriate setting of the Internet browser used and thus permanently object to the setting of cookies.

Through our use of cookies, we can provide you with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized in the interest of the user. Cookies enable us to recognize you as a user of our website. The purpose of this recognition is, for example, that you do not have to re-enter your access data each time you visit the website, because this is done by the website and the cookie stored on the user’s computer system.

When you visit our website, the following cookies are used:

1. so-called temporary cookies, which serve to optimize our website. These cookies do not contain any personal data and expire after the end of the session;

2. so-called long-term cookies, which remain on your computer and recognize it during your next visit. This allows us to provide you with better access to our site. These cookies also contain no personal information.

Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all standard Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

Our website collects a series of general data and information each time you access the website. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using this general data and information, we do not draw any conclusions about you. Rather, this information is required in order to (1) correctly deliver the content of our website, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This anonymously collected data and information is, on the one hand, evaluated statistically and, on the other hand, with the aim of increasing the data protection and data security of our enterprise so as to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

2.2. Personal Data

In individual cases, the use of certain services or products provided by us requires the provision of personal data, which is then individually requested.

You can refuse this at any time.

However, if you decide not to provide data that is required to be collected by law or required for the provision of the services or products, or for the purpose of entering into a business relationship and performing the related contractual obligations, we will generally not be able to provide the services or products or will have to refuse to conclude or fulfill new contracts or will no longer be able to fulfill an existing contract and may have to terminate it.

If you wish to enter into or continue a business relationship with us, you must provide the personal data that is necessary for us to enter into or continue a business relationship with us and for us to fulfill it. This applies in particular, if you wish to use certain services or products of YFE or wish to receive information from us, for the use or decryption of which an individualized access code must be transmitted to you by us.

This collected data regularly includes the following information:

Your first and last name, your e-mail address, your postal address (professional as well), your telephone numbers (professional and mobile as well).

In individual cases, the collection of further data may be required. There will be a corresponding note in each individual case.

E-mail addresses and other personal data which you send to us in the context of inquiries are used exclusively for processing these inquiries and for the purpose for which they are sent to us.

In addition to this data provided by you, we process data that we have received from third parties (e.g. Creditreform) in a permissible manner (e.g. for the fulfillment of contracts or on the basis of your consent).

In order to offer some of our services, we provide links to third-party providers via our website and enable them to place content on our pages. The placement of external links does not mean that YFE adopts the content behind the link as its own. These third-party providers may also place cookies on your computer and collect information about your online activities on websites or online services when you use such links.

These currently include the following companies, among others:

Facebook
YouTube
EQS Group AG, Munich, Germany (EquityStory.com)

You can find more information about each company’s practices, including the options they offer, on their respective websites. Our privacy policy does not extend to the websites of third-party providers. Furthermore, we have no influence on the further processing of your data by these third-party providers.

3. For what purpose and on what legal basis do we process your data?

The aforementioned personal data is collected by us in accordance with the provisions of the GDPR, the FDPA, and the TKG.

3.1. Processing for the fulfillment of contractual obligations (Art. 6, par. 1b GDPR)

Personal data is processed for the purpose of establishing pre-contractual business relations initiated by you or for the performance of existing contracts between you and us.

The purpose of the data processing is primarily based on your product interests and may include, among other things, needs analyses, consulting, execution of service, work supply or purchase contracts. In this context, your previous purchasing behavior is also recorded in order to optimize offers based on this.

3.2. Processing in the context of weighing interests (Art. 6, par. 1f GDPR)

If necessary, we process your data beyond the actual fulfillment of your request or the contract to protect legitimate interests of us or third parties.

– Testing and optimizing procedures for needs analysis and direct customer approach; including customer segmentations and calculation of closing probabilities.

– Advertising or market and opinion research, insofar as you have not objected to the use of your data

– Assertion of legal claims and defense in legal dispute

– Ensuring our IT security and IT operations

– Prevention and investigation of criminal offences

– Video surveillance in our business premises to safeguard our house rights, to collect evidence in the event of industrial espionage or to prove that we are fulfilling our contracts properly and professionally

– Measures for building- and plant safety (e.g. access control)

– Measures to ensure the right of access to the premises

– Measures for business management and further development of our products and services.

3.3. Data processing based on your consent (Art. 6, par. 1a GDPR)

Insofar as you have given us consent to process personal data for specific purposes (e.g. establishment or continuation of a business relationship, inclusion in newsletters, invitations to in-house trade fairs, etc.), the lawfulness of this processing is based on your consent.

With your consent, you authorize us to use your data in accordance with this privacy policy for the duration of the business relationship or the legally binding storage and documentation obligations. Any consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the EU General Data Protection Regulation came into force, i.e. before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. You can request a status overview of the consents you have granted from us at any time.

3.4. Data processing due to legal requirements (Art. 6 par. 1c GDPR) or in the public interest (Art. 6 par. 1e GDPR)

As a globally operating company, YFE has various legal obligations, i.e. legal requirements (e.g. of a customs or export nature). The purposes of the processing therefore include, among others, credit checks, identity checks, fraud and money laundering prevention, the fulfillment of control and reporting obligations under tax law, as well as the assessment and management of risks in the company and in association also in relation to export controls.

4. Who gets access to your data through us?

We provide access to your data to those parties who need it to fulfill our (pre-) contractual and legal obligations. Service providers and vicarious agents employed by us in accordance with Art. 28 GDPR (order processors) may receive data from us for this purpose if the vicarious agents comply with our written instructions under data protection law or comparable obligations under data protection law and provide proof that the data is processed in accordance with the GDPR, the FDPA or in accordance with the comparable legal level of data protection in Europe.

If there is a legal or official obligation, the transfer of aforementioned information to public authorities and institutions will continue to take place.

Further data recipients may also be those bodies for which you have given us your consent for the transfer of data or for which you have released us from a duty of confidentiality or consent.

If further transfers to third countries should be required in exceptional cases, these will only take place in accordance with the permissibility regulations pursuant to par. 4b and 4c FDPA.

4.1. Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons.
Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.
We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.
The terms of use of Google Analytics and information on data protection can be accessed via the following links:
http://www.google.com/analytics/terms/
https://policies.google.com/privacy

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

4.2. Google Tag Manager

This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user’s IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it will remain for all tracking tags as long as they are implemented with the Google Tag Manager.

We use the Google Tag Manager on the basis of our legitimate interest under Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here is to enable the technical integration of other website tools.

As the IP address is transferred to Google in the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. In order to guarantee this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.

4.3. Google Fonts

We use “Google Fonts” on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: “Google”). Google Fonts allows us to use external fonts. For this purpose, the required Google Fonts are loaded from our web server into your browser cache when you access our website. This is necessary so that your browser can also display our texts in a visually improved way. If your browser does not support this function, a standard font will be used by your computer for display.

The fonts are hosted by us and are therefore not loaded from an external provider. This requires the processing of your IP address.

We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make it more user-friendly. The legal basis for data processing is our legitimate interest in this regard in accordance with Article 6 (1) (f) GDPR.

4.4. Mailchimp

If you would like to receive the newsletter offered on our website with regular information about our offers and products, we need your email address as mandatory information.

Additional data is provided in order to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

For the dispatch of the newsletter we use the so-called double opt-in. This means that we will only send you our newsletter via email, if you have expressly confirmed that you agree to receive newsletters. In the first step, you will receive an email with a link to confirm that you, as the owner of the corresponding email address, wish to receive newsletters in the future. With the confirmation you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.

When you register for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address by which you registered for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later point in time.

You can unsubscribe from the newsletter at any time by clicking on the link included in each newsletter or by sending an email to the controller as described above. Once you have cancelled your subscription, your email address will be deleted from our newsletter list immediately, unless you have expressly consented to the continued use of the data collected.

Our email newsletters are sent via the technical service provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (“Mailchimp”), to whom we pass on the data you provide when you register for the newsletter.

Mailchimp uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For the evaluation the sent emails contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on, if applicable. Conversion tracking can also be used to analyse whether a predefined action (e.g. purchase of a product on our website) was carried out after clicking on the link in the newsletter. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). The data is collected pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. These data are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you wish to object to the data analysis for statistical evaluation purposes, you must cancel the newsletter subscription.
Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

5. Privacy Policy Social Media

In the following, you will find information on how we handle your data, which are processed through your use of our social media presence on social networks and platforms. The processing of your data is in accordance with the legal regulations.

5.1. Providers

5.1.1. Facebook fan page
5.1.1.1. Controller

In case you provide us with data, which is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the controller for data processing, in accordance with the GDPR, in addition to or instead of us. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR on joint controllership for data processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. See the following link to consult this agreement: https://www.facebook.com/legal/terms/page_controller_addendum.

Since a transfer of personal data by Facebook Ltd. to the U.S. is made to Facebook Inc. among others, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To ensure this, the provider uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe.

If you, as a visitor to the site, wish to exercise your rights (access, rectification, erasure, restriction, data portability, complaint with a supervisory authority, objection or withdrawal), you can contact both, Facebook and us.

You can edit your advertising preferences in your account settings. Click on the following link and log in to your account to change your settings: https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com

For further details, please see Facebook’s privacy policy: https://www.facebook.com/about/privacy/

5.1.1.2. Facebook’s Data Protection Officer

You can use Facebook’s online form to contact Facebook’s data protection officer. To access it, please use of the following link: https://www.facebook.com/help/contact/540977946302970.

5.1.1.3. Data processing for statistical purposes using Page Insights

Facebook provides Page Insights Data for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This aggregated data gives us an insight into how people interact with our page. Page Insights data may be based on personal data gathered from visits and interactions on, or with our page, and from connections with provided content. Please consider which personal data you share with us via Facebook. Your data may be processed for market research and promotional purposes, even if you are not logged into Facebook or do not have a Facebook account. User profiles can be created on the basis of user behaviour and the resulting interests of users. User profiles may be used for targeted advertisements within or outside the platform. Data recording is done using cookies, which are stored on your terminal device. In addition, user profiles may contain data, that is gathered from memberships on other platforms. Legal basis of the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimised presentation of our proposition, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the data gathering and further processing by Facebook. As a result, we cannot provide any access about where, for how long and to which extent Facebook retains the data. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing erasure deadlines, what evaluations and translations are made and to whom the data is transferred by Facebook. If you want to prevent your personal data being processed by Facebook, please contact us by other means.

5.1.2. Other social media providers
5.1.2.1. Controller

If your personal data is processed by one of the providers listed below, this provider is responsible for data processing within the meaning of the GDPR. For the assertion of your rights, please contact the respective provider. Only they have access to the data collected from you. However, if you need any assistance, please contact us any time.
We are present on social media platforms of the following providers:
– LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
– TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland.

5.1.2.2. Data Protection Officer

Information on how to contact the Data Protection Officer of the respective social media providers can be found here:
– LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
– Tiktok Technology Limited: https://www.tiktok.com/legal/report/privacy

5.2. General information on social media platforms

5.2.1. Controller

The controller for data processing within the meaning of the GDPR is the company named at the beginning of this Privacy Policy, insofar as data transmitted by you via one of the social media platforms is processed by us.

5.2.2. Our Data Protection Officer

If you have any concerns regarding data processing that is carried out by us as the responsible party, you can reach our Data Protection Officer at the contact details given at the beginning of this Privacy Policy.

5.3. General data processing on social media platforms

5.3.1. Data processing for market research and advertising

Organisations generally process data for market research and promotional purposes. Therefore, website providers use cookies, which load on to your browser and detect your return to the same URL. The recorded data is used to create user profiles. User profiles may be used for targeted advertisements within or outside the platform. In addition, user profiles may contain data, that is gathered from memberships on other platforms.

5.3.2. Data processing through making contact

We collect data when you contact us, for example via contact form or messenger services such as Facebook Messenger. The data collected depends on the details you provide and the contact details you specify. It will be stored for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances we will pass on the data to third parties without your consent. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request aimed at the conclusion of a contract. Unless there are compelling reasons, your data will be erased after final processing. We assume the processing is finalized, when the regarding circumstances are clarified.

5.3.3. Data processing for the purpose of performing a contract or entering into an contract

If your request via social media or other platforms is aimed at the conclusion of a contract, regarding the delivery of goods or the provision of services, we process your data in order to perform the contract and the requested services, or pre-contractual measures. In this case, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. Your data will be erased if they are no longer necessary for the fulfilment of the contract or if it is certain, that pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of establishing the contact. Please take into account, that it may be necessary to store personal data of our contractual partners in order to comply with contractual or legal obligations even after the conclusion of contract.

5.3.4. Data processing on the legal basis of consent

If the respective platform providers request you to give consent to the processing for a particular purpose, the legal basis for the processing is Art. 6 para. 1 lit. a, Art. 7 GDPR. You have the right to withdraw such consent with effect for the future at any time.

5.4. Data transfer and recipient

When visiting and using the above-mentioned platforms, personal data may be transferred to the U.S. or other third countries outside the EU, therefore further appropriate safeguards are required to ensure the level of data protection under the GDPR. Further information on whether and what suitable guarantees the providers can provide in this regard can be found in the list below.
We have no influence on the processing and handling of your personal data by the respective providers as well as we have no information on this matter. Please consider the privacy policy of the providers for further information:

LinkedIn
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
According to its privacy policy, LinkedIn uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the US or other third countries outside the EU: https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de

TikTok
Privacy Policy: https://www.tiktok.com/legal/privacy-policy?lang=de
Opt-Out: https://www.tiktok.com/legal/privacy-policy?lang=de#ad-third-parties
According to the Privacy Policy, Tiktok uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: See No. 5 of the Privacy Policy https://www.tiktok.com/legal/privacy-policy?lang=de

6. How long do we store your data?

As a rule, starting with the establishment of contact by you as defined above, we store your personal data as far as necessary for the duration of the business relationship, where there are regular deliveries or consultations by us, until the conclusion of this.

Furthermore, we are subject to various legal storage and documentation obligations. These result, for example, from professional regulations, insurance regulations, the German Commercial Code, the German Civil Code, the Money Laundering Act as well as other relevant regulations which we will be happy to explain in more detail on a case-by-case basis.

Corresponding legal storage and documentation obligations regularly amount to between 2 and 10 years.

Beyond this, we only retain personal data if this is necessary in connection with claims asserted against us (statutory limitation period according to par. 195 BGB up to 30 years).

In principle, your personal data will be deleted or made anonymous as soon as it is no longer required for the aforementioned purposes and we are not obliged to continue storing it on the basis of statutory obligations to provide proof and to retain data. Deletion will also take place if you assert your right to deletion in accordance with Section 6 below.

7. What right to information and deletion do you have?

With regard to the processing of personal data, you may request information about your personal data pursuant to Art. 15 GDPR, request the correction of your personal data pursuant to Art. 16 GDPR, request the deletion of your personal data pursuant to Art. 17 GDPR, request the restriction of the processing of your personal data pursuant to Art. 18 GDPR and request the transfer of certain personal data to you or a third party designated by you (right to data portability) pursuant to Art. 20 GDPR. With regard to the right to information and deletion, the restrictions according to par. 34 and 35 FDPA apply.

You may assert these rights at any time and free of charge against the controller or our data protection officer. Any data subject may also contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

At the same time, pursuant to Art. 77 GDPR in conjunction with par. 19 FDPA, you have the right to lodge a complaint with the data protection supervisory authority either of the (federal) state in which you have your residence or habitual residence or of the federal state of Bavaria in which we have our registered office:

Bavarian State Commissioner for Data Protection
Wagmüllerstr. 18
80538 Munich
Tel.: 0049 (0) 89-212672-0
Email: poststelle@datenschutz-bayern.de

and the

Bavarian State Office for Data Protection Supervision
Promenadenstr. 27
91522 Ansbach
Tel.: 0049 (0) 98153-1300
Email: poststelle@ida.bayern.de

8. No automated decision-making

For the establishment or implementation of business relationships, we generally do not use automated decision-making in accordance with Art. 22 GDPR. In the irregular case of a deviation from this procedure, you will be informed separately by us, insofar as this is required by law.

9. Right of objection according to Art. 21 GDPR

On the basis of reasons arising from your particular situation, you have the right to object at any time to the processing of personal data relating to you which is collected pursuant to Art. 6, par. 1g GDPR and Art. 6, par. 1s GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

In individual cases, we process your personal data to conduct direct advertising (for example: newsletter or invitation to trade fairs). You have the right to object at any time to the processing of personal data concerning you for the purpose of such direct marketing.

The objection can be asserted at any time free of charge to the company data protection officer or the responsible office.

10. Changes to the privacy policy

We reserve the right to change this privacy policy at any time in compliance with the applicable data protection regulations. We will inform you about significant changes to the data protection declaration by means of a clearly visible announcement on our website.