We are very pleased that you are interested in our company. Data protection has a particularly high priority for the management of CURREX GmbH. Use of the CURREX GmbH website is generally possible without providing any personal data. If a data subject wishes to use our company's special services via our website, processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, for example the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to CURREX GmbH. With this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed about their rights by means of this data protection declaration.
As the controller, CURREX GmbH has implemented numerous technical and organizational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us in alternative ways, for example by telephone.
The data protection declaration of CURREX GmbH is based on the terminology used by the European directors and regulators when issuing the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter the "data subject"). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
b) Affected person
Concerned person is any identified or identifiable natural person whose personal data is processed by the controller.
Processing means any process or series of operations related to personal data, such as collecting, recording, organizing, arranging, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
d) Restriction of processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
Profiling is any kind of automated processing of personal data that consists in using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects regarding analysing or predicting job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person.
(g) Responsible or for the processing responsible
The controller or controller is the natural or legal person, public authority, body or body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the responsible party.
Recipient is a natural or legal person, agency, institution or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered as beneficiaries.
j) Third parties
A third party is a natural or legal person, public authority, agency or institution other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor to process the personal data.
Consent is any voluntarily given and unambiguously expressed in the form of a statement or other unambiguous confirmatory act by the data subject for the particular case, by which the data subject indicates that they consent to the processing of the personal data concerning him / her is.
2. Name and address of the controller
The person responsible within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions of a data protection character is:
CURREX GmbH | Schaartor 1 | 20459 Hamburg | Germany
The data protection officer is: Frauke Pfützner
Tel .: 0049- (0) 40-41 34 60 60 | Email: info@CURREX.com | www.CURREX.com
By using cookies, CURREX GmbH can provide users of this website with more user-friendly services that would not be possible without the cookie setting.
The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
This page uses the following types of cookies, the scope and functionality of which are explained below:
a) Transient cookies, these are automatically deleted when you close your browser. These include session cookies in particular. These store a so-called session ID, with which the various requests from your browser can be assigned to the joint session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
b) Persistent cookies, these are automatically deleted after a specified period, which can vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can find these for the respective browser under the following links:
- Internet Explorer: http://windows.microsoft.com/en-US/windows-vista/Block-or-allow-cookies
- Firefox: https://support.mozilla.org/en/kb/cookies-allow-and-dispose
- Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647
- Safari: https://support.apple.com/kb/ph21411?locale=en_US
However, please note that the deactivation of cookies can mean that only limited functions of the website are available to you.
4. Use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by using the browser plug-in available under the following link. Download and install in: http://tools.google.com/dlpage/gaoptout?hl=de.
We use Google Analytics to analyze and regularly improve the use of our website. Using the statistics obtained, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data are transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The legal basis for the use of analysis tools is Art. 6 Para. 1 S. 1 lit. f GDPR.
5. Use of Microsoft Advertising
We use Microsoft Advertising from Microsoft Corporation on our website (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; “Microsoft”). The data processing serves marketing and advertising purposes and the purpose of measuring the success of advertising measures (conversion tracking). We find out the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, personal identification of these users is not possible. Microsoft Advertising uses technologies such as cookies and tracking pixels, which enable an analysis of your use of the website. When you click on an advertisement placed by Microsoft Advertising, a cookie for conversion tracking is placed on your computer. This cookie has a limited validity and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognize that you clicked on the advertisement and were forwarded to this page. The following information can be collected: IP address, identifiers assigned by Microsoft (identification), information about the browser you are using and the device you are using, referrer URL (website through which you accessed our website) have) URL of our website. Your data may be transferred to the United States. Microsoft has certified itself according to the US-EU data protection agreement "Privacy Shield" and thus committed to comply with the European data protection guidelines. Data processing, in particular the setting of cookies, takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent until you revoke it. You can find more information on data protection and the cookies used at Microsoft Bing at: https://privacy.microsoft.com/de-de/privacystatement
You can object to the storage of a user profile and information about your visit to our website by Hotjar and the setting of Hotjar tracking cookies on other websites via this link: https://www.hotjar.com/legal/compliance/opt-out
8. Collection of general data and information
The website of CURREX GmbH collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the log files of the server. The following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that use an accessing system on our website can be controlled, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information that serves to avert risks in the event of attacks on our information technology systems.
If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
- IP address
- Date and time of the request
- Time Zone Difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete page)
- Access Status / HTTP status code
- each transmitted amount of data
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
- The legal basis for storing the data is Art. 6 Para. 1 lit. f GDPR.
When using this general data and information, CURREX GmbH does not draw any conclusions about the person concerned. Rather, this information is required to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) to ensure the long-term functionality of our information technology systems and the technology of our website and ( 4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. This anonymously collected data and information is therefore statistically evaluated by CURREX GmbH and also with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
9. Registration on our website
The data subject has the possibility to register on the website of the data controller by providing personal data. The personal data to be sent to the controller is derived from the respective input mask used for the registration. The personal data entered by the data subject shall be collected and stored solely for internal use by the controller and for his own purposes. The controller may arrange for the transfer to one or more processors, such as a parcel service, who also uses the personal data only for internal use attributable to the controller.
By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) of the data subject, the date and time of registration are also stored. The storage of this data takes place against the background that only in this way the misuse of our services can be prevented, and these data make it possible, if necessary, to clarify past offenses. In this respect, the storage of this data is necessary to secure the controller. A disclosure of these data to third parties is not, unless there is a legal obligation to pass on or the disclosure of law enforcement serves.
By registering the data subject voluntarily providing personal data, the data controller serves to provide the data subject with content or services that, due to the nature of the case, can only be offered to registered users. Registered persons are free to modify the personal data given at registration at any time or to delete it completely from the database of the data controller.
The data controller will provide each data subject with information on which personal data about the data subject is stored at any time on request. Furthermore, the person responsible for processing corrects or deletes the personal data at the request or advice of the data subject, provided that there are no statutory retention requirements. The entire staff of the controller is available to the data subject as a contact person in this context.
Depending on the type of contract concluded, we save the following data:
- Surnames, first names
- Billing Address
- Email Address
- Phone number
The legal basis for the processing of the data is Art. 6 Para. 1 lit. a DS-GVO and, if the registration serves the fulfillment of a contract or the implementation of pre-contractual measures with you, in addition Art. 6 para. 1 lit. b GDPR.We use Shopify, a service of Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5 to operate our online shop. This service provides an e-commerce platform through which we offer our goods for sale. The data transmitted as part of your order will be stored on a Shopify server in the USA. Shopify has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. For more information on data protection, please refer to Shopify's data protection information at http://www.shopify.com/legal/privacy.
The legal basis for the transmission of data to third parties for the purpose of contract execution or for billing purposes is Art. 6 Para. 1 lit. b GDPR and for the transfer in the context of legally ordered cases Art. 6 Para. 1 lit. c GDPR.
10. Subscription to our newsletter
On the CURREX GmbH website, users are given the opportunity to subscribe to our company's newsletter. Which personal data are transmitted to the person responsible for processing when you order the newsletter is determined from the input mask used for this purpose.
CURREX GmbH informs its customers and business partners at regular intervals by means of a newsletter about offers from the company. The newsletter of our company can only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers to send the newsletter. For legal reasons, a confirmation email will be sent to the email address entered by the data subject for the first time for sending the newsletter in a double opt-in procedure. This confirmation email is used to check whether the owner of the email address as the person concerned has authorized the receipt of the newsletter.
When subscribing to the newsletter, we also store the IP address of the computer system used by the person concerned at the time of registration, as well as the date and time of registration, as assigned by the Internet Service Provider (ISP). The collection of this data is necessary in order to understand the (possible) misuse of an affected person's e-mail address at a later date and therefore serves as legal safeguards for the controller.
The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. Subscribers to the newsletter may also be notified by e-mail if this is necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes. There will be no transfer of the personal data collected as part of the newsletter service to third parties. Subscription to our newsletter may be terminated by the person concerned at any time. The consent to the storage of personal data that the data subject has given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time, directly on the controller's website, or to inform the controller in a different way.
11. Newsletter tracking
The CURREX GmbH newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails that are sent in HTML format in order to enable log file recording and log file analysis. This enables a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Based on the embedded tracking pixel, CURREX GmbH can recognize whether and when an email was opened by a data subject and which links in the email were called up by the data subject.
Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the data controller in order to optimize the sending of the newsletter and to adapt the content of future newsletters even better to the interests of the person concerned. This personal data will not be passed on to third parties. Affected persons are entitled at any time to revoke the separate declaration of consent relating to this, which is made using the double opt-in procedure. After revocation, this personal data will be deleted by the controller. If you unsubscribe from the newsletter, CURREX GmbH automatically interprets it as a revocation.
12. Kontaktmöglichkeit über die Internetseite
Due to legal regulations, the CURREX GmbH website contains information that enables quick electronic contact with our company and direct communication with us, which also includes a general address for the so-called electronic mail (e-mail address). If a data subject contacts the data controller by email or via a contact form, the personal data transmitted by the data subject will be automatically saved. Such personal data transmitted by a data subject to the data controller on a voluntary basis are stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties.
13. Social media
In addition to this website, we also maintain presences in various social media. If you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that in addition to the storage of the data you have specifically entered in this social medium, further information may be collected, processed or used by the provider of the social network. We link to the social media platforms Facebook, Instagram and YouTube on our website by using the respective symbols. These are hyperlinks that do not transmit your data. If you click on the link, you will be redirected to our respective social media presence. Your data will only be transmitted to the respective social media service if you are logged into your respective user account. In this case, the respective social media platform, possibly the information, about what content you viewed with us.
In addition, the provider of the social network may collect, process and use the most important data of the computer system from which you are visiting it - for example your IP address, the processor type used and browser version including plug-ins.
If you are logged in with your personal user account of the respective medium while visiting such a medium, this medium can assign the visit to this account. If you do not want such an assignment, you must log out of your account before visiting our presence.
The purpose and scope of data collection by the respective medium and the further processing and use of your data there as well as your rights in this regard can be found in the respective provisions of the respective medium:
Google+ / YouTube regulations
Responsible for the social media services linked by us are exclusively:
for Facebook and its website, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
for Instagram and its website, Instagram, LLC, 1601 Willow Rd.Menlo Park, CA 94025, USA;
for YouTube and its website, YouTube, LLC, 901 Cherry Ave., St. Bruno, CA 94066, USA;
If you call up a website with such content, a connection is established to the YouTube servers and the content is displayed on the website by notifying your browser.
This tells the YouTube server which of our websites you have visited. If you are logged in as a member of YouTube, YouTube will assign this information to your personal user account on this platform. You can prevent such an assignment by logging out of your user account before visiting our website.
We use the "Facebook Connect" service from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook") on our website. We offer you the opportunity to register on our website with Facebook Connect if you have a Facebook profile and you give us your express consent to exchange data with Facebook. In this case, additional registration is not required. To register, you will be redirected to the Facebook page, where you can register with your usage data. Hereby your browser establishes a direct connection to the Facebook servers, whereby your Facebook profile and our service are linked to each other. Through this link, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are currently not logged in to Facebook. Through the link, we automatically receive the following information from Facebook Inc. depending on your privacy setting on Facebook (name, email address, date of birth, address, Facebook name, user ID, age, gender, and possibly the profile picture , the friends list and the likes). From this data, we only use your name, your email address, your date of birth and your address to create a user account if you have approved them on Facebook. This information is necessary for the conclusion of the contract in order to be able to identify it.
If you do not want Facebook to link the data obtained via our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also exclude the Facebook Connect plugin with add-ons for your browser.
For more information about the purpose and scope of data collection and the further processing and use of your data by the respective social media service, please refer to the data protection guidelines of the respective platform.
14. Use of Google Tag Manager
We use the Google Tag Manager service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA on our website. With Google Tag Manager, marketers can manage website tags through one interface. A day is a marking or marking of a database. The Tag Manager itself, which uses the tags, works without cookies and does not collect any personal data. The tags set up via the Google Tag Manager only ensure the collection of data that are passed on to the target system. Because the data is only passed on, the system does not collect or save the determined data itself. The Tag Manager therefore only triggers other tags, which in turn may collect data. Corresponding explanations for these respective third-party providers can be found in this data protection declaration. Google Tag Manager does not use this data. If you have deactivated cookies or made any other changes, this will be observed for all tracking tags that were used with Google Tag Manager, so the tool does not change your cookie settings.
Google may ask for your permission to share some product information (e.g. your account information) with other Google products in order to activate certain features, e.g. For example, it’s easier to add new conversion tracking tags for AdWords. Google’s developers also periodically review product usage information to further optimize the product. However, Google will not pass on this type of data to other Google products without your consent.
15. Remarketing / retargeting
(1) We use “Custom Audiences” from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our website for the purposes of retargeting or remarketing. This service uses so-called tracking or remarketing pixels. These are pixel image files that enable log file analysis. By using the pixels, the service provider can see when and how many users have accessed the pixel, or whether and when an email was opened or a website was visited.
(2) With the help of this service, users of the website can be shown interest-based advertisements ("Facebook ads") when visiting the social network Facebook or other websites that also use the method. We are therefore interested in showing you advertisements that are of interest to you in order to make our website more interesting for you. When you visit our website, the Pixel creates a direct connection to the Facebook servers. This enables Facebook to identify you based on the browser ID, as these can be linked to your user account. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you are visiting our website Have accessed our website or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered on Facebook or have not logged in, there is a possibility that the provider will find out and save your IP address and other identification features.
(3) The deactivation of the "Facebook Custom Audiences" function is possible for logged in users at https://www.facebook.com/settings/?tab=ads#_.
The legal basis for the processing of your data is Art. 6 Para. 1 S. 1 lit. f GDPR. Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy/.
Right To Object
If you do not want to receive advertisements generated by the respective targeting service, you can object to the use of retargeting technology on our website by sending us a message to firstname.lastname@example.org.
16. Routine deletion and blocking of personal data
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of the storage or, as the case may be, by the European directives or regulations or by any other legislator in laws or regulations which the controller was provided for.
If the storage purpose is omitted or if a storage period prescribed by the European directives and regulations or any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
17. Rights of the person concerned
a) Right to confirmation Every data subject has the right granted by the European directive and regulation giver to request a confirmation from the data controller as to whether personal data concerning them are being processed. If a data subject wishes to exercise this right of confirmation, they can contact an employee of the controller at any time.
b) Right to information
Any person concerned by the processing of personal data shall have the right, granted by the European Directive and Regulatory Authority, at any time to obtain from the data controller information free of charge on the personal data stored about him and a copy of that information. Furthermore, the European legislator and regulator has provided the data subject with the following information:
- the processing purposes
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data have been disclosed or are yet to be disclosed, in particular to recipients in third countries or to international organizations
- if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
- the existence of a right to rectification or erasure of the personal data concerning him or of a restriction of the processing by the person responsible or of a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: all available information on the source of the data
- the existence of automated decision-making including profiling in accordance with Article 22 Abs.1 and 4 DS-BER and - at least in these cases - meaningful information about the logic involved and the scope and intended impact of such processing on the data subject
In addition, the data subject has a right of access as to whether personal data has been transmitted to a third country or to an international organization. If that is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer.
If an interested party wishes to exercise this right to information, they may at any time contact an employee of the controller.
c) Right to rectification
Any person affected by the processing of personal data has the right granted by the European directive and regulation giver to request the immediate correction of incorrect, personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - also by means of a supplementary statement.
If an affected person wishes to exercise this right of rectification, they may, at any time, contact an employee of the controller.
d) Right to cancellation (right to be forgotten)
Any person affected by the processing of personal data shall have the right granted by the European Directives and Regulators to require the controller to immediately delete the personal data concerning him, provided that one of the following reasons is satisfied and the processing is not required:
- The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary.
- The data subject withdraws the consent on which the processing was based, in accordance with Article 6 (1) (a) of the GDPR or Article 9 (2 (a) of the GDPR), and lacks an alternative legal basis for processing.
- The data subject objects to the processing in accordance with Art. 21 para. 1 DS-GVO, and there are no legitimate reasons for the processing, or the data subject objects to Art. 21 para. 2 DS-GVO Processing.
- The personal data were processed unlawfully.
- The erasure of personal data is necessary to fulfill a legal obligation under Union or national law to which the controller is subject.
- The personal data were collected in relation to information society services offered pursuant to Art. 8 para. 1 DS-GVO.
If one of the reasons mentioned above applies and a data subject wishes to have personal data stored by CURREX GmbH deleted, they can contact an employee of the controller at any time. The employee of CURREX GmbH will arrange for the request for deletion to be complied with immediately.
If the personal data have been made public by CURREX GmbH and our company as the responsible person is obliged to delete the personal data in accordance with Art. 17 Para. 1 GDPR, CURREX GmbH takes appropriate measures, taking into account the available technology and the implementation costs, too of a technical nature, in order to inform other data controllers who process the published personal data that the data subject has deleted from them all other data controllers the deletion of all links to this personal data or copies or replications of this personal data has requested, as far as the processing is not necessary. The employee of CURREX GmbH will arrange the necessary in individual cases.
e) Right to restriction of processing
Any person affected by the processing of personal data has the right, granted by the European directive and regulatory authority, to require the controller to restrict the processing if one of the following conditions applies:
- The accuracy of the personal data is contested by the data subject for a period of time that enables the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of personal data.
- The controller no longer needs the personal data for the purposes of processing, but the data subject requires them to assert, exercise or defend legal claims.
- The person concerned has objection to the processing acc. Art. 21 para. 1 DS-GVO and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the person concerned.
If one of the above requirements is met and a data subject wishes to restrict the personal data stored by CURREX GmbH, they can contact an employee of the controller at any time. The employee of CURREX GmbH will arrange for the processing to be restricted.
f) Data transferability
Any person affected by the processing of personal data shall have the right conferred by the European Directives and Regulations to obtain the personal data concerning him / her provided to a controller by the data subject in a structured, common and machine-readable format. It also has the right to transmit this data to another person responsible without hindrance by the controller to whom the personal data was provided, provided that the processing is carried out with the consent of Art. 6 Abs. 1 Letter a DS-GVO or Art. 9 Abs 2 subparagraph (a) of the GDPR or on a contract under Article 6 (1) (b) of the GDPR and processing by automated means, unless the processing is necessary for the performance of a task of public interest or in the exercise of public authority, which has been assigned to the responsible person.
In addition, in exercising their right to data portability under Article 20 (1 DS-GVO), the data subject has the right to obtain that the personal data are transmitted directly from one controller to another, insofar as this is technically feasible and if so this does not affect the rights and freedoms of others.
To assert the right to data portability, the data subject can contact an employee of CURREX GmbH at any time.
g) Right to object
Any person affected by the processing of personal data shall have the right granted by the European Directive and Regulators, at any time, for reasons arising out of their particular situation, against the processing of personal data pertaining to Article 6 (1, e) e or f DS-GVO takes an objection. This also applies to profiling based on these provisions.
In the event of an objection, CURREX GmbH will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend of legal claims.
If CURREX GmbH processes personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected to such direct advertising. If the data subject objects to CURREX GmbH processing for direct marketing purposes, CURREX GmbH will no longer process the personal data for these purposes.
In addition, the person concerned has the right, for reasons that arise from their particular situation, against the processing of personal data relating to them, which is carried out at CURREX GmbH for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 DS- GMOs to object, unless such processing is necessary to perform a task in the public interest.
To exercise the right to object, the data subject can directly contact any employee of CURREX GmbH or another employee. The data subject is also free to exercise their right to object in connection with the use of information society services, regardless of Directive 2002/58 / EC, using automated procedures that use technical specifications.
h) Automated decisions in individual cases including profiling
Any person concerned by the processing of personal data shall have the right, as granted by the European directives and regulations, not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on it or, in a similar manner, significantly affects it; if the decision (1) is not required for the conclusion or performance of a contract between the data subject and the controller, or (2) is permitted by Union or Member State legislation to which the controller is subject, and that legislation provides for appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or (3) with the express consent of the data subject.If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the person responsible or (2) it is made with the express consent of the data subject, CURREX GmbH takes appropriate measures to protect the rights and freedoms as well as the justified ones Protect the interests of the data subject, which includes at least the right to obtain the intervention of a person on the part of the person responsible, to state their own position and to contest the decision.
If the data subject wishes to claim automated decision-making rights, they can contact an employee of the controller at any time.
i) Right to revoke a data protection consent
Any person affected by the processing of personal data has the right, granted by the European directive and regulatory authority, to revoke consent to the processing of personal data at any time.
If the data subject wishes to assert their right to withdraw consent, they may, at any time, contact an employee of the controller.
The controller collects and processes the personal data of applicants for the purpose of processing the application process. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a web form available on the website. If the controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the candidate by the controller, the application documents will be automatically deleted two months after the announcement of the rejection decision, unless deletion precludes other legitimate interests of the controller. Other legitimate interest in this sense, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).
19. Legal basis of processing
Art. 6 I lit. A DS-GMO serves our company as the legal basis for processing operations where we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfill a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, processing shall be based on Art. 6 I lit. b DS-GMO. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GMO. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GMO are based. Ultimately, processing operations could be based on Art. 6 I lit. f DS-GMOs are based. On this legal basis, processing operations that are not covered by any of the above legal bases are required if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned prevail. Such processing operations are particularly allowed to us because they have been specifically mentioned by the European legislator. It considered in that regard that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 DS-GVO).
20. Authorized interests in the processing that are being pursued by the controller or a third party
Is the processing of personal data based on Article 6 I lit. f DS-GMO is our legitimate interest in conducting our business for the benefit of all of our employees and our shareholders.
21. Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.
22. Legal or contractual provisions for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of non-provision
We clarify that the provision of personal data is partly required by law (eg tax regulations) or can also result from contractual provisions (eg information about the contracting party). Occasionally it may be necessary for a contract to be concluded that an affected person provides us with personal data that must subsequently be processed by us. For example, the data subject is required to provide us with personal information when our company enters into a contract with her. Failure to provide the personal data would mean that the contract with the person concerned could not be closed. Prior to any personal data being provided by the person concerned, the person concerned must contact one of our employees. Our employee will inform the individual on a case-by-case basis whether the provision of the personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of the non-provision of the personal data.
23. Existence of automated decision-making
As a responsible company we refrain from automatic decision-making or profiling.
This data protection declaration was created by the data protection declaration generator from the data protection officer in Hamburg in cooperation with RC GmbH, which recycled used notebooks and the file sharing lawyers from WBS-LAW.
COPYRIGHT PROTECTION OF IMAGE MATERIALS
In the event of unauthorized use, distortion or forwarding of our image material, unauthorized forwarding of reprinting rights to third parties as well as unauthorized production of any kind of copies and duplicates as well as forwarding them to third parties, subject to the assertion of claims for damages, a minimum fee of five times the usual usage fee is due.