§ 1 The controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States, as well as other data protection regulations, is:
PCS Hamburg GmbH
represented by the managing director Michael Witt
§ 2 Definitions
(2) Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). Identifiable refers to a person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(3) The data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
(4) Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
(5) Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
(6) Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
(7) The data controller or the person responsible for processing means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or national law, provision may be made for the controller to be designated in accordance with Union or national law.
(8) A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
(9) The recipient means a natural or legal person, public authority, agency or another body to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
(10) Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
(11) Consent is any statement of intent voluntarily and unambiguously given by the data subject in an informed and unambiguous manner in the form of a statement or other unambiguous confirming act that indicates to the data subject that they have consented to the processing of their personal data.
§ 3 Provision of the website and creation of log files
(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we automatically collect the following data and information from the computer system of the accessing computer each time you visit the website:
· Information about the use of our cookie banner
The data is stored. Not affected by this are the user's IP addresses or other data that enables assignment of the data to a user. Otherwise, no further log data is collected. This data is not stored together with other personal data of the user.
(2) The legal basis for the temporary storage of these data is Art. 6 para. 1 sentence c) GDPR.
(3) The temporary storage of the data by the system is necessary to meet the data protection requirements.
(4) The data will be deleted as soon as it is no longer required to achieve the purpose - in this case at the end of the usage process, provided that you delete the cookies afterwards, otherwise when the storage period for cookies set by you expires.
(5) No log files are collected.
(5) The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. c, f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes, if consent is given, is Art. 6 para. 1 lit. a) GDPR.
§ 5 Contact form and emails
(1) There is a contact form on our website which can be used for electronic contact. If you make use of this option, the data entered in the input screen will be sent to us and stored. This data is:
· E-mail address
The following data is also stored at the time the message was sent:
· The user's IP address
· Date and time of registration
(2) You are welcome to contact us by email. In this case, the user's personal data that is transmitted along with the email will be stored. If this includes information about communication channels (e.g. email address, telephone number), you also agree that we may contact you via this communication channel in order to respond to your request. No data will be disclosed to third parties in this context. The data is used exclusively for processing the conversation.
(3) The legal basis for processing the data, if the user's consent to this has been obtained, is Art. 6 Para. 1 clause 1 lit. a) GDPR. The legal basis for processing the data transmitted in the course of sending an email is Art. 6 para. 1 p.1 lit. f) GDPR. If you send us an e-mail with the intention of entering into contract with us, this creates an additional legal basis for its processing per Art. 6 para. 1 p. 1 lit. b) GDPR.
(4) We use personal data provided on contact forms only to make the requested contact. The data from your email inquiries will of course only be used for the purpose for which you made it available to us when contacting us. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. Herein also lies our legitimate interest.
(5) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by e-mail, this is the case when the respective conversation with the user has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved. Personal data that was additionally collected during the sending procedure will be deleted at the latest after a period of seven days. If the e-mail contact is aimed at the execution of a contract, the data will be deleted after expiry of the statutory (commercial or tax) storage periods required for this.
(6) You can revoke your consent to the processing of the email and its content at any time. It will not be possible to continue the conversation in this case. To do this, please contact the data controller in accordance with § 1. However, this revocation option only exists if the email contact is not used to prepare or execute a contract.
§ 6 Login investor area
(1) We offer you the opportunity to register for our investor area on our website by providing personal data. The data is entered into an input form and transmitted to us and stored. This data will not be passed on to third parties unless required to do so by law or for the purpose of criminal or legal prosecution. The following data is collected during the registration process:
· E-mail address
· Date and time of registration
The user receives the password and user name from the controller after the registration confirmation in accordance with para. 2.
(2) We use the double opt-in procedure for registration. This means that after your registration we will send you an email to the specified email address in which we ask you to confirm that you would like to be registered. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we will store your IP address and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) The legal basis for processing the data, if the user's consent to this has been obtained, is Art. 6 Para. 1 clause 1 lit. a) GDPR.
(4) Registration is required to provide certain content and services on our website, to prevent misuse and, if necessary, to investigate criminal offenses.
(5) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process and the email address as soon as you delete your access. We save the name for three months; then it will be deleted.
(6) Furthermore, you are free to have the personal data provided during registration completely deleted from the database of the data controller by declaring the revocation to the data controller according to § 1 via e-mail or by post. In this case, your data will be deleted immediately.
§ 7 SSL encryption
Our website uses SSL encryption if confidential or personal data is transmitted. This encryption is used, for example, for payment transactions and inquiries to us via this website. To ensure that this encryption is actually active, you must monitor that on your side. The status of the encryption can be seen from the browser line, which changes from “http: //” to https: // in the case of encryption. In the case of encryption, your data cannot be read by third parties. If the encryption is not active, please contact us confidentially via another contact option.
§ 8 Disclosure of personal data to third parties
8.1 Links to external websites
8.2 Rented server space
We would like to point out that we have rented a server space from ALL-INKL.COM, Neue Medien Münnich, Hauptstr. 68, 02742 Friedersdorf, www.all-inkl.com. Since we do not collect log files, the provider generally does not receive any information about the user.
§ 9 Your rights as a data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights with respect to the data controller pursuant to § 1:
- Right to information - Right to rectification - Right to restriction of processing - Right to deletion - Right to information - Right to data portability - Right to object to processing - Right to withdraw consent under data protection law - Right to withdraw consent under data protection law - Right not to apply an automated decision - Right to appeal to a supervisory authority
9.1 Right to information
(1) You can request that the data controller confirms whether we will process personal data that concerns you. If such processing has taken place, you can request free information from the data controller at any time about the personal data stored about you and about the following information:
a) he purposes for processing the personal data;
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
d) the planned storage duration of your personal data or, if specific information in that regard is not possible, criteria for determining the storage period;
e) the existence of a right of rectification or deletion of your personal data or of a restriction on processing by the data controller or of a right to oppose such processing;
f) the existence of a right of appeal to a supervisory authority;
g) any available information on the origin of the data if the personal data has not been collected from the person concerned;
h) the existence of automated decision-making, including profiling, in accordance with Article 22 Para. 1 and 4, GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the person concerned.
(2) You have the right to request information regarding whether your personal information will be transmitted to a third-party country or an international organisation. In this respect, you can request the appropriate guarantees in accordance with Art. 46 of the GDPR in connection with the transmission.
9.2 The right of rectification
You have the right to rectification and/or completion with respect to the data controller if the personal data processed concerning you is incorrect or incomplete.
9.3 The right to limitation of processing
(1) Under the following conditions, you may request from the data controller that the processing of your personal data be restricted:
a) If you contest the accuracy of your personal data for a period that enables the data controller to verify the accuracy of the personal data;
b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
c) the data controller no longer needs the personal data for processing purposes, but they are required by you for the establishment, exercise or defence of legal claims or
d) you have objected to processing pursuant to Art. 21 Para. 1 GDPR pending the verification whether the legitimate grounds of the controller overrides your reasons.
(2) Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State. If the processing restriction has been done in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.
9.4 Right to deletion
(1) You can request that the data controller delete the personal data concerning you immediately, provided that one of the following reasons applies:
a) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
b) you withdraw your consent on which the processing is based according to Art. 6 Para. 1 (a) or Art. 9 para. 2 (a) GDPR, and where there is no other legal ground for its processing.
c) You object pursuant to Art. 21 Para. 1 of the GDPR, and there are no overriding legitimate grounds for processing, or you submit an objection to processing in accordance with Art. 21 para. 2 GDPR to the processing;
d) The personal data concerning you have been unlawfully processed.
e) The personal data concerning you must be deleted for compliance with a legal obligation under Union or Member State law to which the data controller is subject.
f) The personal data concerning you has been collected in relation to services offered by information society services pursuant to Art. 8 para. 1 GDPR.
(2) If the data controller has made personal data that concerns you public and is subject to the obligation to delete it pursuant to Art. 17 para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
(3) The right to deletion does not exist insofar as processing is necessary
a) to exercise the right of freedom of expression and information;
b) for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the data controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the data controller;
c) for reasons of public interest in the field of public health in accordance with Art. 9 Para. 2 lit. h and i, as well as Art. 9 para. 3 GDPR;
d) for archiving purposes in the interest of public, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, to the extent that the law referred to in clause (a) is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing; or
e) to assert, exercise or defend legal claims;
9.5 Right to information
If you have exercised your right to have the data controller correct, delete, or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. It is your right to have the data controller inform you regarding such recipients.
9.6 Right to data portability
(1) You have the right to obtain your personal data that you have provided to the data controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, insofar as
a) the processing is based on consent pursuant to Art. 6 Para. 1 (a) of the GDPR or Art. 9 para. 2 (a) of the GDPR or on a contract in accordance with Art. 6 para. 1 (b) GDPR and
b) the processing is carried out using automated methods.
(2) In exercising this right, you shall have the right to have the personal data transmitted directly from one data controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.
(3) The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.
In order to exercise the right to data portability, the data subject may at any time contact the controller.
9.7 Right of objection
(1) You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time, which is carried out in accordance with Art. 6 para. 1 lit. e) or lit. f) of the GDPR; the same applies to profiling based on these provisions.
(2) The responsible party will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
(3) If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes.
(4) In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
(5) In order to exercise the right to object, the data subject may contact the controller directly.
9.8 The right to revoke the declaration of consent pursuant to data protection rights
You have the right at any time to revoke your data protection declaration of consent. The revocation of consent shall not affect the legality of any processing undertaken on the basis of this consent before its withdrawal. You can contact the data controller for this.
9.9 Right to automated decision in individual cases including profiling
(1) You have the right not to be subjected to a decision based solely on automated processing – including profiling – that has legal bearing on you or that significantly affects you in a similar manner. This shall not apply if the decision:
a) is necessary for entering into, or performance of, a contract between the you and a data controller;
b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) is based on your explicit consent.
(2) However, these decisions may not be based on special categories of personal data pursuant to Art. 9, Para. 1 of the GDPR, unless Art. 9 para. 2 lit. a) or g) of the GDPR and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.
(3) In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the data controller, to state his or her own position and to challenge the decision.
(4) If the data subject wishes to exercise their rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the company.
9.10 The right to file a legal complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR. The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.