Privacy Statement

We are very delighted that you have shown interest in our enter­prise. Data pro­tec­tion is of a par­tic­u­larly high pri­or­ity for the man­age­ment of onygo​.org. The use of the Inter­net pages of onygo​.org is pos­sible without any indic­a­tion of per­son­al data; how­ever, if a data sub­ject wants to use spe­cial enter­prise ser­vices via our web­site, pro­cessing of per­son­al data could become neces­sary. If the pro­cessing of per­son­al data is neces­sary and there is no stat­utory basis for such pro­cessing, we gen­er­ally obtain con­sent from the data subject. 

The pro­cessing of per­son­al data, such as the name, address, e‑mail address, or tele­phone num­ber of a data sub­ject shall always be in line with the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), and in accord­ance with the coun­try-spe­cif­ic data pro­tec­tion reg­u­la­tions applic­able to onygo​.org. By means of this data pro­tec­tion declar­a­tion, our enter­prise would like to inform the gen­er­al pub­lic of the nature, scope, and pur­pose of the per­son­al data we col­lect, use and pro­cess. Fur­ther­more, data sub­jects are informed, by means of this data pro­tec­tion declar­a­tion, of the rights to which they are entitled. 

As the con­trol­ler, onygo​.org has imple­men­ted numer­ous tech­nic­al and organ­iz­a­tion­al meas­ures to ensure the most com­plete pro­tec­tion of per­son­al data pro­cessed through this web­site. How­ever, Inter­net-based data trans­mis­sions may in prin­ciple have secur­ity gaps, so abso­lute pro­tec­tion may not be guar­an­teed. For this reas­on, every data sub­ject is free to trans­fer per­son­al data to us via altern­at­ive means, e.g. by telephone. 

1. Definitions

The data pro­tec­tion declar­a­tion of onygo​.org is based on the terms used by the European legis­lat­or for the adop­tion of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR). Our data pro­tec­tion declar­a­tion should be legible and under­stand­able for the gen­er­al pub­lic, as well as our cus­tom­ers and busi­ness part­ners. To ensure this, we would like to first explain the ter­min­o­logy used. 

In this data pro­tec­tion declar­a­tion, we use, inter alia, the fol­low­ing terms: 

a) Personal data

Per­son­al data means any inform­a­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (“data sub­ject”). An iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, dir­ectly or indir­ectly, in par­tic­u­lar by ref­er­ence to an iden­ti­fi­er such as a name, an iden­ti­fic­a­tion num­ber, loc­a­tion data, an online iden­ti­fi­er or to one or more factors spe­cif­ic to the phys­ic­al, physiolo­gic­al, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­tity of that nat­ur­al person. 

b) Data subject

Data sub­ject is any iden­ti­fied or iden­ti­fi­able nat­ur­al per­son, whose per­son­al data is pro­cessed by the con­trol­ler respons­ible for the processing. 

c) Processing

Pro­cessing is any oper­a­tion or set of oper­a­tions which is per­formed on per­son­al data or on sets of per­son­al data, wheth­er or not by auto­mated means, such as col­lec­tion, record­ing, organ­isa­tion, struc­tur­ing, stor­age, adapt­a­tion or alter­a­tion, retriev­al, con­sulta­tion, use, dis­clos­ure by trans­mis­sion, dis­sem­in­a­tion or oth­er­wise mak­ing avail­able, align­ment or com­bin­a­tion, restric­tion, eras­ure or destruction. 

d) Restriction of processing

Restric­tion of pro­cessing is the mark­ing of stored per­son­al data with the aim of lim­it­ing their pro­cessing in the future. 

e) Profiling

Pro­fil­ing means any form of auto­mated pro­cessing of per­son­al data con­sist­ing of the use of per­son­al data to eval­u­ate cer­tain per­son­al aspects relat­ing to a nat­ur­al per­son, in par­tic­u­lar to ana­lyse or pre­dict aspects con­cern­ing that nat­ur­al per­son’s per­form­ance at work, eco­nom­ic situ­ation, health, per­son­al pref­er­ences, interests, reli­ab­il­ity, beha­viour, loc­a­tion or movements. 

f) Pseudonymisation

Pseud­onymisa­tion is the pro­cessing of per­son­al data in such a man­ner that the per­son­al data can no longer be attrib­uted to a spe­cif­ic data sub­ject without the use of addi­tion­al inform­a­tion, provided that such addi­tion­al inform­a­tion is kept sep­ar­ately and is sub­ject to tech­nic­al and organ­isa­tion­al meas­ures to ensure that the per­son­al data are not attrib­uted to an iden­ti­fied or iden­ti­fi­able nat­ur­al person. 

g) Controller or controller responsible for the processing

Con­trol­ler or con­trol­ler respons­ible for the pro­cessing is the nat­ur­al or leg­al per­son, pub­lic author­ity, agency or oth­er body which, alone or jointly with oth­ers, determ­ines the pur­poses and means of the pro­cessing of per­son­al data; where the pur­poses and means of such pro­cessing are determ­ined by Uni­on or Mem­ber State law, the con­trol­ler or the spe­cif­ic cri­ter­ia for its nom­in­a­tion may be provided for by Uni­on or Mem­ber State law. 

h) Processor

Pro­cessor is a nat­ur­al or leg­al per­son, pub­lic author­ity, agency or oth­er body which pro­cesses per­son­al data on behalf of the controller. 

i) Recipient

Recip­i­ent is a nat­ur­al or leg­al per­son, pub­lic author­ity, agency or anoth­er body, to which the per­son­al data are dis­closed, wheth­er a third party or not. How­ever, pub­lic author­it­ies which may receive per­son­al data in the frame­work of a par­tic­u­lar inquiry in accord­ance with Uni­on or Mem­ber State law shall not be regarded as recip­i­ents; the pro­cessing of those data by those pub­lic author­it­ies shall be in com­pli­ance with the applic­able data pro­tec­tion rules accord­ing to the pur­poses of the processing. 

j) Third party

Third party is a nat­ur­al or leg­al per­son, pub­lic author­ity, agency or body oth­er than the data sub­ject, con­trol­ler, pro­cessor and per­sons who, under the dir­ect author­ity of the con­trol­ler or pro­cessor, are author­ised to pro­cess per­son­al data. 

k) Consent

Con­sent of the data sub­ject is any freely giv­en, spe­cif­ic, informed and unam­bigu­ous indic­a­tion of the data sub­ject’s wishes by which he or she, by a state­ment or by a clear affirm­at­ive action, sig­ni­fies agree­ment to the pro­cessing of per­son­al data relat­ing to him or her. 

2. Name and Address of the controller

Con­trol­ler for the pur­poses of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), oth­er data pro­tec­tion laws applic­able in Mem­ber states of the European Uni­on and oth­er pro­vi­sions related to data pro­tec­tion is: 

Mar­tin Gude
Rudolf-Reusch-Straße 38
10367 Ber­lin
Ger­many

Phone: +49 163 6316525
Email: Spampro­tec­ted E‑Mail: 139bf791mb48@mar71fft9d161in-2a3dgude3f7e2.com49beae1

3. Cookies

The Inter­net pages of onygo​.org use cook­ies. Cook­ies are text files that are stored in a com­puter sys­tem via an Inter­net browser. 

Many Inter­net sites and serv­ers use cook­ies. Many cook­ies con­tain a so-called cook­ie ID. A cook­ie ID is a unique iden­ti­fi­er of the cook­ie. It con­sists of a char­ac­ter string through which Inter­net pages and serv­ers can be assigned to the spe­cif­ic Inter­net browser in which the cook­ie was stored. This allows vis­ited Inter­net sites and serv­ers to dif­fer­en­ti­ate the indi­vidu­al browser of the dats sub­ject from oth­er Inter­net browsers that con­tain oth­er cook­ies. A spe­cif­ic Inter­net browser can be recog­nized and iden­ti­fied using the unique cook­ie ID

Through the use of cook­ies, onygo​.org can provide the users of this web­site with more user-friendly ser­vices that would not be pos­sible without the cook­ie setting. 

By means of a cook­ie, the inform­a­tion and offers on our web­site can be optim­ized with the user in mind. Cook­ies allow us, as pre­vi­ously men­tioned, to recog­nize our web­site users. The pur­pose of this recog­ni­tion is to make it easi­er for users to util­ize our web­site. The web­site user that uses cook­ies, e.g. does not have to enter access data each time the web­site is accessed, because this is taken over by the web­site, and the cook­ie is thus stored on the user­’s com­puter sys­tem. Anoth­er example is the cook­ie of a shop­ping cart in an online shop. The online store remem­bers the art­icles that a cus­tom­er has placed in the vir­tu­al shop­ping cart via a cookie. 

The data sub­ject may, at any time, pre­vent the set­ting of cook­ies through our web­site by means of a cor­res­pond­ing set­ting of the Inter­net browser used, and may thus per­man­ently deny the set­ting of cook­ies. Fur­ther­more, already set cook­ies may be deleted at any time via an Inter­net browser or oth­er soft­ware pro­grams. This is pos­sible in all pop­u­lar Inter­net browsers. If the data sub­ject deac­tiv­ates the set­ting of cook­ies in the Inter­net browser used, not all func­tions of our web­site may be entirely usable. 

Types of Cookies

Tech­nic­al or func­tion­al cookies 

Some cook­ies ensure that cer­tain parts of the web­site work prop­erly and that your user pref­er­ences remain known. By pla­cing func­tion­al cook­ies, we make it easi­er for you to vis­it our web­site. This way, you do not need to repeatedly enter the same inform­a­tion when vis­it­ing our web­site and, for example, the items remain in your shop­ping cart until you have paid. We may place these cook­ies without your consent. 

Stat­ist­ics cookies 

Because stat­ist­ics are being tracked anonym­ously, no per­mis­sion is asked to place stat­ist­ics cookies. 

Marketing/Tracking cook­ies 

Marketing/Tracking cook­ies are cook­ies or any oth­er form of loc­al stor­age, used to cre­ate user pro­files to dis­play advert­ising or to track the user on this web­site or across sev­er­al web­sites for sim­il­ar mar­ket­ing purposes. 

Social media buttons 

On our web­site we have included but­tons for Face­book, Twit­ter, Linked­In and Ins­tagram to pro­mote webpages (e.g. “like”, “pin”) or share (e.g. “tweet”) on social net­works like Face­book, Twit­ter, Linked­In and Ins­tagram. These but­tons work using pieces of code com­ing from Face­book, Twit­ter, Linked­In and Ins­tagram them­selves. This code places cook­ies. These social media but­tons also can store and pro­cess cer­tain inform­a­tion, so a per­son­al­ized advert­ise­ment can be shown to you. 

Please read the pri­vacy state­ment of these social net­works (which can change reg­u­larly) to read what they do with your (per­son­al) data which they pro­cess using these cook­ies. The data that is retrieved is anonymised as much as pos­sible. Face­book, Twit­ter, Linked­In and Ins­tagram are loc­ated in the United States. 

Placed Cookies

Complianz

Func­tion­al

Usage

We use Com­pli­anz for cook­ie con­sent man­age­ment. Read more

Sharing data

This data is not shared with third parties. For more inform­a­tion, please read the Com­pli­anz Pri­vacy State­ment.

Functional

Name
Expiration
365 days
Function
Store accep­ted cook­ie policy ID
Name
Expiration
365 days
Function
Store cook­ie con­sent preferences
Name
Expiration
365 days
Function
Store cook­ie con­sent preferences
Name
Expiration
365 days
Function
Store cook­ie con­sent preferences
Name
Expiration
365 days
Function
Store cook­ie con­sent preferences

Matomo

Stat­ist­ics (anonym­ous)

Usage

We use Mat­omo for web­site stat­ist­ics. Read more

Sharing data

This data is not shared with third parties. 

Statistics (anonymous)

Name
Expiration
13 months
Function
Store a unique user ID
Name
Expiration
ses­sion
Function
Store a unique ses­sion ID

WP Do Not Track

Func­tion­al

Usage

We use WP Do Not Track for cook­ie con­sent man­age­ment. Read more

Sharing data

This data is not shared with third parties. 

Functional

Name
Expiration
1 year
Function
Store ›do not track‹ signals

Twitter

Func­tion­al, Marketing 

Usage

We use Twit­ter for dis­play of recent social posts and/or social share but­tons. Read more

Sharing data

For more inform­a­tion, please read the Twit­ter Pri­vacy State­ment.

Functional

Name
Expiration
per­sist­ent
Function
Provide load bal­an­cing functionality

Marketing

Name
Expiration
per­sist­ent
Function
Store if the user has seen embed­ded content

WordPress

Func­tion­al

Usage

We use Word­Press for web­site devel­op­ment. Read more

Sharing data

This data is not shared with third parties. 

Functional

Name
Expiration
ses­sion
Function
Store browser details

Vimeo

Stat­ist­ics

Usage

We use Vimeo for video dis­play. Read more

Sharing data

For more inform­a­tion, please read the Vimeo Pri­vacy State­ment.

Statistics

Name
Expiration
10 minutes
Function
Store and track audi­ence reach
Name
Expiration
2 years
Function
Store the user­’s usage history

YouTube

Mar­ket­ing

Usage

We use You­Tube for video dis­play. Read more

Sharing data

For more inform­a­tion, please read the You­Tube Pri­vacy State­ment.

Marketing

Name
Expiration
ses­sion
Function
Store loc­a­tion data
Name
Expiration
6 months
Function
Provide ad deliv­ery or retargeting
Name
Expiration
ses­sion
Function
Store and track interaction
Name
Expiration
8 months
Function
Store user preferences

Facebook

Mar­ket­ing, Functional 

Usage

We use Face­book for dis­play of recent social posts and/or social share but­tons. Read more

Sharing data

For more inform­a­tion, please read the Face­book Pri­vacy State­ment.

Marketing

Name
Expiration
2 years
Function
Store last visit
Name
Expiration
1 year
Function
Store account details
Name
Expiration
3 months
Function
Store a unique ses­sion ID
Name
Expiration
3 months
Function
Provide ad deliv­ery or retargeting
Name
Expiration
90 days
Function
Store logged in users
Name
Expiration
3 months
Function
Store and track vis­its across websites
Name
Expiration
2 years
Function
Provide fraud prevention
Name
Expiration
30 days
Function
Store a unique user ID
Name
Expiration
2 years
Function
Store browser details
Name
Expiration
1 year
Function
Store account details

Functional

Name
Expiration
1 week
Function
Read screen resolution
Name
Expiration
90 days
Function
Provide fraud prevention
Name
Expiration
ses­sion
Function
Store and track if the browser tab is active

LinkedIn

Func­tion­al, Mar­ket­ing, Stat­ist­ics, Preferences 

Usage

We use Linked­In for dis­play of recent social posts and/or social share but­tons. Read more

Sharing data

For more inform­a­tion, please read the Linked­In Pri­vacy State­ment.

Functional

Name
Expiration
ses­sion
Function
Provide load bal­an­cing functionality
Name
Expiration
6 months
Function
Store cook­ie con­sent preferences
Name
Expiration
10 years
Function
Store pri­vacy preferences

Marketing

Name
Expiration
30 days
Function
Store and track vis­its across websites
Name
Expiration
90 days
Function
Store and track a vis­it­or’s identity
Name
Expiration
1 month
Function
Provide ad deliv­ery or retargeting
Name
Expiration
90 days
Function
Store and track a vis­it­or’s identity
Name
Expiration
30 days
Function
Provide ad deliv­ery or retargeting

Statistics

Name
Expiration
30 days
Function
Store and track a vis­it­or’s identity
Name
Expiration
30 days
Function
Store and track vis­its across websites

Preferences

Name
Expiration
1 year
Function
Store if a mes­sage has been shown
Name
Expiration
1 year
Function
Store browser details
Name
Expiration
1 day
Function
Provide load bal­an­cing functionality
Name
Expiration
1 year
Function
Store logged in users

Miscellaneous

Pur­pose pending investigation 

Usage

Sharing data

Shar­ing of data is pending investigation 

Purpose pending investigation

Name
tk_qs
Expiration
Function
Name
cmplz_choice
Expiration
365 days
Function
Name
autoptimize_feed
Expiration
Function
Name
cmplz_consenttype
Expiration
365 days
Function
Name
cmplz_ban­ner-status
Expiration
365 days
Function
Name
mtm_cookie_consent
Expiration
Function
Name
WP_PREFERENCES_USER_16
Expiration
Function

Manage Consent

4. Collection of general data and information

The web­site of onygo​.org col­lects a series of gen­er­al data and inform­a­tion when a data sub­ject or auto­mated sys­tem calls up the web­site. This gen­er­al data and inform­a­tion are stored in the serv­er log files. Col­lec­ted may be (1) the browser types and ver­sions used, (2) the oper­at­ing sys­tem used by the access­ing sys­tem, (3) the web­site from which an access­ing sys­tem reaches our web­site (so-called refer­rers), (4) the sub-web­sites, (5) the date and time of access to the Inter­net site, (6) an Inter­net pro­tocol address (IP address), (7) the Inter­net ser­vice pro­vider of the access­ing sys­tem, and (8) any oth­er sim­il­ar data and inform­a­tion that may be used in the event of attacks on our inform­a­tion tech­no­logy systems. 

When using these gen­er­al data and inform­a­tion, onygo​.org does not draw any con­clu­sions about the data sub­ject. Rather, this inform­a­tion is needed to (1) deliv­er the con­tent of our web­site cor­rectly, (2) optim­ize the con­tent of our web­site as well as its advert­ise­ment, (3) ensure the long-term viab­il­ity of our inform­a­tion tech­no­logy sys­tems and web­site tech­no­logy, and (4) provide law enforce­ment author­it­ies with the inform­a­tion neces­sary for crim­in­al pro­sec­u­tion in case of a cyber-attack. There­fore, onygo​.org ana­lyzes anonym­ously col­lec­ted data and inform­a­tion stat­ist­ic­ally, with the aim of increas­ing the data pro­tec­tion and data secur­ity of our enter­prise, and to ensure an optim­al level of pro­tec­tion for the per­son­al data we pro­cess. The anonym­ous data of the serv­er log files are stored sep­ar­ately from all per­son­al data provided by a data subject. 

5. Comments function in the blog on the website

onygo​.org offers users the pos­sib­il­ity to leave indi­vidu­al com­ments on indi­vidu­al blog con­tri­bu­tions on a blog, which is on the web­site of the con­trol­ler. A blog is a web-based, pub­licly-access­ible portal, through which one or more people called blog­gers or web-blog­gers may post art­icles or write down thoughts in so-called blo­g­posts. Blo­g­posts may usu­ally be com­men­ted by third parties. 

If a data sub­ject leaves a com­ment on the blog pub­lished on this web­site, the com­ments made by the data sub­ject are also stored and pub­lished, as well as inform­a­tion on the date of the com­ment­ary and on the user­’s (pseud­onym) chosen by the data sub­ject. In addi­tion, the IP address assigned by the Inter­net ser­vice pro­vider (ISP) to the data sub­ject is also logged. This stor­age of the IP address takes place for secur­ity reas­ons, and in case the data sub­ject viol­ates the rights of third parties, or posts illeg­al con­tent through a giv­en com­ment. The stor­age of these per­son­al data is, there­fore, in the own interest of the data con­trol­ler, so that he can exculp­ate in the event of an infringe­ment. This col­lec­ted per­son­al data will not be passed to third parties, unless such a trans­fer is required by law or serves the aim of the defense of the data controller. 

6. Subscription to comments in the blog on the website

The com­ments made in the blog of onygo​.org may be sub­scribed to by third parties. In par­tic­u­lar, there is the pos­sib­il­ity that a com­menter sub­scribes to the com­ments fol­low­ing his com­ments on a par­tic­u­lar blog post. 

If a data sub­ject decides to sub­scribe to the option, the con­trol­ler will send an auto­mat­ic con­firm­a­tion e‑mail to check the double opt-in pro­ced­ure as to wheth­er the own­er of the spe­cified e‑mail address decided in favor of this option. The option to sub­scribe to com­ments may be ter­min­ated at any time. 

7. Routine erasure and blocking of personal data

The data con­trol­ler shall pro­cess and store the per­son­al data of the data sub­ject only for the peri­od neces­sary to achieve the pur­pose of stor­age, or as far as this is gran­ted by the European legis­lat­or or oth­er legis­lat­ors in laws or reg­u­la­tions to which the con­trol­ler is sub­ject to. 

If the stor­age pur­pose is not applic­able, or if a stor­age peri­od pre­scribed by the European legis­lat­or or anoth­er com­pet­ent legis­lat­or expires, the per­son­al data are routinely blocked or erased in accord­ance with leg­al requirements. 

8. Rights of the data subject

a) Right of confirmation

Each data sub­ject shall have the right gran­ted by the European legis­lat­or to obtain from the con­trol­ler the con­firm­a­tion as to wheth­er or not per­son­al data con­cern­ing him or her are being pro­cessed. If a data sub­ject wishes to avail him­self of this right of con­firm­a­tion, he or she may, at any time, con­tact any employ­ee of the controller. 

b) Right of access

Each data sub­ject shall have the right gran­ted by the European legis­lat­or to obtain from the con­trol­ler free inform­a­tion about his or her per­son­al data stored at any time and a copy of this inform­a­tion. Fur­ther­more, the European dir­ect­ives and reg­u­la­tions grant the data sub­ject access to the fol­low­ing information: 

  • the pur­poses of the processing;
  • the cat­egor­ies of per­son­al data concerned;
  • the recip­i­ents or cat­egor­ies of recip­i­ents to whom the per­son­al data have been or will be dis­closed, in par­tic­u­lar recip­i­ents in third coun­tries or inter­na­tion­al organisations;
  • where pos­sible, the envis­aged peri­od for which the per­son­al data will be stored, or, if not pos­sible, the cri­ter­ia used to determ­ine that period;
  • the exist­ence of the right to request from the con­trol­ler rec­ti­fic­a­tion or eras­ure of per­son­al data, or restric­tion of pro­cessing of per­son­al data con­cern­ing the data sub­ject, or to object to such processing;
  • the exist­ence of the right to lodge a com­plaint with a super­vis­ory authority;
  • where the per­son­al data are not col­lec­ted from the data sub­ject, any avail­able inform­a­tion as to their source;
  • the exist­ence of auto­mated decision-mak­ing, includ­ing pro­fil­ing, referred to in Art­icle 22(1) and (4) of the GDPR and, at least in those cases, mean­ing­ful inform­a­tion about the logic involved, as well as the sig­ni­fic­ance and envis­aged con­sequences of such pro­cessing for the data subject.

Fur­ther­more, the data sub­ject shall have a right to obtain inform­a­tion as to wheth­er per­son­al data are trans­ferred to a third coun­try or to an inter­na­tion­al organ­isa­tion. Where this is the case, the data sub­ject shall have the right to be informed of the appro­pri­ate safe­guards relat­ing to the transfer. 

If a data sub­ject wishes to avail him­self of this right of access, he or she may, at any time, con­tact any employ­ee of the controller. 

c) Right to rectification

Each data sub­ject shall have the right gran­ted by the European legis­lat­or to obtain from the con­trol­ler without undue delay the rec­ti­fic­a­tion of inac­cur­ate per­son­al data con­cern­ing him or her. Tak­ing into account the pur­poses of the pro­cessing, the data sub­ject shall have the right to have incom­plete per­son­al data com­pleted, includ­ing by means of provid­ing a sup­ple­ment­ary statement. 

If a data sub­ject wishes to exer­cise this right to rec­ti­fic­a­tion, he or she may, at any time, con­tact any employ­ee of the controller. 

d) Right to erasure (Right to be forgotten)

Each data sub­ject shall have the right gran­ted by the European legis­lat­or to obtain from the con­trol­ler the eras­ure of per­son­al data con­cern­ing him or her without undue delay, and the con­trol­ler shall have the oblig­a­tion to erase per­son­al data without undue delay where one of the fol­low­ing grounds applies, as long as the pro­cessing is not necessary: 

  • The per­son­al data are no longer neces­sary in rela­tion to the pur­poses for which they were col­lec­ted or oth­er­wise processed.
  • The data sub­ject with­draws con­sent to which the pro­cessing is based accord­ing to point (a) of Art­icle 6(1) of the GDPR, or point (a) of Art­icle 9(2) of the GDPR, and where there is no oth­er leg­al ground for the processing.
  • The data sub­ject objects to the pro­cessing pur­su­ant to Art­icle 21(1) of the GDPR and there are no over­rid­ing legit­im­ate grounds for the pro­cessing, or the data sub­ject objects to the pro­cessing pur­su­ant to Art­icle 21(2) of the GDPR.
  • The per­son­al data have been unlaw­fully processed.
  • The per­son­al data must be erased for com­pli­ance with a leg­al oblig­a­tion in Uni­on or Mem­ber State law to which the con­trol­ler is subject.
  • The per­son­al data have been col­lec­ted in rela­tion to the offer of inform­a­tion soci­ety ser­vices referred to in Art­icle 8(1) of the GDPR.

If one of the afore­men­tioned reas­ons applies, and a data sub­ject wishes to request the eras­ure of per­son­al data stored by onygo​.org, he or she may, at any time, con­tact any employ­ee of the con­trol­ler. An employ­ee of Mar­tin Gude shall promptly ensure that the eras­ure request is com­plied with immediately. 

Where the con­trol­ler has made per­son­al data pub­lic and is obliged pur­su­ant to Art­icle 17(1) to erase the per­son­al data, the con­trol­ler, tak­ing account of avail­able tech­no­logy and the cost of imple­ment­a­tion, shall take reas­on­able steps, includ­ing tech­nic­al meas­ures, to inform oth­er con­trol­lers pro­cessing the per­son­al data that the data sub­ject has reques­ted eras­ure by such con­trol­lers of any links to, or copy or rep­lic­a­tion of, those per­son­al data, as far as pro­cessing is not required. An employ­ees of onygo​.org will arrange the neces­sary meas­ures in indi­vidu­al cases. 

e) Right of restriction of processing

Each data sub­ject shall have the right gran­ted by the European legis­lat­or to obtain from the con­trol­ler restric­tion of pro­cessing where one of the fol­low­ing applies: 

  • The accur­acy of the per­son­al data is con­tested by the data sub­ject, for a peri­od enabling the con­trol­ler to veri­fy the accur­acy of the per­son­al data.
  • The pro­cessing is unlaw­ful and the data sub­ject opposes the eras­ure of the per­son­al data and requests instead the restric­tion of their use instead.
  • The con­trol­ler no longer needs the per­son­al data for the pur­poses of the pro­cessing, but they are required by the data sub­ject for the estab­lish­ment, exer­cise or defence of leg­al claims.
  • The data sub­ject has objec­ted to pro­cessing pur­su­ant to Art­icle 21(1) of the GDPR pending the veri­fic­a­tion wheth­er the legit­im­ate grounds of the con­trol­ler over­ride those of the data subject.

If one of the afore­men­tioned con­di­tions is met, and a data sub­ject wishes to request the restric­tion of the pro­cessing of per­son­al data stored by onygo​.org, he or she may at any time con­tact any employ­ee of the con­trol­ler. The employ­ee of onygo​.org will arrange the restric­tion of the processing. 

f) Right to data portability

Each data sub­ject shall have the right gran­ted by the European legis­lat­or, to receive the per­son­al data con­cern­ing him or her, which was provided to a con­trol­ler, in a struc­tured, com­monly used and machine-read­able format. He or she shall have the right to trans­mit those data to anoth­er con­trol­ler without hindrance from the con­trol­ler to which the per­son­al data have been provided, as long as the pro­cessing is based on con­sent pur­su­ant to point (a) of Art­icle 6(1) of the GDPR or point (a) of Art­icle 9(2) of the GDPR, or on a con­tract pur­su­ant to point (b) of Art­icle 6(1) of the GDPR, and the pro­cessing is car­ried out by auto­mated means, as long as the pro­cessing is not neces­sary for the per­form­ance of a task car­ried out in the pub­lic interest or in the exer­cise of offi­cial author­ity ves­ted in the controller. 

Fur­ther­more, in exer­cising his or her right to data port­ab­il­ity pur­su­ant to Art­icle 20(1) of the GDPR, the data sub­ject shall have the right to have per­son­al data trans­mit­ted dir­ectly from one con­trol­ler to anoth­er, where tech­nic­ally feas­ible and when doing so does not adversely affect the rights and freedoms of others. 

In order to assert the right to data port­ab­il­ity, the data sub­ject may at any time con­tact any employ­ee of onygo​.org.

g) Right to object

Each data sub­ject shall have the right gran­ted by the European legis­lat­or to object, on grounds relat­ing to his or her par­tic­u­lar situ­ation, at any time, to pro­cessing of per­son­al data con­cern­ing him or her, which is based on point (e) or (f) of Art­icle 6(1) of the GDPR. This also applies to pro­fil­ing based on these provisions. 

onygo​.org shall no longer pro­cess the per­son­al data in the event of the objec­tion, unless we can demon­strate com­pel­ling legit­im­ate grounds for the pro­cessing which over­ride the interests, rights and freedoms of the data sub­ject, or for the estab­lish­ment, exer­cise or defence of leg­al claims. 

If onygo​.org pro­cesses per­son­al data for dir­ect mar­ket­ing pur­poses, the data sub­ject shall have the right to object at any time to pro­cessing of per­son­al data con­cern­ing him or her for such mar­ket­ing. This applies to pro­fil­ing to the extent that it is related to such dir­ect mar­ket­ing. If the data sub­ject objects to onygo​.org to the pro­cessing for dir­ect mar­ket­ing pur­poses, onygo​.org will no longer pro­cess the per­son­al data for these purposes. 

In addi­tion, the data sub­ject has the right, on grounds relat­ing to his or her par­tic­u­lar situ­ation, to object to pro­cessing of per­son­al data con­cern­ing him or her by onygo​.org for sci­entif­ic or his­tor­ic­al research pur­poses, or for stat­ist­ic­al pur­poses pur­su­ant to Art­icle 89(1) of the GDPR, unless the pro­cessing is neces­sary for the per­form­ance of a task car­ried out for reas­ons of pub­lic interest. 

In order to exer­cise the right to object, the data sub­ject may con­tact any employ­ee of onygo​.org. In addi­tion, the data sub­ject is free in the con­text of the use of inform­a­tion soci­ety ser­vices, and not­with­stand­ing Dir­ect­ive 2002/58/EC, to use his or her right to object by auto­mated means using tech­nic­al specifications. 

h) Automated individual decision-making, including profiling

Each data sub­ject shall have the right gran­ted by the European legis­lat­or not to be sub­ject to a decision based solely on auto­mated pro­cessing, includ­ing pro­fil­ing, which pro­duces leg­al effects con­cern­ing him or her, or sim­il­arly sig­ni­fic­antly affects him or her, as long as the decision (1) is not is neces­sary for enter­ing into, or the per­form­ance of, a con­tract between the data sub­ject and a data con­trol­ler, or (2) is not author­ised by Uni­on or Mem­ber State law to which the con­trol­ler is sub­ject and which also lays down suit­able meas­ures to safe­guard the data sub­ject’s rights and freedoms and legit­im­ate interests, or (3) is not based on the data sub­ject’s expli­cit consent. 

If the decision (1) is neces­sary for enter­ing into, or the per­form­ance of, a con­tract between the data sub­ject and a data con­trol­ler, or (2) it is based on the data sub­ject’s expli­cit con­sent, onygo​.org shall imple­ment suit­able meas­ures to safe­guard the data sub­ject’s rights and freedoms and legit­im­ate interests, at least the right to obtain human inter­ven­tion on the part of the con­trol­ler, to express his or her point of view and con­test the decision. 

If the data sub­ject wishes to exer­cise the rights con­cern­ing auto­mated indi­vidu­al decision-mak­ing, he or she may, at any time, con­tact any employ­ee of onygo​.org.

i) Right to withdraw data protection consent

Each data sub­ject shall have the right gran­ted by the European legis­lat­or to with­draw his or her con­sent to pro­cessing of his or her per­son­al data at any time. 

If the data sub­ject wishes to exer­cise the right to with­draw the con­sent, he or she may, at any time, con­tact any employ­ee of onygo​.org.

9. Data protection provisions about the application and use of Facebook

On this web­site, the con­trol­ler has integ­rated com­pon­ents of the enter­prise Face­book. Face­book is a social network. 

A social net­work is a place for social meet­ings on the Inter­net, an online com­munity, which usu­ally allows users to com­mu­nic­ate with each oth­er and inter­act in a vir­tu­al space. A social net­work may serve as a plat­form for the exchange of opin­ions and exper­i­ences, or enable the Inter­net com­munity to provide per­son­al or busi­ness-related inform­a­tion. Face­book allows social net­work users to include the cre­ation of private pro­files, upload pho­tos, and net­work through friend requests. 

The oper­at­ing com­pany of Face­book is Face­book, Inc., 1 Hack­er Way, Menlo Park, CA 94025, United States. If a per­son lives out­side of the United States or Canada, the con­trol­ler is the Face­book Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bour, Dub­lin 2, Ireland. 

With each call-up to one of the indi­vidu­al pages of this Inter­net web­site, which is oper­ated by the con­trol­ler and into which a Face­book com­pon­ent (Face­book plug-ins) was integ­rated, the web browser on the inform­a­tion tech­no­logy sys­tem of the data sub­ject is auto­mat­ic­ally promp­ted to down­load dis­play of the cor­res­pond­ing Face­book com­pon­ent from Face­book through the Face­book com­pon­ent. An over­view of all the Face­book Plug-ins may be accessed under developers​.face​book​.com/​d​o​c​s​/​p​l​u​g​i​ns/. Dur­ing the course of this tech­nic­al pro­ced­ure, Face­book is made aware of what spe­cif­ic sub-site of our web­site was vis­ited by the data subject. 

If the data sub­ject is logged in at the same time on Face­book, Face­book detects with every call-up to our web­site by the data subject—and for the entire dur­a­tion of their stay on our Inter­net site—which spe­cif­ic sub-site of our Inter­net page was vis­ited by the data sub­ject. This inform­a­tion is col­lec­ted through the Face­book com­pon­ent and asso­ci­ated with the respect­ive Face­book account of the data sub­ject. If the data sub­ject clicks on one of the Face­book but­tons integ­rated into our web­site, e.g. the »Like« but­ton, or if the data sub­ject sub­mits a com­ment, then Face­book matches this inform­a­tion with the per­son­al Face­book user account of the data sub­ject and stores the per­son­al data. 

Face­book always receives, through the Face­book com­pon­ent, inform­a­tion about a vis­it to our web­site by the data sub­ject, whenev­er the data sub­ject is logged in at the same time on Face­book dur­ing the time of the call-up to our web­site. This occurs regard­less of wheth­er the data sub­ject clicks on the Face­book com­pon­ent or not. If such a trans­mis­sion of inform­a­tion to Face­book is not desir­able for the data sub­ject, then he or she may pre­vent this by log­ging off from their Face­book account before a call-up to our web­site is made. 

The data pro­tec­tion guideline pub­lished by Face­book, which is avail­able at face​book​.com/​a​b​o​u​t​/​p​r​i​v​a​cy/, provides inform­a­tion about the col­lec­tion, pro­cessing and use of per­son­al data by Face­book. In addi­tion, it is explained there what set­ting options Face­book offers to pro­tect the pri­vacy of the data sub­ject. In addi­tion, dif­fer­ent con­fig­ur­a­tion options are made avail­able to allow the elim­in­a­tion of data trans­mis­sion to Face­book. These applic­a­tions may be used by the data sub­ject to elim­in­ate a data trans­mis­sion to Facebook. 

10. Data protection provisions about the application and use of Instagram

On this web­site, the con­trol­ler has integ­rated com­pon­ents of the ser­vice Ins­tagram. Ins­tagram is a ser­vice that may be qual­i­fied as an audi­ovisu­al plat­form, which allows users to share pho­tos and videos, as well as dis­sem­in­ate such data in oth­er social networks. 

The oper­at­ing com­pany of the ser­vices offered by Ins­tagram is Face­book Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bour, Dub­lin 2 Ireland. 

With each call-up to one of the indi­vidu­al pages of this Inter­net site, which is oper­ated by the con­trol­ler and on which an Ins­tagram com­pon­ent (Insta but­ton) was integ­rated, the Inter­net browser on the inform­a­tion tech­no­logy sys­tem of the data sub­ject is auto­mat­ic­ally promp­ted to the down­load of a dis­play of the cor­res­pond­ing Ins­tagram com­pon­ent of Ins­tagram. Dur­ing the course of this tech­nic­al pro­ced­ure, Ins­tagram becomes aware of what spe­cif­ic sub-page of our web­site was vis­ited by the data subject. 

If the data sub­ject is logged in at the same time on Ins­tagram, Ins­tagram detects with every call-up to our web­site by the data subject—and for the entire dur­a­tion of their stay on our Inter­net site—which spe­cif­ic sub-page of our Inter­net page was vis­ited by the data sub­ject. This inform­a­tion is col­lec­ted through the Ins­tagram com­pon­ent and is asso­ci­ated with the respect­ive Ins­tagram account of the data sub­ject. If the data sub­ject clicks on one of the Ins­tagram but­tons integ­rated on our web­site, then Ins­tagram matches this inform­a­tion with the per­son­al Ins­tagram user account of the data sub­ject and stores the per­son­al data. 

Ins­tagram receives inform­a­tion via the Ins­tagram com­pon­ent that the data sub­ject has vis­ited our web­site provided that the data sub­ject is logged in at Ins­tagram at the time of the call to our web­site. This occurs regard­less of wheth­er the per­son clicks on the Ins­tagram but­ton or not. If such a trans­mis­sion of inform­a­tion to Ins­tagram is not desir­able for the data sub­ject, then he or she can pre­vent this by log­ging off from their Ins­tagram account before a call-up to our web­site is made. 

Fur­ther inform­a­tion and the applic­able data pro­tec­tion pro­vi­sions of Ins­tagram may be retrieved under help​.ins​tagram​.com/​1​5​5​8​3​3​7​0​7​9​0​0​388 and www​.ins​tagram​.com/​a​b​o​u​t​/​l​e​g​a​l​/​p​r​i​v​a​cy/.

11. Data protection provisions about the application and use of Jetpack for WordPress

On this web­site, the con­trol­ler has integ­rated Jet­pack. Jet­pack is a Word­Press plug-in, which provides addi­tion­al fea­tures to the oper­at­or of a web­site based on Word­Press. Jet­pack allows the Inter­net site oper­at­or, inter alia, an over­view of the vis­it­ors of the site. By dis­play­ing related posts and pub­lic­a­tions, or the abil­ity to share con­tent on the page, it is also pos­sible to increase vis­it­or num­bers. In addi­tion, secur­ity fea­tures are integ­rated into Jet­pack, so a Jet­pack-using site is bet­ter pro­tec­ted against brute-force attacks. Jet­pack also optim­izes and accel­er­ates the load­ing of images on the website. 

The oper­at­ing com­pany of Jet­pack Plug-Ins for Word­Press is the Aut O’Mattic A8C Ire­land Ltd., Busi­ness Centre, No.1 Lower May­or Street, Inter­na­tion­al Fin­an­cial Ser­vices Centre, Dub­lin 1, Ireland. 

Jet­pack sets a cook­ie on the inform­a­tion tech­no­logy sys­tem used by the data sub­ject. The defin­i­tion of cook­ies is explained above. With each call-up to one of the indi­vidu­al pages of this Inter­net site, which is oper­ated by the con­trol­ler and on which a Jet­pack com­pon­ent was integ­rated, the Inter­net browser on the inform­a­tion tech­no­logy sys­tem of the data sub­ject is auto­mat­ic­ally promp­ted to sub­mit data through the Jet­pack com­pon­ent for ana­lys­is pur­poses to Auto­mat­tic. Dur­ing the course of this tech­nic­al pro­ced­ure Auto­mat­tic receives data that is used to cre­ate an over­view of web­site vis­its. The data obtained in this way serves the ana­lys­is of the beha­viour of the data sub­ject, which has access to the Inter­net page of the con­trol­ler and is ana­lyzed with the aim to optim­ize the web­site. The data col­lec­ted through the Jet­pack com­pon­ent is not used to identi­fy the data sub­ject without a pri­or obtain­ing of a sep­ar­ate express con­sent of the data sub­ject. The data comes also to the notice of Quant­cast. Quant­cast uses the data for the same pur­poses as Automattic. 

The data sub­ject can, as stated above, pre­vent the set­ting of cook­ies through our web­site at any time by means of a cor­res­pond­ing adjust­ment of the web browser used and thus per­man­ently deny the set­ting of cook­ies. Such an adjust­ment to the Inter­net browser used would also pre­vent Automattic/Quantcast from set­ting a cook­ie on the inform­a­tion tech­no­logy sys­tem of the data sub­ject. In addi­tion, cook­ies already in use by Automattic/Quantcast may be deleted at any time via a web browser or oth­er soft­ware programs. 

In addi­tion, the data sub­ject has the pos­sib­il­ity of object­ing to a col­lec­tion of data relat­ing to a use of this Inter­net site that are gen­er­ated by the Jet­pack cook­ie as well as the pro­cessing of these data by Automattic/Quantcast and the chance to pre­clude any such. For this pur­pose, the data sub­ject must press the ‘opt-out’ but­ton under the link www​.quant​cast​.com/​o​p​t​-​o​ut/ which sets an opt-out cook­ie. The opt-out cook­ie set with this pur­pose is placed on the inform­a­tion tech­no­logy sys­tem used by the data sub­ject. If the cook­ies are deleted on the sys­tem of the data sub­ject, then the data sub­ject must call up the link again and set a new opt-out cookie. 

With the set­ting of the opt-out cook­ie, how­ever, the pos­sib­il­ity exists that the web­sites of the con­trol­ler are not fully usable any­more by the data subject. 

The applic­able data pro­tec­tion pro­vi­sions of Auto­mat­tic may be accessed under auto​mat​tic​.com/​p​r​i​v​a​cy/. The applic­able data pro­tec­tion pro­vi­sions of Quant­cast can be accessed under www​.quant​cast​.com/​p​r​i​v​a​cy/.

12. Data protection provisions about the application and use of LinkedIn

The con­trol­ler has integ­rated com­pon­ents of the Linked­In Cor­por­a­tion on this web­site. Linked­In is a web-based social net­work that enables users with exist­ing busi­ness con­tacts to con­nect and to make new busi­ness con­tacts. Over 400 mil­lion registered people in more than 200 coun­tries use Linked­In. Thus, Linked­In is cur­rently the largest plat­form for busi­ness con­tacts and one of the most vis­ited web­sites in the world. 

The oper­at­ing com­pany of Linked­In is Linked­In Cor­por­a­tion, 2029 Sti­er­lin Court Moun­tain View, CA 94043, UNITED STATES. For pri­vacy mat­ters out­side of the UNITED STATES Linked­In Ire­land, Pri­vacy Policy Issues, Wilton Plaza, Wilton Place, Dub­lin 2, Ire­land, is responsible. 

With each call-up to one of the indi­vidu­al pages of this Inter­net site, which is oper­ated by the con­trol­ler and on which a Linked­In com­pon­ent (Linked­In plug-in) was integ­rated, the Inter­net browser on the inform­a­tion tech­no­logy sys­tem of the data sub­ject is auto­mat­ic­ally promp­ted to the down­load of a dis­play of the cor­res­pond­ing Linked­In com­pon­ent of Linked­In. Fur­ther inform­a­tion about the Linked­In plug-in may be accessed under developer​.linked​in​.com/​p​l​u​g​ins. Dur­ing the course of this tech­nic­al pro­ced­ure, Linked­In gains know­ledge of what spe­cif­ic sub-page of our web­site was vis­ited by the data subject. 

If the data sub­ject is logged in at the same time on Linked­In, Linked­In detects with every call-up to our web­site by the data subject—and for the entire dur­a­tion of their stay on our Inter­net site—which spe­cif­ic sub-page of our Inter­net page was vis­ited by the data sub­ject. This inform­a­tion is col­lec­ted through the Linked­In com­pon­ent and asso­ci­ated with the respect­ive Linked­In account of the data sub­ject. If the data sub­ject clicks on one of the Linked­In but­tons integ­rated on our web­site, then Linked­In assigns this inform­a­tion to the per­son­al Linked­In user account of the data sub­ject and stores the per­son­al data. 

Linked­In receives inform­a­tion via the Linked­In com­pon­ent that the data sub­ject has vis­ited our web­site, provided that the data sub­ject is logged in at Linked­In at the time of the call-up to our web­site. This occurs regard­less of wheth­er the per­son clicks on the Linked­In but­ton or not. If such a trans­mis­sion of inform­a­tion to Linked­In is not desir­able for the data sub­ject, then he or she may pre­vent this by log­ging off from their Linked­In account before a call-up to our web­site is made. 

Linked­In provides under www​.linked​in​.com/​p​s​e​t​t​i​n​g​s​/​g​u​e​s​t​-​c​o​n​t​r​ols the pos­sib­il­ity to unsub­scribe from e‑mail mes­sages, SMS mes­sages and tar­geted ads, as well as the abil­ity to man­age ad set­tings. Linked­In also uses affil­i­ates such as Eire, Google Ana­lyt­ics, BlueKai, Double­Click, Nielsen, Com­score, Elo­qua, and Lot­ame. The set­ting of such cook­ies may be denied under www​.linked​in​.com/​l​e​g​a​l​/​c​o​o​k​i​e​-​p​o​l​icy. The applic­able pri­vacy policy for Linked­In is avail­able under www​.linked​in​.com/​l​e​g​a​l​/​p​r​i​v​a​c​y​-​p​o​l​icy. The Linked­In Cook­ie Policy is avail­able under www​.linked​in​.com/​l​e​g​a​l​/​c​o​o​k​i​e​-​p​o​l​icy.

13. Data protection provisions about the application and use of Pinterest

On this web­site, the con­trol­ler has integ­rated com­pon­ents of Pin­terest Inc. Pin­terest is a so-called social net­work. A social net­work is an Inter­net social meet­ing place, an online com­munity that allows users to com­mu­nic­ate and inter­act with each oth­er in a vir­tu­al space. A social net­work may serve as a plat­form for the exchange of opin­ions and exper­i­ences, or allow the Inter­net com­munity to provide per­son­al or com­pany-related inform­a­tion. Pin­terest enables the users of the social net­work to pub­lish, inter alia, pic­ture col­lec­tions and indi­vidu­al pic­tures as well as descrip­tions on vir­tu­al pin­boards (so-called pins), which can then be shared by oth­er user­’s (so-called re-pins) or com­men­ted on. 

The oper­at­ing com­pany of Pin­terest is Pin­terest Europe Ltd., Palmer­ston House, 2nd Floor, Feni­an Street, Dub­lin 2,Ireland.

With each call-up to one of the indi­vidu­al pages of this Inter­net site, which is oper­ated by the con­trol­ler and on which a Pin­terest com­pon­ent (Pin­terest plug-in) was integ­rated, the Inter­net browser on the inform­a­tion tech­no­logy sys­tem of the data sub­ject auto­mat­ic­ally promp­ted to down­load through the respect­ive Pin­terest com­pon­ent a dis­play of the cor­res­pond­ing Pin­terest com­pon­ent. Fur­ther inform­a­tion on Pin­terest is avail­able under pin​terest​.com/. Dur­ing the course of this tech­nic­al pro­ced­ure, Pin­terest gains know­ledge of what spe­cif­ic sub-page of our web­site is vis­ited by the data subject. 

If the data sub­ject is logged in at the same time on Pin­terest, Pin­terest detects with every call-up to our web­site by the data subject—and for the entire dur­a­tion of their stay on our Inter­net site—which spe­cif­ic sub-page of our Inter­net page was vis­ited by the data sub­ject. This inform­a­tion is col­lec­ted through the Pin­terest com­pon­ent and asso­ci­ated with the respect­ive Pin­terest account of the data sub­ject. If the data sub­ject clicks on one of the Pin­terest but­tons, integ­rated on our web­site, then Pin­terest assigns this inform­a­tion to the per­son­al Pin­terest user account of the data sub­ject and stores the per­son­al data. 

Pin­terest receives inform­a­tion via the Pin­terest com­pon­ent that the data sub­ject has vis­ited our web­site, provided that the data sub­ject is logged in at Pin­terest at the time of the call-up to our web­site. This occurs regard­less of wheth­er the per­son clicks on the Pin­terest com­pon­ent or not. If such a trans­mis­sion of inform­a­tion to Pin­terest is not desir­able for the data sub­ject, then he or she may pre­vent this by log­ging off from their Pin­terest account before a call-up to our web­site is made. 

The data pro­tec­tion guideline pub­lished by Pin­terest, which is avail­able under about​.pin​terest​.com/​p​r​i​v​a​c​y​-​p​o​l​icy, provides inform­a­tion on the col­lec­tion, pro­cessing and use of per­son­al data by Pinterest. 

14. Data protection provisions about the application and use of Matomo

On this web­site, the con­trol­ler has integ­rated the Mat­omo com­pon­ent. Mat­omo is an open-source soft­ware tool for web ana­lys­is. Web ana­lys­is is the col­lec­tion, gath­er­ing and eval­u­ation of data on the beha­vi­or of vis­it­ors from Inter­net sites. A web ana­lys­is tool col­lects, inter alia, data on the web­site from which a data sub­ject came to a web­site (so-called refer­rer), which pages of the web­site were accessed or how often and for which peri­od of time a sub-page was viewed. A web ana­lys­is is mainly used for the optim­iz­a­tion of a web­site and the cost-bene­fit ana­lys­is of Inter­net advertising. 

The soft­ware is oper­ated on the serv­er of the con­trol­ler, the data pro­tec­tion-sens­it­ive log files are stored exclus­ively on this server. 

The pur­pose of the Mat­omo com­pon­ent is the ana­lys­is of the vis­it­or flows on our web­site. The con­trol­ler uses the obtained data and inform­a­tion, inter alia, to eval­u­ate the use of this web­site in order to com­pile online reports, which show the activ­it­ies on our Inter­net pages. 

Mat­omo sets a cook­ie on the inform­a­tion tech­no­logy sys­tem of the data sub­ject. The defin­i­tion of cook­ies is explained above. With the set­ting of the cook­ie, an ana­lys­is of the use of our web­site is enabled. With each call-up to one of the indi­vidu­al pages of this web­site, the Inter­net browser on the inform­a­tion tech­no­logy sys­tem of the data sub­ject is auto­mat­ic­ally through the Mat­omo com­pon­ent promp­ted to sub­mit data for the pur­pose of online ana­lys­is to our serv­er. Dur­ing the course of this tech­nic­al pro­ced­ure, we obtain know­ledge about per­son­al inform­a­tion, such as the IP address of the data sub­ject, which serves to under­stand the ori­gin of vis­it­ors and clicks. 

The cook­ie is used to store per­son­al inform­a­tion, such as the access time, the loc­a­tion from which access was made, and the fre­quency of vis­its to our web­site. With each vis­it of our Inter­net pages, these per­son­al data, includ­ing the IP address of the Inter­net access used by the data sub­ject, are trans­ferred to our serv­er. These per­son­al data will be stored by us. We do not for­ward this per­son­al data to third parties. 

The data sub­ject may, as stated above, pre­vent the set­ting of cook­ies through our web­site at any time by means of a cor­res­pond­ing adjust­ment of the web browser used and thus per­man­ently deny the set­ting of cook­ies. Such an adjust­ment to the used Inter­net browser would also pre­vent Mat­omo from set­ting a cook­ie on the inform­a­tion tech­no­logy sys­tem of the data sub­ject. In addi­tion, cook­ies already in use by Mat­omo may be deleted at any time via a web browser or oth­er soft­ware programs. 

In addi­tion, the data sub­ject has the pos­sib­il­ity of object­ing to a col­lec­tion of data relat­ing to a use of this Inter­net site that are gen­er­ated by Mat­omo as well as the pro­cessing of these data by Mat­omo and the chance to pre­clude any such. For this, the data sub­ject must set a »Do Not Track« option in the browser.

With each set­ting of the opt-out cook­ie, how­ever, there is the pos­sib­il­ity that the web­sites of the con­trol­ler are no longer fully usable for the data subject. 

Fur­ther inform­a­tion and the applic­able data pro­tec­tion pro­vi­sions of Mat­omo may be retrieved under mat​omo​.org/​p​r​i​v​a​cy/.

15. Data protection provisions about the application and use of SlideShare

On this web­site, the con­trol­ler has integ­rated Slide­Share com­pon­ents. Linked­In Slide­Share as a file host­ing ser­vice allows you to exchange and archive present­a­tions and oth­er doc­u­ments, such as PDF files, videos, and webinars. The file host­ing ser­vice allows users to upload media con­tent in all pop­u­lar formats, with the doc­u­ments either pub­licly-access­ible or private-labeled. 

The oper­at­ing com­pany of Slide­Share is Linked­In Ire­land Unlim­ited Com­pany, Wilton Plaza, Wilton Place, Dub­lin 2, Ireland. 

Linked­In Slide­Share provides so-called embed­ded codes for the media con­tent (e.g. present­a­tions, PDF files, videos, pho­tos, etc.) stored there. Embed­ded codes are pro­gram codes that are embed­ded in the Inter­net pages to dis­play extern­al con­tent on their own web­site. Embed­ded codes allow con­tent to be repro­duced on its own web­site without stor­ing it on its own serv­er, pos­sibly viol­at­ing the right of repro­duc­tion of the respect­ive author of the con­tent. A fur­ther advant­age of the use of an embed­ded code is that the respect­ive oper­at­or of a web­site does not use its own stor­age space and the own serv­er is thereby relieved. An embed­ded code may be integ­rated at any point on anoth­er web­site so that an extern­al con­tent may also be inser­ted with­in the own text. The pur­pose of using Linked­In Slide­Share is to relieve our serv­er and to avoid copy­right infringe­ments, while at the same time using third-party content. 

With each call-up to our Inter­net site, which is equipped with a Slide­Share com­pon­ent (embed­ded code), this com­pon­ent prompts the browser that you are using to down­load the accord­ing embed­ded data from Slide­Share. Dur­ing the course of this tech­nic­al pro­ced­ure, Linked­In gains know­ledge of which spe­cif­ic sub-page of our web­site is vis­ited by the data subject. 

If the data sub­ject is logged in on Slide­Share at the same time, Slide­Share recog­nizes with each call-up to our web­site by the data sub­ject and for the entire dur­a­tion of their stay on our Inter­net site which spe­cif­ic sub-page was vis­ited by the data sub­ject. This inform­a­tion is col­lec­ted by Slide­Share and assigned to the respect­ive Slide­Share account of the data sub­ject through LinkedIn. 

Linked­In obtains inform­a­tion via the Slide­Share com­pon­ent that the data sub­ject has vis­ited our web­site, provided that the data sub­ject is logged in at Slide­Share at the time of the call-up to our web­site. This occurs regard­less of wheth­er the per­son clicks on the embed­ded media data or not. If such a trans­mis­sion of inform­a­tion to Slide­Share is not desir­able for the data sub­ject, then he or she may pre­vent this by log­ging off from their Slide­Share account before a call-up to our web­site is made. 

Linked­In also uses affil­i­ates such as Eire, Google Ana­lyt­ics, BlueKai, Double­Click, Nielsen, Com­score, Elo­qua, and Lot­ame. The set­ting of such cook­ies may be denied under www​.linked​in​.com/​l​e​g​a​l​/​c​o​o​k​i​e​-​p​o​l​icy. The applic­able data pro­tec­tion pro­vi­sions for Linked­In is avail­able under www​.linked​in​.com/​l​e​g​a​l​/​p​r​i​v​a​c​y​-​p​o​l​icy.

16. Data protection provisions about the application and use of Twitter

On this web­site, the con­trol­ler has integ­rated com­pon­ents of Twit­ter. Twit­ter is a mul­ti­lin­gual, pub­licly-access­ible microb­log­ging ser­vice on which users may pub­lish and spread so-called ‘tweets,’ e.g. short mes­sages, which are lim­ited to 280 char­ac­ters. These short mes­sages are avail­able for every­one, includ­ing those who are not logged on to Twit­ter. The tweets are also dis­played to so-called fol­low­ers of the respect­ive user. Fol­low­ers are oth­er Twit­ter users who fol­low a user­’s tweets. Fur­ther­more, Twit­ter allows you to address a wide audi­ence via hasht­ags, links or retweets. 

The oper­at­ing com­pany of Twit­ter is Twit­ter Inter­na­tion­al Com­pany, One Cum­ber­land Place, Feni­an Street Dub­lin 2, D02 AX07, Ireland. 

With each call-up to one of the indi­vidu­al pages of this Inter­net site, which is oper­ated by the con­trol­ler and on which a Twit­ter com­pon­ent (Twit­ter but­ton) was integ­rated, the Inter­net browser on the inform­a­tion tech­no­logy sys­tem of the data sub­ject is auto­mat­ic­ally promp­ted to down­load a dis­play of the cor­res­pond­ing Twit­ter com­pon­ent of Twit­ter. Fur­ther inform­a­tion about the Twit­ter but­tons is avail­able under about​.twit​ter​.com/​d​e​/​r​e​s​o​u​r​c​e​s​/​b​u​t​t​ons. Dur­ing the course of this tech­nic­al pro­ced­ure, Twit­ter gains know­ledge of what spe­cif­ic sub-page of our web­site was vis­ited by the data sub­ject. The pur­pose of the integ­ra­tion of the Twit­ter com­pon­ent is a retrans­mis­sion of the con­tents of this web­site to allow our users to intro­duce this web page to the digit­al world and increase our vis­it­or numbers. 

If the data sub­ject is logged in at the same time on Twit­ter, Twit­ter detects with every call-up to our web­site by the data sub­ject and for the entire dur­a­tion of their stay on our Inter­net site which spe­cif­ic sub-page of our Inter­net page was vis­ited by the data sub­ject. This inform­a­tion is col­lec­ted through the Twit­ter com­pon­ent and asso­ci­ated with the respect­ive Twit­ter account of the data sub­ject. If the data sub­ject clicks on one of the Twit­ter but­tons integ­rated on our web­site, then Twit­ter assigns this inform­a­tion to the per­son­al Twit­ter user account of the data sub­ject and stores the per­son­al data. 

Twit­ter receives inform­a­tion via the Twit­ter com­pon­ent that the data sub­ject has vis­ited our web­site, provided that the data sub­ject is logged in on Twit­ter at the time of the call-up to our web­site. This occurs regard­less of wheth­er the per­son clicks on the Twit­ter com­pon­ent or not. If such a trans­mis­sion of inform­a­tion to Twit­ter is not desir­able for the data sub­ject, then he or she may pre­vent this by log­ging off from their Twit­ter account before a call-up to our web­site is made. 

The applic­able data pro­tec­tion pro­vi­sions of Twit­ter may be accessed under twit​ter​.com/​p​r​i​v​a​c​y​?​l​a​n​g​=en.

17. Data protection provisions about the application and use of Xing

On this web­site, the con­trol­ler has integ­rated com­pon­ents of XING. XING is an Inter­net-based social net­work that enables users to con­nect with exist­ing busi­ness con­tacts and to cre­ate new busi­ness con­tacts. The indi­vidu­al users can cre­ate a per­son­al pro­file of them­selves at XING. Com­pan­ies may, e.g. cre­ate com­pany pro­files or pub­lish jobs on XING

The oper­at­ing com­pany of XING is XING SE, Dam­mt­or­straße 30, 20354 Ham­burg, Germany. 

With each call-up to one of the indi­vidu­al pages of this Inter­net site, which is oper­ated by the con­trol­ler and on which a XING com­pon­ent (XING plug-in) was integ­rated, the Inter­net browser on the inform­a­tion tech­no­logy sys­tem of the data sub­ject is auto­mat­ic­ally promp­ted to down­load a dis­play of the cor­res­pond­ing XING com­pon­ent of XING. Fur­ther inform­a­tion about the XING plug-in the may be accessed under dev​.xing​.com/​p​l​u​g​ins. Dur­ing the course of this tech­nic­al pro­ced­ure, XING gains know­ledge of what spe­cif­ic sub-page of our web­site was vis­ited by the data subject. 

If the data sub­ject is logged in at the same time on XING, XING detects with every call-up to our web­site by the data subject—and for the entire dur­a­tion of their stay on our Inter­net site—which spe­cif­ic sub-page of our Inter­net page was vis­ited by the data sub­ject. This inform­a­tion is col­lec­ted through the XING com­pon­ent and asso­ci­ated with the respect­ive XING account of the data sub­ject. If the data sub­ject clicks on the XING but­ton integ­rated on our Inter­net site, e.g. the »Share«-button, then XING assigns this inform­a­tion to the per­son­al XING user account of the data sub­ject and stores the per­son­al data. 

XING receives inform­a­tion via the XING com­pon­ent that the data sub­ject has vis­ited our web­site, provided that the data sub­ject is logged in at XING at the time of the call to our web­site. This occurs regard­less of wheth­er the per­son clicks on the XING com­pon­ent or not. If such a trans­mis­sion of inform­a­tion to XING is not desir­able for the data sub­ject, then he or she can pre­vent this by log­ging off from their XING account before a call-up to our web­site is made. 

The data pro­tec­tion pro­vi­sions pub­lished by XING, which is avail­able under www​.xing​.com/​p​r​i​v​acy, provide inform­a­tion on the col­lec­tion, pro­cessing and use of per­son­al data by XING. In addi­tion, XING has pub­lished pri­vacy notices for the XING share but­ton under www​.xing​.com/​a​p​p​/​s​h​a​r​e​?​o​p​=​d​a​t​a​_​p​r​o​t​e​c​t​ion.

18. Data protection provisions about the application and use of YouTube

On this web­site, the con­trol­ler has integ­rated com­pon­ents of You­Tube. You­Tube is an Inter­net video portal that enables video pub­lish­ers to set video clips and oth­er users free of charge, which also provides free view­ing, review and com­ment­ing on them. You­Tube allows you to pub­lish all kinds of videos, so you can access both full movies and TV broad­casts, as well as music videos, trail­ers, and videos made by users via the Inter­net portal. 

The oper­at­ing com­pany of You­Tube is Google Ire­land Lim­ited, Gor­don House, Bar­row Street, Dub­lin, D04 E5W5, Ireland. 

With each call-up to one of the indi­vidu­al pages of this Inter­net site, which is oper­ated by the con­trol­ler and on which a You­Tube com­pon­ent (You­Tube video) was integ­rated, the Inter­net browser on the inform­a­tion tech­no­logy sys­tem of the data sub­ject is auto­mat­ic­ally promp­ted to down­load a dis­play of the cor­res­pond­ing You­Tube com­pon­ent. Fur­ther inform­a­tion about You­Tube may be obtained under www​.you​tube​.com/​y​t​/​a​b​o​u​t​/​en/. Dur­ing the course of this tech­nic­al pro­ced­ure, You­Tube and Google gain know­ledge of what spe­cif­ic sub-page of our web­site was vis­ited by the data subject. 

If the data sub­ject is logged in on You­Tube, You­Tube recog­nizes with each call-up to a sub-page that con­tains a You­Tube video, which spe­cif­ic sub-page of our Inter­net site was vis­ited by the data sub­ject. This inform­a­tion is col­lec­ted by You­Tube and Google and assigned to the respect­ive You­Tube account of the data subject. 

You­Tube and Google will receive inform­a­tion through the You­Tube com­pon­ent that the data sub­ject has vis­ited our web­site, if the data sub­ject at the time of the call to our web­site is logged in on You­Tube; this occurs regard­less of wheth­er the per­son clicks on a You­Tube video or not. If such a trans­mis­sion of this inform­a­tion to You­Tube and Google is not desir­able for the data sub­ject, the deliv­ery may be pre­ven­ted if the data sub­ject logs off from their own You­Tube account before a call-up to our web­site is made. 

You­Tube’s data pro­tec­tion pro­vi­sions, avail­able at www​.google​.com/​i​n​t​l​/​e​n​/​p​o​l​i​c​i​e​s​/​p​r​i​v​a​cy/, provide inform­a­tion about the col­lec­tion, pro­cessing and use of per­son­al data by You­Tube and Google. 

We embed videos from You­Tube using YouTube’s pri­vacy-enhanced mode. This mode may set cook­ies on your com­puter once you click on the You­Tube video play­er, but You­Tube will not store per­son­ally-iden­ti­fi­able cook­ie inform­a­tion for play­backs of embed­ded videos using the pri­vacy-enhanced mode. To find out more please read the inform­a­tion about Enabling pri­vacy-enhanced mode for embed­ded videos on YouTube’s embed­ding videos inform­a­tion page.

19. Data protection provisions about the application and use of Vimeo

We embed videos from Vimeo using a two-click solu­tion to ensure that no per­son­al inform­a­tion will be passed on when you vis­it our web­site. Once you start a video, per­son­ally iden­ti­fi­able data will be trans­mit­ted to Vimeo and stored in the United States. A cook­ie will be set in your browser. To find out more please read Vimeo’s inform­a­tion cook­ie inform­a­tion page.

20. Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the leg­al basis for pro­cessing oper­a­tions for which we obtain con­sent for a spe­cif­ic pro­cessing pur­pose. If the pro­cessing of per­son­al data is neces­sary for the per­form­ance of a con­tract to which the data sub­ject is party, as is the case, for example, when pro­cessing oper­a­tions are neces­sary for the sup­ply of goods or to provide any oth­er ser­vice, the pro­cessing is based on Art­icle 6(1) lit. b GDPR. The same applies to such pro­cessing oper­a­tions which are neces­sary for car­ry­ing out pre-con­trac­tu­al meas­ures, for example in the case of inquir­ies con­cern­ing our products or ser­vices. Is our com­pany sub­ject to a leg­al oblig­a­tion by which pro­cessing of per­son­al data is required, such as for the ful­fill­ment of tax oblig­a­tions, the pro­cessing is based on Art. 6(1) lit. c GDPR

In rare cases, the pro­cessing of per­son­al data may be neces­sary to pro­tect the vital interests of the data sub­ject or of anoth­er nat­ur­al per­son. This would be the case, for example, if a vis­it­or were injured in our com­pany and his name, age, health insur­ance data or oth­er vital inform­a­tion would have to be passed on to a doc­tor, hos­pit­al or oth­er third party. Then the pro­cessing would be based on Art. 6(1) lit. d GDPR.
Finally, pro­cessing oper­a­tions could be based on Art­icle 6(1) lit. f GDPR. This leg­al basis is used for pro­cessing oper­a­tions which are not covered by any of the above­men­tioned leg­al grounds, if pro­cessing is neces­sary for the pur­poses of the legit­im­ate interests pur­sued by our com­pany or by a third party, except where such interests are over­rid­den by the interests or fun­da­ment­al rights and freedoms of the data sub­ject which require pro­tec­tion of per­son­al data. Such pro­cessing oper­a­tions are par­tic­u­larly per­miss­ible because they have been spe­cific­ally men­tioned by the European legis­lat­or. He con­sidered that a legit­im­ate interest could be assumed if the data sub­ject is a cli­ent of the con­trol­ler (Recit­al 47 Sen­tence 2 GDPR). 

21. The legitimate interests pursued by the controller or by a third party

Where the pro­cessing of per­son­al data is based on Art­icle 6(1) lit. f GDPR our legit­im­ate interest is to carry out our busi­ness in favor of the well-being of all our employ­ees and the shareholders. 

22. Period for which the personal data will be stored

The cri­ter­ia used to determ­ine the peri­od of stor­age of per­son­al data is the respect­ive stat­utory reten­tion peri­od. After expir­a­tion of that peri­od, the cor­res­pond­ing data is routinely deleted, as long as it is no longer neces­sary for the ful­fill­ment of the con­tract or the ini­ti­ation of a contract. 

23. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We cla­ri­fy that the pro­vi­sion of per­son­al data is partly required by law (e.g. tax reg­u­la­tions) or can also res­ult from con­trac­tu­al pro­vi­sions (e.g. inform­a­tion on the con­trac­tu­al partner). 

Some­times it may be neces­sary to con­clude a con­tract that the data sub­ject provides us with per­son­al data, which must sub­sequently be pro­cessed by us. The data sub­ject is, for example, obliged to provide us with per­son­al data when our com­pany signs a con­tract with him or her. The non-pro­vi­sion of the per­son­al data would have the con­sequence that the con­tract with the data sub­ject could not be concluded. 

Before per­son­al data is provided by the data sub­ject, the data sub­ject must con­tact any employ­ee. The employ­ee cla­ri­fies to the data sub­ject wheth­er the pro­vi­sion of the per­son­al data is required by law or con­tract or is neces­sary for the con­clu­sion of the con­tract, wheth­er there is an oblig­a­tion to provide the per­son­al data and the con­sequences of non-pro­vi­sion of the per­son­al data. 

24. Existence of automated decision-making

As a respons­ible com­pany, we do not use auto­mat­ic decision-mak­ing or profiling. 

This Pri­vacy Policy has been gen­er­ated by the Pri­vacy Policy Gen­er­at­or of the Extern­al Data Pro­tec­tion Officers that was developed in cooper­a­tion with the Media Law Law­yers from WBS-LAW