Data protection declaration 

of Your Family Entertainment AG, Türkenstraße 87, 80799 Munich

Version from May 13, 2024 

Your Family Entertainment AG (hereinafter: “YFE” or “we”) takes the protection of your personal data seriously. With this privacy policy, we would like to inform you in detail about which data we collect, process and use from you when you contact us, in the context of (pre-) contractual negotiations, as a user of our websites, our applications or through other interactions with us, and for what purpose.

The processing of your personal data is carried out in accordance with the provisions of the European General Data Protection Regulation (hereinafter: GDPR) and the German Federal Data Protection Act (hereinafter: BDSG), as well as the Telecommunications Act (hereinafter: TKG).

This privacy policy applies, unless otherwise regulated individually, to all interactions between you and us.

If you contact YFE as a representative of a company, please also pass this information on to the current and future authorized representatives and beneficial owners in your company, as well as any Co-obligors. These include, for example, the board of directors, management, authorized representatives or project managers.

1. Who is responsible for your data?

The person responsible for the lawful collection, processing and use of your data in accordance with Art. 30, Paragraph 1 GDPR is

Your Family Entertainment AG
Board of directors: Dr. Stefan Piech
Register court AG Munich, registration number: HRB 164992
Türkenstraße 87
80799 Munich
Telefon: 089-997271-0
Telefax: : 089 997271-91
E-Mail: info@yfe.tv

(responsible body)

Contact details of our data protection officer in accordance with Art. 30, Paragraph 1 a) GDPR:

DataGAP GmbH
Bessemerstr. 82
10th floor south
12103 Berlin
E-mail: team@datagap.de
Website: www.datagap.de

2. What data do you have to provide and which data sources do we use and process?

In principle, no personal data is required to use the website www.yfe.tv (the website).

2.1. Cookies and general data

Our websites use cookies. Cookies are text files that are stored on a computer system via an Internet browser.

You can prevent cookies from being set by our websites at any time by making the appropriate settings in the Internet browser you are using, thereby permanently denying the setting of cookies.

By using cookies, we can provide you with more user-friendly services that would not be possible without the cookie setting.

By using a cookie, the information and offers on our website can be optimized for the user. Cookies enable us to recognize you as a user of our website. The purpose of this recognition is, for example, that you do not have to enter your access data again every time you visit the website, because this is done by the website and the cookie stored on the user’s computer system.

When you visit our website, the following cookies are used:

1. so-called temporary cookies, which are used to optimize our website. These cookies do not contain any personal data and expire at the end of the session;

2. so-called long-term cookies, which remain on your computer and recognize it the next time you visit. This enables us to give you better access to our site. These cookies also do not contain any personal data.

In addition, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common Internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

Our website records a series of general data and information each time you visit the website. This general data and information is stored in the server’s log files. The following may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using this general data and information, we do not draw any conclusions about you. Rather, this information is required to (1) correctly deliver the content of our website, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is evaluated statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The website is hosted on servers by a service provider commissioned by us.

Our service provider is:

IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.

Further information on the processing of personal data by 1&1 can be found at: https://www.ionos.com/terms-gtc/privacy-policy/

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

  • Information about the browser type and version used
  • The user’s operating system
  • Date and time of access
  • Websites from which the user’s system accesses our website

This data is not merged with other data sources. This data is collected on the basis of Art. 6 Para. 1 lit. f GDPR. Our legitimate interest in processing this data is to display our website error-free and to optimize its functions.

The location of the website server is geographically in Germany.

2.2. Personal data

The use of certain services or products provided by us requires the provision of the personal data requested there in individual cases.

You can refuse this at any time.

However, if you decide not to provide any data which are necessary for the provision of the services or products or for the establishment and implementation of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect, we will generally not be able to provide the services or products or have to refuse to conclude or execute new contracts or can no longer execute an existing contract and may have to terminate it.

If you wish to establish or continue a business relationship with us, you must provide the personal data necessary for establishing or continuing a business relationship with us and their fulfillment by us. This also applies, in particular, if you wish to use certain YFE services or products or if you wish to receive information from us for which we must send you an individualised access code in order to use or decrypt it.

< /div>

This collected data regularly includes the following information:

Your first and last name, your email address, Email address, your postal address (including work address), your telephone numbers (including work and mobile).

In individual cases, the collection of further data may be necessary.A corresponding notice will be given in each individual case.

E-mail addresses and other personal data that are provided as part of inquiries and that you send to us will be used exclusively for processing these requests and for the purpose for which they are sent to us.

In addition to the data you provide, we process Data that we have lawfully received from third parties (e.g. Creditreform) (e.g. to fulfil contracts or on the basis of your consent).

To offer some of our We offer links to third-party services via our website and enable them to place content on our pages. The setting of external links does not mean that YFE adopts the content behind the link as its own. These third parties may also place cookies on your computer and collect information about your online activities on websites or online services if you use the relevant links.

These currently include the following companies, among others:

Facebook
YouTube
EQS Group AG

You can find more information about the practices of each individual company, including the options offered, on the company’s respective website. Our privacy policy does not extend to the websites of third-party providers. Furthermore, we have no influence on the further processing of your data by these third parties.

3. For what purpose and on what legal basis do we process your data?

The aforementioned personal data is collected by us in accordance with the provisions of the GDPR, the BDSG and the TKG.

3.1. Processing to fulfill contractual obligations (Art. 6, Paragraph 1 b) GDPR)

Personal data is processed for the purpose of establishing pre-contractual business relationships initiated by you or for the implementation of existing contracts between you and us.

The purpose of data processing is primarily based on your product interest and can include, among other things, needs analysis, advice, implementation of service, work delivery or purchase contracts. Your previous purchasing behavior is also recorded in order to create optimized offers based on this.

3.2. Processing in the context of the balancing of interests (Art. 6, para. 1 f) GDPR)

If necessary, we will process your data beyond the actual fulfillment of your request or the contract in order to protect the legitimate interests of us or third parties.

—  Testing and optimizing procedures for needs analysis and direct customer contact; including customer segmentation and calculation of closing probabilities

—  Advertising or market and opinion research, provided you have not objected to the use of your data

—  Asserting legal claims and defending yourself in legal disputes

—  Ensuring our IT security and IT operations

—  Preventing and investigating criminal offenses

—  Video surveillance in our business premises to protect house rules, to collect evidence in the event of industrial espionage or to prove that we have fulfilled our contracts properly and professionally

—  Measures to ensure building and facility security (e.g. access controls)

—  Measures to ensure house rules

—  Measures to manage the business and further develop our products and services.

3.3. Data processing based on your consent (Art. 6, Paragraph 1 a) GDPR)

If you have given us your consent to process personal data for certain purposes (e.g. starting or continuing a business relationship, inclusion in newsletters, invitations to in-house exhibitions, etc.), the legality of this processing is based on your consent.

With your consent, you authorize us to use your data in accordance with this data protection declaration for the duration of the business relationship or the legally binding retention and documentation obligations. Any consent given can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the EU General Data Protection Regulation came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. You can request a status overview of the consents you have given from us at any time.

3.4. Data processing based on legal requirements (Art. 6, Para. 1 c) GDPR) or in the public interest (Art. 6, Para. 1 e) GDPR)

As a globally operating company, YFE has various legal obligations, i.e. legal requirements (e.g. of a customs or export law nature). The purposes of processing therefore include, among other things, creditworthiness checks, identity checks, fraud and money laundering prevention, the fulfillment of tax control and reporting obligations and the assessment and management of risks in the company and in the group, including in relation to export controls.

4. Who gets access to your data through us?

We give access to your data to those departments that need it to fulfill our (pre-)contractual and legal obligations. Service providers and vicarious agents employed by us in accordance with Art. 28 GDPR (contract processors) can receive data from us for this purpose if the vicarious agents comply with our written data protection instructions or comparable data protection obligations and provide evidence that the data is processed in accordance with the GDPR, the BDSG or in accordance with the comparable legal data protection level in Europe.

If there is a legal or official obligation, the aforementioned information will continue to be passed on to public bodies and institutions.

Other data recipients can also be those bodies for which you have given us your consent to transmit data or for which you have released us from a duty of confidentiality or by consent.

If further transmission to third countries Should processing be necessary in exceptional cases, this will only take place in accordance with the admissibility provisions pursuant to Sections 4b and 4c of the Federal Data Protection Act.

4.1. Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies”.

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to compile reports on website activity. Google will also use this information to provide the website operator with other services relating to website and internet usage. The IP address sent by your browser as part of Google Analytics will not be combined with other Google data. Processing is carried out in accordance with Art. 6 (1)(a) GDPR on the basis of your consent.

We only use Google Analytics with IP anonymization activated. This means that your IP address will only be processed in a shortened form by Google.
We have concluded a data processing agreement with the service provider in which we oblige them to protect our customers’ data and not to pass it on to third parties.

Since personal data is transferred to the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Paragraph 2 Letter c of GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
The terms of use of Google Analytics and information on data protection can be accessed via the following links:
http://www.google.com/analytics/terms/de.html
https://www.google.de/intl/de/policies/
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Data at user and event level that is linked to cookies, user IDs (e.g. user ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) is deleted no later than 14 months after it is collected.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website without restrictions. You can also prevent Google from collecting the data generated by the cookie, analyzing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=de.

4.2. Google Tag Manager

This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. This means: no cookies are used and only the user’s IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, it remains in place for all tracking tags, provided they are implemented with the Google Tag Manager.

We use the Google Tag Manager on the basis of our legitimate interest under Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest is to enable the technical integration of other website tools.

Since the IP address is transferred to Google in the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Paragraph 2 Letter c of GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the US.

4.3. Google Fonts

We use “Google Fonts” on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: “Google”). Google Fonts enables us to use external fonts. When you access our website, the required Google Fonts are loaded from our web server into your browser cache. This is necessary so that your browser can also display a visually improved representation of our texts. If your browser does not support this function, a standard font from your computer will be used for display.

The fonts are hosted by us and therefore not loaded from an external provider. This requires the processing of your IP address.

We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly. The legal basis for data processing is our legitimate interest in this regard in accordance with Art. 6 Para. 1 lit. f GDPR.

4.4. Mailchimp

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your email address as a mandatory field.

Additional data may be provided in order to be able to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you our newsletter by email if you have expressly confirmed to us that you consent to the sending of newsletters. In the first step, you will receive an email with a link that you can use to confirm that you, as the owner of the corresponding email address, wish to receive newsletters in the future. By confirming, you give us your consent in accordance with Art. 6 Para. 1 lit. a GDPR that we may use your personal data for the purpose of sending the desired newsletter.
When you register for the newsletter, we save the IP address you used to register for the newsletter, as well as the date and time of registration and confirmation, in addition to the email address required for sending it, in order to be able to trace any possible misuse at a later date.
You can unsubscribe from the newsletter at any time using the link included in each newsletter or by sending an email to the person responsible named above. After unsubscribing, your email address will be immediately deleted from our newsletter mailing list unless you have expressly consented to continued use of the data collected or continued processing is otherwise legally permissible.

Our email newsletters are sent via a technical service provider to whom we pass on the data you provided when registering for the newsletter.
The service provider uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively in pseudonymized form and is not linked to your other personal data; direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.

If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

Service provider: Mailchimp

Address: Rocket Science Group, LLC., 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA
Data protection declaration: https://mailchimp.com/legal/privacy/

Since personal data is transferred to the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Paragraph 2 Letter c of GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA.

5. Appearances in social media

Below you will find information on how we handle your data that is collected through your use of our social media appearances on social networks and platforms. Your data is processed in accordance with the statutory regulations.

5.1. Provider

5.1.1. Facebook fan page
5.1.1.1. Responsible body

In the event that the data you send us is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is responsible for data processing within the meaning of the GDPR in addition to us or on our behalf. For this purpose, we have concluded an agreement with Facebook in accordance with Art. 26 GDPR on joint responsibility for the processing of data (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

Since a transfer of personal data by Facebook Ltd. to the USA, including to Facebook Inc., additional protective mechanisms are required to ensure the data protection level of the GDPR. For this purpose, the provider uses standard data protection clauses in accordance with Art. 46 Paragraph 2 Letter c of GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.

If you, as a visitor to the site, would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both Facebook and us.
You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in:
https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com

For further details, please see Facebook’s privacy policy: https://www.facebook.com/about/privacy/

5.1.1.2. Facebook data protection officer

To contact Facebook’s data protection officer, you can use the online contact form provided by Facebook at the following link https://www.facebook.com/help/contact/540977946302970.

5.1.1.3. Data processing for statistical purposes using page insights

Facebook provides so-called page insights for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This is aggregated data that provides information about how people interact with our page. Page insights may be based on personal data collected in connection with a visit or interaction by people on or with our page and in connection with content provided. Please be aware of which personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes, even if you are not logged in to Facebook or do not have a Facebook account. For example, user profiles can be created from the usage behavior and resulting interests of users. The user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies that are stored on your device. Furthermore, data that is independent of the devices used by the users can also be stored in the user profiles; in particular if the users are members of the respective platforms and are logged in to them. The legal basis for the processing is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the optimized presentation of our offer, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the data collection and further processing by Facebook. As a result, we cannot provide any information about the extent, location and duration of the data stored by Facebook. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing deletion obligations, what evaluations and links are made with the data by Facebook and to whom the data is passed on by Facebook. If you want to avoid the processing of your personal data by Facebook, please contact us by other means.

5.1.2. Other social media providers
5.1.2.1. Responsible body

If your personal data is processed by a provider listed below, this provider is responsible for data processing within the meaning of the GDPR. To assert your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. If you still need help, please feel free to contact us at any time.

We have an online presence on the social media platforms of the following providers:
— LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
— TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

5.1.2.2. Data protection officer

Information on how to contact the data protection officer of the other social media providers can be found here:

— LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
— Tiktok Technology Limited: https://www.tiktok.com/legal/report/privacy

5.2. General information on social media platforms

5.2.1. Responsible body

The body responsible for data processing within the meaning of the GDPR is the body named at the beginning of this data protection declaration, insofar as data transmitted by you via one of the social media platforms is processed by us ourselves.

5.2.2. Our data protection officer

If you have any concerns about data processing carried out by us as the responsible party, you can contact our data protection officer using the contact details provided at the beginning of this data protection declaration.

5.3. General data processing on social media platforms

5.3.1. Data processing for market research and advertising

As a rule, personal data is processed on the company website for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. The data collected can be used to create usage profiles. These are used to place advertisements within and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles regardless of the devices you use. This is usually the case if you are a member of the respective platform and are logged in to it.

5.3.2. Data processing when contacting us

We ourselves collect personal data when you contact us, for example via a contact form or through a messenger service such as Facebook Messenger. Which data is collected depends on the information you provide and the contact details you have provided or released. These are stored by us for the purpose of processing the request and in the event of follow-up questions. We will never pass the data on to third parties without your consent. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 (1) (f) GDPR and, if applicable, Art. 6 (1) (b) GDPR if your request is aimed at concluding a contract. Your data will be deleted after your request has been finally processed, provided that there are no statutory retention periods to the contrary. We assume that processing has been finalized if the circumstances indicate that the matter in question has been conclusively clarified.

5.3.3. Data processing for contract processing

If your contact via a social network or other platform is aimed at concluding a contract for the delivery of goods or the provision of services with us, we will process your data to fulfill the contract or to carry out pre-contractual measures or to provide the desired services. The legal basis for processing your data in this case is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted if it is no longer required to carry out the contract or if it is established that the pre-contractual measures do not lead to a contract being concluded in accordance with the purpose of establishing contact. Please note that even after the contract has been concluded, it may be necessary to store personal data of our contractual partners in order to comply with contractual or legal obligations.

5.3.4. Data processing based on consent

If the respective platform providers ask you for consent to processing for a specific purpose, the legal basis for processing is Art. 6 Para. 1 lit. a., Art. 7 GDPR. Consent given can be revoked at any time with effect for the future.

5.4. Data transfer and recipients

When visiting and using the platforms listed above, personal data may be transferred to the USA or other third countries outside the EU, which is why additional protective mechanisms are required in these cases to ensure the level of data protection required by the GDPR. You can find more information on whether and what suitable guarantees the providers can provide for this in the list below.
We have no influence on the processing of your personal data by the provider and how it is handled. We also have no information on this. For more information, please check the privacy policy of the respective provider and, if necessary, use the opt-out / personalization options with regard to data processing by the provider:
LinkedIn
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
According to the privacy policy, LinkedIn uses standard data protection clauses to ensure an appropriate level of data protection in accordance with the requirements of the GDPR for data transfer to the USA or other third countries outside the EU: https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de

TikTok
Data protection declaration: https://www.tiktok.com/legal/privacy-policy?lang=de
Opt-Out: https://www.tiktok.com/legal/privacy-policy?lang=de#ad-third-parties
According to the privacy policy, Tiktok uses standard data protection clauses to ensure an appropriate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: See No. 5 of the privacy policy https://www.tiktok.com/legal/privacy-policy?lang=de

6. How long do we store your data?

Regularly starting with the contact by you, as defined above, we store your personal data, if necessary, for the duration of the business relationship, where this involves regular deliveries or advice from you by us until the conclusion of the relationship.

We are also subject to various statutory retention and documentation obligations. These arise, for example, from professional regulations, insurance regulations, the Commercial Code, the Civil Code, the Money Laundering Act and other relevant provisions which we are happy to explain in more detail on a case-by-case basis.

Corresponding statutory retention and documentation obligations are usually between 2 and 10 years.

In addition, we only retain personal data if this is necessary in connection with claims asserted against us (statutory limitation period according to §§ 195 BGB up to 30 years).

In principle, your personal data will be deleted or anonymized as soon as it is no longer required for the purposes mentioned above and we are not obliged to store it further on the basis of statutory proof and retention obligations. Deletion will also occur if you assert your right to deletion in accordance with section 6 below.

7. What right to information and deletion do you have?

With regard to the processing of personal data, you can request information about your personal data in accordance with Art. 15 GDPR, request the correction of your personal data in accordance with Art. 16 GDPR, request the deletion of your personal data in accordance with Art. 17 GDPR, request the restriction of the processing of your personal data in accordance with Art. 18 GDPR and request the transfer of certain personal data to you or a third party designated by you (right to data portability) in accordance with Art. 20 GDPR. With regard to the right to information and deletion, the restrictions according to §§ 34 and 35 BDSG apply.

You can assert these rights at any time free of charge against the responsible body or against our data protection officer.

Any person affected can continue to contact our data protection officer directly at any time with all questions and suggestions regarding data protection.

At the same time, according to Art. 77 GDPR in conjunction with Section 19 BDSG, you have the right to lodge a complaint with the data protection supervisory authority either in the (federal) state in which you have your place of residence or habitual abode or in the state of Bavaria in which we have our company headquarters, the

Bavarian State Commissioner for Data Protection. Data protection
Wagmüllerstr. 18
80538 Munich
Tel. 089-212672-0
E-Mail: poststelle@datenschutz-bayern.de

and the

Bavarian State Office for Data Protection Supervision
Promenadenstr. 27
91522 Ansbach
Tel. 098153-1300
E-Mail: poststelle@ida.bayern.de

8. No automated decision-making

We generally do not use automated decision-making in accordance with Art. 22 GDPR to establish or conduct business relationships. In the event of a deviation from this procedure, we will inform you separately, insofar as this is required by law.

9. Right of objection in accordance with Art. 21 GDPR

Based on reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you that is collected on the basis of Art. 6 Paragraph 1G GDPR and Art. 6 Paragraph 1S S GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

In individual cases, we process your personal data to conduct direct advertising (for example: newsletters or invitations to trade fairs). You have the right to object at any time to the processing of personal data concerning you for the purpose of such direct marketing.

The objection can be made at any time free of charge to the company data protection officer or the responsible body.

10. Changes to the data protection declaration

We reserve the right to change this data protection declaration at any time in compliance with the applicable data protection regulations. We will inform you about significant changes to the data protection declaration by means of a clearly visible announcement on our website.