- Personal data
Personal data is all information about a specific or identifiable natural person. An identifiable natural person is a person that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific physical, physiological, genetic, mental characteristics, economic, cultural or social identity of this natural person.
- Affected person
An affected person is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any process or set of operations performed on personal data or personal data, whether automated, recorded, organized, structured, stored, adapted or changed, accessed, consulted, used, transmitted, disseminated or otherwise made available, directed or combined, restricted, deleted or destroyed.
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain aspects of a natural person, in particular to analyze or predict aspects of work performance, economic situation, health, personal preferences, interests, the reliability, the behavior, the location or the movements of this natural person.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific person without the use of additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data is not assigned to a specific or identifiable natural person.
Responsible for processing is the natural or legal person, public authority, agency or other body which, alone or in concert with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by the Union or Member State law, the controller or the specific criteria for their designation may be determined by the Union or Member State law.
The processor is a natural or legal person, public authority, government agency or other body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, agency, agency or other entity to which the personal information is disclosed, whether or not it is a third party. However, authorities which may obtain personal data under a specific investigation under the Union or national law shall not be considered as beneficiaries. The processing of these data by these authorities will be in accordance with the applicable data protection rules for the purposes of processing.
The consent of the data subject is any free, specific, informed and unambiguous presentation of the data subject’s wishes, by which they declare their consent to the processing of the personal data concerning them by means of a declaration or a clear affirmation.
I. Name of the person responsible
The person responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is the
The data controller may vary depending on the offer or the purpose of the processing and another of our trbo companies may accordingly be the controller. You can find our other trbo companies here
II. Data Protection Officer
You can contact our data protection officer as follows:
III. General information about the collection and processing of your data
- Scope of processing
In principle, we process personal data of our website visitors and users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.
- Legal basis
Insofar as we obtain the consent of the data subject for processing of personal data, art. 6 §1 GDPR serves as a legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, art. 6 § 1 lit. b GDPR as a legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, art. 6 § 1 lit. c GDPR as legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 § 1 lit. d GDPR as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, art. 6 § 1 lit. f GDPR as legal basis for processing.
- Storage and deletion of your data
We delete or block the personal data of the data subject as soon as the purpose of the storage is eliminated. It may also be stored if provided for by the European or national legislator in EU regulations, laws or regulations to which our company is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
IV. Provision of the website and creation of log files
Scope of processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. This is e.g. information like
– Information about the type and version of your internet browser,
– The operating system of your computer or smartphone,
– Your internet service provider,
– Your IP address,
– Date and time of your access,
– Websites from which you came to us,
– Websites that you visit from our site.
– The legal basis for the temporary storage is art. 6 § 1 lit. f GDPR.
The location of our servers is EU (Germany and Belgium).
We collect such technical information in so-called “log files”, so that you can display our website correctly and we can identify the causes of any technical problems, for the technical optimization of our websites and for the purpose of the security of our computer systems and networks. For these purposes, our legitimate interest in the processing of data according to art. 6 § 1 lit. f GDPR.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Typically, this technical information will be erased or rendered unrecognizable at the latest after seven days.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
V. Contact requests for product information, a demo, applications or other concerns
Web form to download our case studies, on demand webinars and whitepapers
A web form is provided on our website which you can use to contact us to request case studies and white papers free of charge. The transmission of personal data via the web form is exclusively encrypted. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are: First name, last name, company, e-mail address, telephone number if applicable. At the time of sending the message, the following data will also be stored: Date and time.
In this context, the data will not be passed on to third parties. The data is processed exclusively within the scope of the named purpose – for sending the documents. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR and, if applicable, Art. 6 (1) lit. b GDPR, if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal obligations to retain data. You can object to the processing of your personal data at any time in the case of Art. 6 (1) lit. f GDPR.
Your personal data will generally be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The personal data collected for the inquiry will be deleted as soon as the documents have been sent and a timely telephone contact with you has taken place or was unsuccessful. Continued processing only takes place if it is necessary in the context of a resulting initiation and execution of a contract or for the fulfillment of resulting contractual purposes.
Web form “Arrange a demo”
A web form is provided on our website, which you can use to contact us to request a demo free of charge and without obligation. The transmission of personal data via the web form is exclusively encrypted. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are: First name, last name, company, e-mail address, telephone number if applicable. At the time of sending the message, the following data will also be stored: Date and time.
In this context, the data is not passed on to third parties. The legal basis for the processing of the data is our legitimate interest in arranging a non-binding consultation with you as an interested party in accordance with Art. 6 Para. 1 lit. f GDPR and, if applicable, Art. 6 Para. 1 lit. b GDPR, if your inquiry is aimed at concluding a contract.
The collected personal data for consultation will be deleted as soon as a timely (telephone) contact with you has taken place or was unsuccessful. Continued processing only takes place if it is necessary in the context of a resulting initiation and execution of a contract or for the fulfillment of resulting contractual purposes. You can object to the processing of your personal data at any time in the case of Art. 6 (1) lit. f GDPR.
Contact form and contact via e-mail
If you send us inquiries via contact form or e-mail, your information from the inquiry form or your e-mail, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. The specification of an e-mail address is required to contact us, the specification of your name and telephone number is voluntary. Under no circumstances will we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR and, if applicable, Art. 6 (1) lit. b GDPR, if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal obligations to retain data. You can object to the processing of your personal data at any time in the case of Art. 6 (1) lit. f GDPR.
Sending applications by e-mail
If you apply to us by e-mail, we collect personal data. This includes, in particular, your contact data (such as first name, last name, name affixes, private address, (mobile) phone number, e-mail address) as well as other data provided by you regarding your career (e.g. CV, qualifications and degrees, professional experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability).
As a rule, your personal data is collected directly from you as part of the application process. The data originates from the e-mail and the transmitted files.
The data processing serves to initiate an employee relationship. The primary legal basis for this is § 26 para. 1 BDSG. In addition, consent pursuant to Art. 6 Para. 1 lit. a, 7 GDPR in conjunction with § 26 Para. 2 BDSG can be used as a permission provision under data protection law. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.
Within our company, only those persons and departments (e.g. Human Resources) have access to your personal data that absolutely need it to carry out the application process or to fulfill our legal obligations. If necessary, your applications will be forwarded to the relevant responsible persons for examination. Under no circumstances will your personal data be passed on to third parties without authorization.
Your data relating to an application for a specific job posting will be stored and processed by us during the ongoing application process. After completion of the application process (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system six months after completion of the application process. In the event of an acceptance, we reserve the right to retain your application for longer, provided that the entry date is more than six months in the future.
We send newsletters, e-mails and other electronic notifications (hereinafter referred to as “newsletter”) only with the consent of the recipients or a legal permission. Insofar as the contents of a newsletter are specifically described within the scope of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.
In order to subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name, for the purpose of personal address in the newsletter, or further information, if this is necessary for the purposes of the newsletter.
Double opt-in procedure: The registration for our newsletter is always carried out in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, changes to your data stored with the dispatch service provider are logged.
Deletion and restriction of processing: We may store unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove consent previously given. The processing of this data will be limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a blacklist for this purpose alone.
The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.
Notes on legal basis: The newsletter is sent on the basis of the recipients’ consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of existing customer advertising. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to prove that it was carried out in accordance with the law.
Content: Information about us, our services, promotions and offers.
Analysis and performance measurement: The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a shipping service provider, from their server. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval, are initially collected.
This information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can indeed be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. Rather, the evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The evaluation of the newsletter and the measurement of success are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purpose of using a user-friendly as well as secure newsletter system, which serves both our business interests and meets the expectations of the users.
Unfortunately, a separate revocation of the performance measurement is not possible, in which case the entire newsletter subscription must be cancelled, or it must be contradicted.
Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times).
Data subjects: Communication partners.
Purposes of processing: direct marketing (e.g., via e-mail).
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
Opt-out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the above contact options, preferably e-mail, for this purpose.
Services used and service providers:
Mailjet SAS (Global HQ) Office and mailing address Paris: 13-13 bis, rue de l’Aubrac, 75012 Paris, France // Mailjet GmbH Mailing and billing address Berlin: Alt-Moabit 2, 10557 Berlin, Germany Registered office: Alt-Moabit 2, 10557 Berlin, Germany.
We have entered into an order data processing agreement with Mailjet and fully implement the strict requirements of the German data protection authorities when using Mailjet.
Press distribution list for journalists
In addition, we offer you the opportunity to register for our press distribution list at www.trbo.com/presse, which we will use to inform you about new regular press releases and upcoming events. To register, we need your e-mail address. The mailing list will be sent by e-mail. By sending you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can unsubscribe from our press mailing list at any time. To do so, please send an e-mail to email@example.com.
Registration for our webinars (Zoom)
We have concluded an order processing contract with Zoom, in which we oblige them to protect our customers’ data and not to pass it on to third parties.
The integration of Zoom serves a technically flawless execution of the webinar with professional tools. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
When you register for a free webinar on our website, you must provide your e-mail address and your first and last name. The legal basis is your consent given to us beforehand in accordance with Art. 6 (1) lit. a GDPR.
You can unsubscribe from the webinar at any time.
VI. Social Media
Appearances in social media
In the following, you will find information on the handling of your data that is collected through your use of our social media appearances on social networks and platforms. Your data will be processed in accordance with the legal regulations.
1.1. FACEBOOK FANPAGE
1.1.1 RESPONSIBLE PARTY
In the event that the data you provide to us is also or exclusively processed by Facebook, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the responsible party for data processing within the meaning of the DSGVO in addition to us or in our place. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 DSGVO on joint responsibility for the processing of data (Controller Addendum). This agreement specifies the data processing operations for which we or Facebook are responsible when you visit our Facebook fan page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
Since a transfer of personal data by Facebook Ltd. to the USA takes place to Facebook Inc. among others, further protection mechanisms are required to ensure the data protection level of the GDPR. For this purpose, the provider uses standard data protection clauses in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.
If you as a visitor to the site would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both Facebook and us.
You can independently adjust your advertising settings in your user account. To do so, click on the following link and log in:
https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com
1.1.2 FACEBOOK DATA PROTECTION OFFICER
To contact Facebook’s data protection officer, you can use the online contact form provided by Facebook at the following link https://www.facebook.com/help/contact/540977946302970.
1.1.3 Data processing for statistical purposes using page insights
Facebook provides so-called page insights for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. These are aggregated data that provide information about how people interact with our page. Page Insights may be based on personally identifiable information collected in connection with a person’s visit to or interaction with our Page and in connection with content provided. Please be aware of what personal data you share with us through Facebook. Your data may be processed for market research and advertising purposes even if you are not logged into Facebook or do not have a Facebook account. For example, user profiles can be created from the usage behavior and resulting interests of the users. The user profiles can in turn be used, for example, to display advertisements within and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies that are stored on your terminal device. Furthermore, data that is independent of the devices used by the users may also be stored in the user profiles; in particular, if the users are members of the respective platforms and logged in to them. The legal basis for the processing is Art. 6 (1) lit. f DSGVO. Our legitimate interest lies in the optimized presentation of our offer, effective information and communication with customers and interested parties, as well as the targeted placement of advertisements. Please note that we have no influence on the data collection and further processing by Facebook. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by Facebook. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing deletion obligations, which evaluations and links are made with the data on the part of Facebook and to whom the data is passed on by Facebook. If you wish to avoid the processing of your personal data by Facebook, please contact us by other means.
1.2. OTHER SOCIAL MEDIA PROVIDERS
1.2.1. RESPONSIBLE PARTY
If your personal data is processed by a provider listed below, this provider is the data controller within the meaning of the GDPR. For the assertion of your data subject rights, we point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. Should you still require assistance, please feel free to contact us at any time.
We have online presences on the social media platforms of the following providers:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.
Instagram Inc, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany
1.2.2. DATA PROTECTION OFFICER
Information on how to contact the data protection officer of the other social media providers can be found here:
Twitter Inc.: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.aspInstagram Inc.: https://de-de.facebook.com/help/instagram/155833707900388
LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
XING SE: Datenschutzbeauftragter@xing.com
2. General information on social media platforms
2.1. RESPONSIBLE PARTY
2.2. OUR DATA PROTECTION OFFICER
3. General data processing on the social media platforms
3.1. DATA PROCESSING FOR MARKET RESEARCH AND ADVERTISING
As a rule, personal data is processed on the company site for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. By means of the collected data, usage profiles can be created. These are used to display advertisements within and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles regardless of the devices you use. This is regularly the case if you are a member of the respective platforms and logged in to them.
3.2. DATA PROCESSING WHEN CONTACTING US
We ourselves collect personal data when you contact us, for example, via a contact form or through a messenger service, such as Facebook Messenger. Which data is collected depends on the information you provide and the contact data you have provided or released. These are stored by us for the purpose of processing the request and in case of follow-up questions. Under no circumstances will we pass on the data to third parties without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f DSGVO and, if applicable, Art. 6 (1) lit. b DSGVO if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that this does not conflict with any statutory retention obligations. We assume that processing has been completed if it can be inferred from the circumstances that the matter in question has been conclusively clarified.
3.3. DATA PROCESSING FOR THE PROCESSING OF CONTRACTS
If your contact via a social network or other platform is aimed at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data to fulfill the contract or to carry out pre-contractual measures or to provide the requested services. The legal basis for the processing of your data in this case is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted if it is no longer required for the performance of the contract or if it is determined that the pre-contractual measures do not lead to the conclusion of a contract corresponding to the purpose of the contact. Please note, however, that it may be necessary to store personal data of our contractual partners even after the conclusion of the contract in order to comply with contractual or legal obligations.
3.4. DATA PROCESSING BASED ON CONSENT
If you are asked by the respective providers of the platforms for consent to processing for a specific purpose, the legal basis of the processing is Art. 6 (1) lit. a., Art. 7 DSGVO. Consent given can be revoked at any time with effect for the future.
4. Data transfer and recipients
When visiting and using the platforms listed above, personal data may be transferred to the USA or other third countries outside the EU, which is why further protection mechanisms are required in these cases to ensure the level of data protection of the DSGVO. For more information on whether and which suitable guarantees the providers can demonstrate for this, please see the list below.
VII. Cookies and Tracking Technologies
- What are Cookies?
A web browser cookie is a small text file sent from a website to your computer or mobile device where it is stored by your web browser. Web browser cookies may store information such as your IP address or other identifier, your browser type, and information about the content you display and interact with on the digital services. By storing such information, web browser cookies can store your preferences and settings for online services and analyze how you use online services.
Tracking Technologies: Web Beacons / Gifs, Pixels, Page Tags, Script
Emails and mobile applications can contain small, transparent image files or lines of code to record how you interact with them. This information is used to help website and app publishers better analyze and improve their services.
- Use, legal basis and purpose
Before consent is given 2 functional cookies are set. The “PHPSESSID” cookie is used to recognize the browser language and thus display the language of the website accordingly. After closing the browser this cookie will be deleted. The “wBounce” cookie only contains the value “true”. This value is used to determine if the user has already seen a pop-up or not. If the user has already interacted with one, we do not want to show it to him or her again for a certain period of time.
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) lit. f GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user Art. 6 para. 1 lit. a GDPR.
The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer.
- Duration of storage, objection and disposal options
VIII. Implemented Technologies
Our services are not aimed at children under 13 years. We do not knowingly collect information from children under the age of 13. If you have not reached the age limit, do not use the services and do not provide us with your personal information. If you are a parent of a child below the age limit and you learn that your child has provided trbo personal information, please contact us at firstname.lastname@example.org and insist on exercising your rights of access, correction, cancellation and / or opposition. If you are resident in California and are under 18 years of age and wish to erase publicly available content, please contact us at email@example.com.
X. Your rights
If we process your personal data you have – after successful identification – the following rights towards us:
- Right to information
You may request confirmation from our company as to whether we process personal information pertaining to you.
If such processing is available, you can request information about a large number of circumstances in accordance with GDPR, such as
(1) the purposes for which your personal information is processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom your personal information has been disclosed or is still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the retention period;
(5) the existence of a right to rectification or deletion of your personal data, a right of limitation of our processing or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information about the source of your personal data, unless your personal information was collected from yourself;
(8) the existence of automated decision-making including profiling under article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.
- Right to rectification
You have the right to correct and / or complete your personal data if this information is incorrect or incomplete. We will make the correction without delay.
- Right to restriction of processing
Under certain circumstances, you may request the restriction of the processing of your personal data.
(1) if you contest the accuracy of your personal information for a period of time that enables us to verify the accuracy of your personal information;
(2) if the processing is unlawful and you refuse the deletion of your personal data and instead request the restriction of the use of your personal data;
(3) If we no longer need your personal information for the purposes of processing, but you need it to assert, exercise or defend your rights, or
(4) if you object to the processing and it is not yet certain that the legitimate reasons of our group of companies and affiliates exceed your reasons.
If the processing of your personal data has been restricted, we may only process this data – with the exception of its storage – with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.
If the limitation of the processing after the o.g. If conditions are restricted, you will be informed by us before the restriction is lifted.
- Right to cancellation
You may require us to have your personal information deleted immediately and we shall be obliged to erase that information immediately if one of the following is true:
(1) your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(2) You revoke your consent, to which the processing acc. art. 6 § 1 lit. a or art. 9 § 2 lit. GDPR and there is no other legal basis for processing.
(3) According to art. 21 §1 GDPR objection to the processing and there are no prior justifiable reasons for the processing, or art. 21 § 2 GDPR.
(4) Your personal data have been processed unlawfully.
(5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
Have we made your personal data public and we are according to Article 17 (1) of the GDPR requires that we take appropriate measures to inform other companies processing your personal data that you have deleted all links to yours, taking into account available technology and implementation costs personal data (and all copies thereof) (“right to be forgotten”). The right to erasure does not exist if the processing is necessary.
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority conferring on the controller has been;
(3) for reasons of public interest in the field of public health pursuant to art. 9 (2) lit. h and i as well as art. 9 (3) GDPR, or
(4) to assert, exercise or defend legal claims.
- Right to information of third parties by our company
If you have the right to rectify, delete or restrict the processing to our company, we are obliged to notify all recipients to whom we have disclosed your personal data this rectification or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You also have the right to be informed by us about these recipients.
- Right to Data Portability
You have the right to receive personally identifiable information you provide us in a structured, common and machine-readable format. You also have the right to transfer this information to another person without hindrance by the controller to whom the personal data has been provided, provided that
(1) the processing on a consent acc. art. 6 §1 lit. a GDPR or art. 9 § 2 lit. a GDPR or on a contract acc. art. 6 § 1 lit. b GDPR is based and
(2) the processing is done by automated means.
In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
- Right to object
You have the right at any time, for reasons that arise from your particular situation, against the processing of your personal data, which pursuant to art. 6 § 1 lit. e or f GDPR takes an objection; this also applies to profiling based on these provisions.
We will no longer process your personal information in this case unless there are compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
- Right to revoke the data protection consent declaration
You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
- Automated decision on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner.
This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and us,
(2) is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3) with your express consent.
With respect to the cases referred to in (1) and (3), the person responsible shall take reasonable steps to uphold the rights and freedoms and your legitimate interests, including at least the right to intervene in the intervention of a person of our company in order to express his or her own position and to challenge it heard of the decision.
- Right to complain to the supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against GDPR. Names and contact information of the competent supervisory authorities in the European Union can be found athttp://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
XI. Security and integrity of the data
Protecting the information you give us or that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. Trbo has taken measures to ensure the ongoing confidentiality, integrity, availability and resiliency of systems and services that process personal information, and will restore the availability and access to information in the event of a physical or technical incident in a timely manner.