THOMAS  SYS  TECH  GmbH

An der Heier 15-17
D-37318 Wahlhausen
Germany

Tel: +49 (0) 3 60 87 / 97 11 – 0
Fax: +49 (0) 3 60 87 / 97 11 – 50
info@thomas.biz

 

Project inquiry

Privacy Policy

THOMAS SYS TECH GmbH takes the protection of personal data very seriously and therefore adheres to data protection regulations. Personal data is collected on this website only to the extent necessary. Under no circumstances will the collected data be passed on to third parties without your knowledge or a valid lawful reason. The following declaration provides you with an overview of what data THOMAS SYS TECH GmbH collects during your visit to its website and for what purpose. It also explains how the data is used and what associated protective measures are taken on a technical and organizational level.

 

1.    Controller/Service Provider

The controller as defined by the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDGG-new), and the legal data protection regulations of the state of Thuringia (ThürDSG), as well as the service provider as defined by the German Telemedia Act (TMG) are:

THOMAS SYS TECH GmbH

An der Heier 15 -17

D-37 318 Wahlhausen

Tel.: +49 (0) 36 087 / 97 11 0

Fax: +49 (0) 36 087 / 97 11 50

E-Mail: datenschutz@thomas.biz

(cf. our imprint)

 

2.    Data Protection Officer

The data protection officer of the controller is:

THOMAS SYS TECH GmbH

Herr Martin Drong

An der Heier 15 -17

D-37 318 Wahlhausen

Tel.: +49 (0) 36 087 / 97 11 0

Fax: +49 (0) 36 087 / 97 11 50

E-Mail: datenschutz@thomas.biz

Please direct any questions or comments regarding this privacy policy or general questions about data protection to our data protection officer.

 

3.    General Information About Data Processing

a.    Scope of the Processing of Personal Data

We collect and use the personal data of our users in principle only as required to host a functional website featuring our content and services. We collect and use the personal data of our users only after they have granted their consent. An exception applies in such cases in which it is not possible to obtain prior consent, and legal provisions require the processing of data.

 

b.    Legal Basis for Processing

If we obtain your consent for subjecting your data to processing operations, Art. 6, Para. 1 sentence 1 lit. a GDPR serves as the legal basis.

For the processing of personal data as required to fulfill a contract to which you are a contractual party, Art. 6 Para. 1 S. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are required to conduct precontractual measures.

If the processing of personal data is required to fulfill a legal obligation to which THOMAS SYS TECH GmbH is subject, Art. 6 Para. 1 S. 1 lit. c GDPR serves as the legal basis.

If processing is required to preserve a legitimate interest of our Company or a third party and the interests and fundamental rights and freedoms of the data subject do not outweigh the former interest, then Art. 6 Para. 1 S. 1 lit. f GDPR serves as the legal basis for the processing.

 

c.    Data Deletion/Storage Period

Your personal data is deleted or restricted as soon as the purpose of storage no longer holds. In addition, data may be stored if it has been provided by the European or national legislator in EU legal regulations, laws, or other provisions applicable to Analytik Jena AG. Data may also be restricted or deleted if a storage deadline stipulated by the specified standards has expired unless further storage of the data is required for the conclusion or fulfillment of a contract.

 

4.    Data Processing on this Website

a.    Description and Scope of Data Processing

Whenever you access our THOMAS SYS TECH GmbH website, temporary information transmitted by your browser is automatically stored on the (web) servers. The data recorded in the designated log file includes among others: the pseudonymized IP address, the browser used, the time and date of the page visitor, and the system used by the page visitor.

The data is also stored in the log files of our system. This data is not stored together with other personal user data.

 

b.    Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 S. 1 lit. f GDPR.

 

c.    Purpose of Data Processing

The temporary storage of the IP address by the system is necessary in order to present the website to the user’s computer, thereby enabling our website to be visible to you as a user. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files is necessary to ensure the functionality of the website. In addition, the data helps us optimize the website and ensure the security of our information technology systems. No data analysis for marketing purposes occurs in this context.

An additional purpose is our legitimate interest in data processing according to Art. 6 Para. 1 S. 1 lit. f GDPR.

 

d.    Duration of Data Processing

The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection.

 

e.    Opt-out and Removal Option

The collection of data for hosting the website and the storage of data in log files are absolutely necessary for operating the website. To this extent there is no opt-out option.

 

5.    Use of Cookies

This website uses cookies.

We use cookies on our website. Some of them are essential, while others help us to improve this website and your experience.

Cookies are small text files that are used by websites to make the user experience more efficient.

According to the law, we can store cookies on your device if they are absolutely necessary for the operation of this site. We need your permission for all other types of cookies.

This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

Further information on the individual providers can be found from point 6.

You can change or withdraw your consent from the cookie declaration at any time:

Change Cookie Preferences

 

Essential

Essential cookies enable basic functions and are necessary for the proper function of the website.

WPML

NameWPML
ProviderOwner of this website
PurposeStores the current language.
Cookie Name_icl_*, wpml_*, wp-wpml_*
Cookie Expiry1 Day

rc::a

Namerc::a
ProviderGoogle
PurposeThis cookie is used to differentiate between humans and bots. This is beneficial for the website to generate valid reports on the use of your website.
Privacy Policyhttps://policies.google.com/privacy
Cookie Namerc::a
Cookie ExpiryPersistent

rc::c

Namerc::c
ProviderGoogle
PurposeThis cookie is used to differentiate between humans and bots.
Privacy Policyhttps://policies.google.com/privacy
Cookie Namerc::c
Cookie ExpirySession

Statistics

Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website.

Google Tag Manager

NameGoogle Tag Manager
ProviderGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
PurposeCookie by Google used to control advanced script and event handling.
Privacy Policyhttps://policies.google.com/privacy?hl=en
Cookie Name_ga,_gat,_gid
Cookie Expiry2 Years

Marketing

Marketing cookies are used by third-party advertisers or publishers to display personalized ads. They do this by tracking visitors across websites.

r/collect

Namer/collect
ProviderGoogle
PurposeThis cookie is used to send data to Google Analytics about the visitor's device and behavior. It monitors the visitor on all devices and marketing channels.
Privacy Policyhttps://policies.google.com/privacy
Cookie Namer/collect
Cookie ExpirySession

External Media

Content from video platforms and social media platforms is blocked by default. If External Media cookies are accepted, access to those contents no longer requires manual consent.

Google Maps

NameGoogle Maps
ProviderGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
PurposeUsed to unblock Google Maps content.
Privacy Policyhttps://policies.google.com/privacy?hl=en&gl=en
Host(s).google.com
Cookie NameNID
Cookie Expiry6 Month

YouTube

NameYouTube
ProviderGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
PurposeUsed to unblock YouTube content.
Privacy Policyhttps://policies.google.com/privacy?hl=en&gl=en
Host(s)google.com
Cookie NameNID
Cookie Expiry6 Month

 

6.    Google Analytics Web Analytics Service

Our website uses Google Analytics, a web analytics service of Google LLC. (“Google”) (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

 

a.    Description and Scope of Data Processing

Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. We use IP anonymisation on our website. Your IP address is anonymized from the beginning – and then passed on to Google Analytics. Therefore Google does not process your IP address at any time and cannot process it completely in exceptional cases. The IP address transmitted by your browser as part of Google Analytics is therefore not merged with other data from Google. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

 

b.    Log Files

Whenever you access our THOMAS SYS TECH GmbH website, temporary information transmitted by your browser will automatically be stored in Google Analytics. This entails the following information:

If users are signed into a Google account, we use demographic features derived from their settings, if necessary. Users can change their demographic data in the advertising settings of their Google account.

 

c.    Legal Basis for Data Processing

The legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f GDPR.

 

d.    Purpose of Data Processing

We use Google Analytics in order to routinely analyze and improve the use of our website. Google will use the information exclusively on our behalf in order to evaluate your use of the website, in order to compile reports about website activities, and to render other services related to website and internet use for the website operator. The compiled statistics enable us to improve our services and design them to be more interesting for you as a user.

An additional purpose is our legitimate interest in the processing of personal data according to Art. 6 Para. 1 S. 1 lit. f GDPR.

 

e.    Duration of Data Processing

The data we send and cookie-related data are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once monthly.

 

f.    Opt-out and Removal Option

You can prevent the storage of cookies through a corresponding setting of your browser software. You can prevent recording by Google Analytics by clicking on the following link deactivate Google Analytics. An opt-out cookie is set that prevents the future recording of your data when visiting this website. In order to prevent recording across various devices, you must opt out of all the systems being used.

In addition, you can prevent the collection of the data generated by the cookies and related to the use of the website (including your IP address) for Google and the processing of this data by Google by downloading and installing the browser plug-in (add-on) available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. By using the browser add-on to disable Google Analytics-JavaScript (ga.js, analytics.js, dc.js), you can prevent Google Analytics from using your data.

We would like to point out that you will not be able to fully use all of the features of this website if your settings block cookies.

 

g.    Additional Information About Google

You can find more detailed information about contact options, terms of service, and data protection at:

https://www.google.de/contact/impressum.html – Contact

https://www.google.com/analytics/terms/us.html – Terms of Service

http://www.google.com/intl/en/analytics/learn/privacy.html – Data Privacy and Security

https://www.google.com/intl/en/policies/privacy/ – Privacy Policy

 

7.   Making Electronic Contact

We offer you the opportunity to inform yourself on various issues concerning THOMAS SYS TECH GmbH and to contact us electronically via the website, if necessary. You have the option of initiating electronic contact with us through the provided contact forms as well as the provided email addresses.

 

a.    Description and Scope of Data Processing

When electronic contact is made with us via the contact form under https://www.thomas.biz/en/inquiries/, the data entered into the input window is transmitted to us and stored. Mandatory information transmitted to us is personal data, such as:

During the sending procedure, your consent is obtained for data processing and reference is made to this privacy policy.

Alternatively, making contact electronically is possible via the email address provided. In this case, only the personal data transmitted in your email is stored, if necessary.

The data is used exclusively for processing the conversation.

In this context, no data is passed along to third parties. If the inquiry relates to the activity of a subsidiary, an equity investment company, or a management company of THOMAS SYS TECH GmbH and the information is needed for the efficient processing of the inquiry, your data can be shared with the relevant company.

However, in view of legal requirements, we are obligated to pass your personal data along to third parties in certain cases. This is the case, for example, if there is suspicion of a criminal offense. We are then obligated to pass your personal data along to the responsible law enforcement authorities. Therefore, by order of the responsible authorities, we may in individual cases provide information about this data if necessary for criminal prosecution, averting danger, performing legal tasks of the German Office for the Protection of the Constitution, the military counter-intelligence service, or for enforcing intellectual property rights.

 

b.    Legal Basis for Data Processing

The legal basis for the processing of data transmitted in the course of electronic contact via the contact form or the sending of an e-mail is Art. 6 para. 1 sentence 1 lit. f GDPR. If the purpose of the electronic contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

 

c.    Purpose of Data Processing

The processing of personal data from the input window of the contact form solely helps us to process the contact. Making contact via email also constitutes the necessary legitimate interest to process the data.

The other personal data processed during the sending procedure serves to prevent the misuse of the contact form and to safeguard the security of our information technology systems.

 

d.    Duration of Storage

The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input window of the contact form and the data that was sent by email, this is the case if the respective conversation with the user has ended. The conversation has ended when circumstances indicate that the relevant matter has been conclusively clarified.

 

e.    Opt out Option

If you contact us electronically via contact form or e-mail, you can object to the storage of your personal data at any time. All personal data stored in the course of electronic contact will be deleted in this case. You can address the objection informally in writing or verbally to us or to our data protection officer. You will find the contact details for this under Items I and II of this data protection declaration. In the event of an objection, the conversation cannot be continued.

 

8.    Inserting Hyperlinks

If you encounter hyperlinks on our website that transfer you directly to the website of other providers (e.g., recognizable by the change in URL), we do not assume any responsibility for the confidential handling of your data. After all, we have no influence over the compliance of these companies with data protection regulations. Please inform yourself directly regarding how these companies handle personal data on their website.

 

9. Integration of YouTube Videos

We use YouTube on our website. This is a video portal operated by YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”.

YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, hereinafter referred to as “Google”.

We use YouTube in its advanced privacy mode to show you videos. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the advanced privacy mode means that the data specified below will only be transmitted to the YouTube server if you actually start a video.

Without this mode, a connection to the YouTube server in the USA will be established as soon as you access any of our webpages on which a YouTube video is embedded.

This connection is required in order to be able to display the respective video on our website within your browser. YouTube will record and process at a minimum your IP address, the date and time the video was displayed, as well as the website you visited. In addition, a connection to the DoubleClick advertising network of Google is established.

If you are logged in to YouTube when you access our site, YouTube will assign the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our site or make the appropriate settings in your YouTube account.

For the purpose of functionality and analysis of usage behavior, YouTube permanently stores cookies on your device via your browser. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.

Further information about the collection and use of data as well as your rights and protection options in Google’s privacy policy found at

https://policies.google.com/privacy

 

10. Google-Maps

Our website uses Google Maps to display our location and to provide directions. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.

If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display our location and create a route description. We cannot prevent Google from using servers in the USA.

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.

By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.

In addition, the use of Google Maps and the information obtained via Google Maps is governed by the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=en and the Terms and Conditions for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.

Google also offers further information at

https://adssettings.google.com/authenticated

https://policies.google.com/privacy

 

11. Social Media Presence

We maintain fan pages on various social media networks and platforms with the objective of communicating with the customers, interested potential customers, and users active there and to inform them of our services.

We would like to point out that your personal data may be processed outside the European Union in this context, meaning that risks may arise for you in this area (such as when exercising your rights under European/German law). Please note that several US providers are certified under the Privacy Shield, and have thus undertaken to comply with the data protection standards of the EU.

The data of users is typically processed for market research and advertising purposes. This makes it possible, for example, to create a usage profile based on user behavior and the interests derived from it. These usage profiles can, in turn, be used for purposes such as deploying advertisements inside and outside the platforms that presumably correspond to the interests of the user. For these purposes, cookies in which the user behavior and interests of the user are recorded are typically stored on users’ computers. In addition, data can also be stored in the usage profiles independently from the devices used by the users (particularly if the users are members of the respective platforms and are logged into them).

The processing of the personal data of users takes place on the basis of our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. If the users are asked for consent to the data processing by the respective providers (i.e. by signaling consent by checking a box or clicking a button), the legal basis of the processing is Art. 6 Para. 1 S. 1 lit. a and Art. 7 GDPR.

Further information on the processing of your personal data and on your options for objection can be found through the link of the respective provider listed below. The assertion of rights to information and other rights of data subjects can also take place by contacting the providers, since only they have direct access to users’ data and possess corresponding information. As a matter of course, we are available for questions and will assist you if you need help. Provider:

 

Facebook 

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Joint processing takes place on the basis of an agreement on joint processing of personal data.

Privacy policy: https://www.facebook.com/about/privacy/

More information about “page insights”: https://www.facebook.com/legal/terms/information_about_page_insights_data

Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

 

Google/YouTube 

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy policy: https://policies.google.com/privacy

Opt-out: https://adssettings.google.com/authenticated

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

 

12.    Rights of the Data Subject

If we process your personal data, you are a data subject as defined by the GDPR, and you are entitled to the following rights from us as the controller:

 

a.    Right to Information

You can require that we as the controller confirm whether we have processed personal data concerning you.

If such processing has been done, you can require us to provide the following information:

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data that are being processed;

(3) the recipients or categories of recipients to whom the personal data concerning you has been disclosed or will yet be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if specific information is not possible regarding this, the criteria for setting the duration of storage.

(5) the existence of a right to correction or deletion of the personal data concerning you, a right to restrict the processing by the controller or a right to opt out from this processing;

(6) the existence of a right to file a complaint with the regulatory authority;

(7) all available information about the origin of the data if the personal data has not been collected from the data subject;

(8) the existence of an automated decision-making process, including profiling according to Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the import and intended impact of such processing for the data subject.

You have the right to request information about whether the personal data concerning you has been transmitted to a third country or an international organization. You can request to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.

 

b.    Right to Correction

You have a right to have us as the controller correct and/or complete the data if the personal data concerning you that has been processed is incorrect or incomplete. We will make the correction immediately.

 

c.    Right to Restrict Processing

Under the following conditions you can request that the processing of the personal data concerning you be restricted:

(1) if you contest the correctness of the personal data regarding you for a period that enables the controller to review the correctness of the personal data;

(2) the processing is unlawful, and you decline the deletion of the personal data and instead request that the use of personal data be restricted;

(3) the controller no longer requires the personal data for the purpose of processing, but you need it in order to assert, exercise, or defend legal claims, or

(4) if you have opted out of the processing according to Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of the personal data concerning you has been restricted, this data may – aside from its storage – be processed only with your consent or for the assertion, exercise, or defense of legal claims or to protect the rights of another individual or legal person, or for reasons of a vital public interest of the European Union or a member state.

If processing has been restricted according to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

 

d.    Right to Deletion

1)    Deletion Obligation

You can require us as the controller to delete the personal data concerning you, and we are obligated to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent, on which the processing according to Art. 6 Para. 1 S. 1 lit. a or Art. 9 Para. 2 lit. a GDPR was based, and there is no other legal basis for the processing.

(3) You opt out of the processing according to Art. 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you opt out of processing according to Art. 21 Para. 2 GDPR.

(4) The personal data concerning you has been processed unlawfully.

(5) The controller is required to delete personal data concerning you in order to fulfill a legal obligation under European Union law or the law of the member states that applies to them.

(6) The personal data concerning you was collected with regard to the services offered by an information society according to Art. 8 Para. 1 GDPR.

 

2)    Information to Third Parties

If we have made the personal data that concerns you public, we are obligated to delete it according to Art. 17 Para. 1 GDPR. Furthermore, taking into account available technology and implementation costs, we take appropriate measures, including of a technical nature, to inform the persons responsible for data processing and who process personal data that you as the data subject have requested that they delete all links to this personal data or copies or replications of this personal data.

 

3)    Exceptions

The right to deletion does not exist as long as processing is required

(1) to exercise the right to freedom of speech and information;

(2) to fulfill a legal obligation, which requires the processing of data under European Union law or the law of the member states that applies to the controller, or to fulfill a responsibility that is in the public interest or in the exercise of public authority that has been vested in the controller.

(3) for public interest reasons in the area of public health according to Art. 9 Para. 2 lit. h and i as well as Art. 9 Para. 3 GDPR;

(4) for archival purposes in the public interest, scientific or historical research purposes, or for statistical purposes according to Art. 89 Para. 1 GDPR as long as the right specified under section a) presumably makes impossible or seriously impairs the realization of the goals of this processing, or

(5) for the assertion, exercise, or defense of legal claims.

 

e.    Right to Notification

If you have asserted the right to correction, deletion, or restriction of processing against us as the controller, we are obligated to notify all recipients to whom the personal data concerning you was made public, about this correction or deletion of the data or restriction of processing unless this turns out to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by us.

 

f.    Right to Data Portability

You have the right to receive the personal data concerning you that you have made available to us as the controller in a structured, standard, and machine-readable format. You also have the right to transmit this data to another controller, to whom the personal data was made available, without our interference, as long as

(1) the processing is based on consent granted according to Art. 6 Para. 1 S. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or an agreement according to Art. 6 Para. 1 S. 1 lit. b GDPR and

(2) the processing is done using automation.

In exercising this right, you have the right in turn to cause the personal data concerning you to be directly transmitted from one controller to another controller as long as this is technically feasible. This must not impair the freedoms or rights of other persons.

The right to data portability does not apply to the processing of personal data that is required to fulfill a responsibility that is in the public interest or in the exercise of public authority that has been vested in the controller.

 

g.    Right to Opt Out

You have the right, for reasons that arise from your particular situation, to opt out at any time from the processing of personal data concerning you resulting from Art. 6 Para. 1 S. 1 lit. e or f GDPR; this also applies to any profiling based on these regulations.

The controller will no longer process the personal data concerning you unless it can provide compelling and legitimate reasons for the processing that outweigh your interests, rights, and freedoms or the processing serves the assertion, exercise, or defense of legal claims.

If personal data concerning you is processed in order to conduct direct advertising, you have the right to opt out from the processing of the personal data concerning you for the purpose of such advertising at any time; this also applies to profiling to the extent that it is associated with such direct advertising. If you opt out of the processing for purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.

You have the option, in connection with the use of services of an information society – regardless of Directive 2002/58/EU – to exercise your opt-out right by means of automated processes in which technical specifications are used.

 

h.    Right to Withdrawal of Data Privacy Consent

You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the legality of processing until withdrawal as previously consented.

 

i.    Automated Decision in an Individual Case, Including Profiling

You have the right not to be subjected to a decision exclusively based on automated processing – including profiling – that has legal repercussions for you or significantly harms you in a similar manner. This does not apply if the decision

(1) is required for the conclusion or fulfillment of an agreement between you and the controller,

(2) is permitted under legal provisions of the European Union or member states that apply to the controller and these legal provisions include appropriate measures to preserve your rights and freedoms as well as your legitimate interests, or

(3) is made with your express consent.

However, these decisions must not be based on special categories of personal data according to Art. 9 Para. 1 GDPR, as long as Art. 9 Para. 2 lit. a or g GDPR does not apply and appropriate measures have been taken to protect your rights, freedoms, and legitimate interests.

Regarding the exceptional cases cited in (1) and (3), the controller takes appropriate measures to preserve your rights, freedoms, and legitimate interests, including at least the right to cause the intervention of a person on the part of the controller, to present one’s own point of view, and to contest the decision.

 

j.    Contact Us to Exercise Your Right as a Data Subject

You can address your right as data subject at any time informally in writing or verbally.  Please contact us or our data protection officer regarding this. You can find the contact information for this in sections I and II of this privacy policy.

 

k.    Right to File a Complaint with a Regulatory Authority

Regardless of any other administrative or legal remedy, you have the right to file a complaint with a regulatory authority, particularly in the member state of your place of residence, your place of employment, or the place of the alleged violation, if you believe that the processing of the personal data concerning you violates the GDPR.

The regulatory authority to which the complaint is submitted informs the complainant about the status and results of the complaint, including the possibility of a legal remedy according to Art. 78 GDPR.

The responsible regulatory authority (state data privacy authority) is:

Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit

Postfach 900455

99107 Erfurt

Häßlerstraße 8

99096 Erfurt

poststelle@datenschutz.thueringen.de

 

13. Security

We take technical and organizational security measures to protect your incidental or intentionally collected personal data, particularly against accidental or deliberate manipulation, loss, destruction, or against an attack by unauthorized persons.

Our website is SSL-encrypted (https).

Our security measures are being continuously improved in line with technological developments. However, we cannot assume any liability for the security of data transmission over the internet. Email messages are not encrypted. Personal data generated from email communication is usually transmitted from your computer over an unsecured connection via the internet. Information that you send by unencrypted email can be intercepted by third parties, stored, and misused. Therefore, access by third parties cannot be ruled out. Consequently, it is recommended to send confidential information exclusively by postal mail.

 

– End of the Privacy Policy –