We are that you have taken an interest in our company. Data privacy is a significant priority for the management at the inside Business Group. Usage of the inside Business Group website is fundamentally possible without having to input your personal data. However, should a person wish to accept any of the services offered by us via this website, processing of your personal data could be required. Should the processing of personal data be required and there exists no legal regulations, you will be asked for your consent to collect and process such data.
The inside Business group has implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed via this website. However, internet-based data transmissions could, in general, have security vulnerabilities and so absolute protection cannot be guaranteed. For this reason, any person concerned is also free to provide us with personal data using alternative methods, such as via telephone etc.
a) Personal Data
Personal data includes all information relating to an identified or identifiable natural person (hereinafter referred to as the "concerned person"). An identifiable person is considered to be an individual who can be directly or indirectly identified, in particular by assigning an identifier such as a name, identification number, location data, online identifier or one or more special characteristics such as physical, physiological, genetic, psychological, economic or cultural characteristics or social identity to this natural person.
b) Concerned person
A concerned person is any identified or identifiable natural person whose personal data is collected and processed by the responsible.
Processing is considered as any operation performed with or without the help of automated procedures or any such series of operations in connection with personal data such as collection, recording, organization, arranging, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, matching or linking, restriction, deletion or destruction.
d) Limitation of Processing
Limitation of processing is the marking of stored personal data with the aim of limiting its future processing.
Profiling is any form of automated processing of personal data, which is used to assess certain personal aspects relating to a natural person, in particular including aspects to analyze or predict the performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or location change of this natural person.
Anonymization is the processing of personal data in a manner which means that personal data can no longer be assigned to a specific concerned person. Any additional information which could lead to the identification of a concerned person shall be kept separately and is subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
g) Responsible or responsible for the processing
The responsible or responsible for the processing is the natural or legal person, authority, facility or other entity which decides on the purpose and type of processing of personal data either alone or in conjunction with others. Should the purpose and type of processing be specified by EU law or the law in the EU’s member states, the responsible or rather the specific criteria named by him shall be in accordance with EU law or the law of the EU member states.
h) Work Processor
The work processor is a natural or legal person, authority, facility or other entity which processes the personal data under contract from the responsible.
The receiver is a natural or legal person, authority, facility or other entity to which personal data is passed regardless of whether they are a third party or not. Authorities, however, which receive personal data within the scope of a specific inquiry in accordance with EU law or the law of the member states do not apply as a receiver.
j) Third Parties
Third parties are natural or legal persons, authorities, facilities or other entities except the concerned person, responsible work processor and persons who are authorized to process personal data under the direct supervision of the responsible or work processor.
Consent is the voluntarily and unambiguous provision of a statement of intent by the concerned person in an informed manner for the particular case in the form of a declaration or any other clear action with which the concerned person declares that they understand that they agree to the processing of the personal data relating to them.
3. Name and Address of the Responsible for Processing
Within the definition of the General Data Protection Regulation and the applicable data protection laws as well as other regulations with data protection characteristics in EU member states, the responsible is:
inside Business Group
Auf der Hüls 190
4. Name and Address of the Externally Appointed Data Protection Officer
The externally appointed data protection officer responsible for the processing is:
TÜV Rheinland i-sec GmbH
For any questions and issues relating to data protection, any concerned person can contact our externally appointed data protection officer.
By using cookies, the information and offers on our website can be optimized to the individual user. Cookies enable us to recognize the users of our website, as mentioned above. The aim of this recognition is to make using our website easier for users.
5.1. PHP Session Cookie
The __cfduid cookie is used to identify individual clients behind a commonly used IP address and to apply security settings according to the client. If the user is, for example, in a café in which there is a row of infected computers but the user's computer is trustworthy (e.g. because it completed a challenge within the challenge passage period), then we can recognize this using the cookie and don't need to challenge it again. It does not relate to a user's ID in the web application and does not save any personal information.
The online offer www.inside-online.com contains some integrated videos from YouTube to provide the user with a multimedia experience. For this purpose, the following cookies are used by YouTube and Google: 1P_JAR, APISID, CONSENT, HSID, nid, OTZ, SAPISID, sid, SIDCC and SSID. These cookies (third party cookies) are used by YouTube and Google to collect usage information for YouTube-hosted videos. The storage time can vary from one session to two years.
The cookies _ga and _gid are used for statistical purposes by Google Analytics and track the use of the site and anonymous user information. The cookie _gid expires after 24 hours, the cookie _ga expires after two years
5.3. Deleting Cookies and Deactivating the Acceptance of Cookies
You can delete and/or block all cookies from this website at any time. You can delete cookies in most web browsers and should be able to block cookies by activating the corresponding function in your browser, which allows you to refuse to receive some or all cookies. Please refer to the help section of your browser or your computer's user guide for detailed instructions.
6. Collection of General Data and Information
The inside Business Group website collects various general data and information with each visit to the website by a concerned person or an automated system. This general data and information is stored in the logfiles of the respective server system. These files could contain (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the internet site from which a comprehensive system reaches our internet site (so-called referrers), (4) the sub-websites which are controlled via a comprehensive system on our website, (5) the date and time of access to the internet site, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used to provide security in the event of attacks on our information technology systems.
When using this general data and information, the inside Business Group does not draw any conclusions about the concerned person. This information is rather needed to (1) deliver the contents of our website correctly, (2) optimize the contents of our website as well as the advertising for them, (3) the permanent functioning of our information technology systems and the technology of our website and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This anonymous data and information is also evaluated by the inside Business Group for statistical reasons and to increase data protection and data security within the company in order to ultimately provide an optimal level of protection for the processed personal data. The anonymous data of the server logfiles are stored separately from all personal data specified by a concerned person.
7. Registration on our Website
The concerned person has the possibility to register on the website of the responsible using personal data. The personal data transmitted to the responsible is determined by the respective input method used for the registration. The personal data entered by the person concerned shall be collected and stored exclusively for internal use by the responsible and its own purposes. The responsible may arrange for the transfer to one or more processors, such as a parcel service provider, who also uses the personal data exclusively for internal use, and which then becomes a responsible.
By registering on the website of the responsible, the IP address given by the internet service provider (ISP) of the concerned person and the date and time of registration are also stored. The storage of this data takes place to aid in the prevention of the misuse of our services and this data can be used, if necessary, in the investigation of any offences committed. In this respect, the storage of this data is necessary for the protection of the responsible. A transfer of this data to third parties does not take place unless there is a statutory obligation to do so or law enforcement requires it.
The registration of the concerned person with the voluntary provision of personal information serves to help the responsible to provide the concerned person with content or services which, due to the nature of the case, can only be offered to registered users. Registered persons are free to change the personal data at the time of registration or to have it completely deleted from the data stored by the responsible.
8. Abonnement unseres Newsletters
On the inside Business Group's website users are given the opportunity to subscribe to our company's newsletter. The personal data that is transmitted to the responsible for the purpose of ordering the newsletter results from the input fields used for this subscription.
The inside Business Group informs its customers and business partners on a regular basis by means of a newsletter about company offers. Our company newsletter can only be received by the concerned person if (1) the concerned person has a valid email address and (2) the concerned person registers for the newsletter.
When registering for the newsletter, we also store the IP address of the internet service provider (ISP) of the computer system used by the concerned person at the time of registration, as well as the date and time of registration. The collection of this data is necessary to be able to understand the (possible) misuse of the email address of a concerned person at a later time and therefore serves the legal protection of the responsible.
The personal data collected as part of an application for the newsletter is only used to send our newsletter. Furthermore, subscribers to the newsletter could be informed by email if this is necessary for the operation of the newsletter service or a registration itself, as in the case of changes to the newsletter offer or technical changes. The personal data collected within the scope of the newsletter service is not passed on to third parties. The subscription to our newsletter can be terminated by the concerned person at any time. The consent to the storage of personal data which the concerned person has granted us for the newsletter can be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. Furthermore, it is also possible to unsubscribe at any time directly on the website of the responsible for the newsletter, to inform the responsible in a different way or to send an email with the request for registration to firstname.lastname@example.org.
The user has the possibility to subscribe to the newsletter distributor of the inside Business Group. The user has the right and the possibility to be unsubscribed at any time from the newsletter mailing list. An email to email@example.com is sufficient. Furthermore, it is possible to unsubscribe in the newsletter itself using unsubscribe link.
The Inside Business Group uses newsletter tracking, i.e. it offers the possibility to analyze the receiver's behavior based on opening and click information and the associated possibility of creating receiver profiles. When the newsletter is delivered, the external server can then collect certain data from the recipient, for example, the time of the retrieval, the IP address or information about the email program (client) used by the receiver. The name of an image file (tracking pixel) is individualized for each mail recipient by attaching a unique ID. The sender of the mail remembers which email address belongs to which ID and can thus determine which newsletter recipient has just opened the email when the image is retrieved.
10. Methods of Contact via this Website
The inside Business Group's website contains information due to legal regulations, which enable fast electronic contact to our company as well as direct communication with us, which is also a general address of the so-called electronic mail (email address). If a concerned person contacts the responsible via email or contact form, the personal data transmitted by the concerned person will be automatically saved. Such personal data provided on a voluntary basis by a concerned person to the responsible is stored for the purpose of processing or contacting the concerned person. This personal data will not be passed on to third parties.
11. Routine Deletion and Blocking of Personal Data
The responsible shall process and store the concerned person's personal data only for the period of time required to achieve the storage purpose, or in accordance with the European directive and regulation provider or any other legislation or regulations which the responsible is subject to.
If the purpose of storage or a storage period prescribed by the European directive and regulation provider or other applicable legislation or regulations expire, the personal data will be routinely and in accordance with the legal regulations blocked or deleted.
12. Rights of the Concerned Person
12.1. Right to Confirmation
Each concerned person shall have the right granted by the European directive and regulation provider to require the responsible to confirm whether personal data relating to him or her is being or has been processed. If a concerned person wishes to use this right of confirmation, they may contact our externally appointed data protection officer or another employee of the responsible at any time.
12.2. Right to Information
Any concerned person affected by the processing of personal data shall have the right granted by the European directive and regulation provider to request the responsible to provide the concerned person a copy of information on the person's stored personal data. Furthermore, the concerned person has been granted a right by the European directive and regulation provider to receive the following information:
- Processing purposes
- The categories of personal data that are processed
- The recipients or categories of recipients to whom the personal data has been disclosed or is still disclosed, in particular to recipients in third party countries or international organizations
- If possible, the planned duration for which the personal data is stored, or, if this is not possible, the criteria for determining this duration
- The existence of a right to rectify or delete the personal data relating to it or to restrict the processing by the responsible or a right of objection against such processing
- The existence of a right of appeal by a supervisory authority
- If the personal data is not collected by the concerned person: all available information about the origin of the data
- The existence of automated decision-making, including profiling pursuant to article 22 (1) and (4) of the GDPR and, at least in such cases, meaningful information on the logic involved and the scope and impact of a such processing for the concerned person
Should a concerned person wish to afford himself this right of information, (s)he may at any time contact our externally appointed data protection officer or another employee of the responsible for processing.
12.3. Right to Rectification
Any person concerned by the processing of personal data has the right granted by the European directive and regulation provider to require the immediate rectification of any incorrect personal data relating to them. Furthermore, the concerned person has the right to demand the completion of incomplete personal data, including by means of a supplementary declaration, with consideration for the purposes of the processing.
If a concerned person wishes to afford himself this right of rectification, (s)he may at any time contact our externally appointed data protection officer or another employee of the responsible for processing.
12.4. Right to Deletion (Right to be Forgotten)
Any person concerned by the processing of personal data shall have the right granted by the European directive and regulation provider to require the responsible to delete the personal data relating to them immediately, provided that one of the following reasons is given and to the extent that the processing is not required:
- The concerned person shall revoke their consent to which the processing referred to in article 6 (1) (a) GDPR or article 9 (2) (a) GDPR, and there is no other legal basis for processing.
- The concerned person shall, in accordance with article 21 (1), GDPR be opposed to the processing and there are no overriding reasons for the processing, or the concerned person shall, in accordance with article 21 (2) GDPR object to the processing.
- The personal data has been processed in an unlawful form.
- The deletion of personal data is required to comply with a legal obligation under EU law or the laws of the member states to which the responsible is subject.
- The personal data was collected in relation to services offered by the information society in accordance with article 8 (1) GDPR.
If any of the above reasons apply and a concerned person wishes to initiate the deletion of personal data stored by the inside Business Group, the concerned person may at any time contact our externally appointed data protection officer or an employee of the responsible for processing. The data protection officer externally appointed by the inside Business Group or another employee will immediately carry out the deletion request.
If the personal data has been made public by the inside Business Group and if our company is obligated to delete the personal data in accordance with article 17 (1) of the GDPR, the inside Business Group shall use any available and appropriate technology and implementation costs to inform other responsibles for processing who process the published personal data that the concerned person has requested the deletion of all links to his/her personal data or of copies or replicas of such personal data, insofar as the processing is not required. The externally appointed data protection officer of the Inside Business group or another employee will arrange the necessary in individual cases.
12.5. Right to the Restriction of Processing
Each personal data concerned person has the right granted by the European directive and regulation provider to require the responsible to restrict the processing of the personal data if one of the following requirements exists:
- The accuracy of the personal data is disputed by the concerned person for a period of time which enables the responsible to verify the accuracy of the personal data.
- The processing is unlawful, the concerned person rejects the deletion of the personal data and instead requires a restriction on the use of the personal data.
- The person responsible no longer needs the personal data for the purposes of the processing, but the concerned individual requires it to assert, exercise or defend legal claims.
- The concerned person has appealed against the processing in accordance with article 21 (1) of the GDPR and it has not yet been determined whether the justifiable reasons of the responsible outweigh those of the concerned person.
Should any of the above conditions be met and a concerned person wishes to require the restriction of personal data stored by the inside Business Group, the latter may at any time request to our externally appointed data Contact the protection officer or another employee of the responsible for processing. The data protection officer externally appointed by the inside Business Group or an employee of the inside Business Group will initiate the process of restricting the personal data.
12.6. Right to the Restriction of Processing
Any person concerned by the processing of personal data has the right granted by the European directive and regulation provider, to receive the personal data relating to them from the responsible in a commonly structured and machine-readable format. They also have the right to transmit this data to another separate responsible without hindrance by the responsible who provided the personal data, provided that the processing is based on the consent provided for in article 6 (1) (a) GDPR or article 9 (2) (a) GDPR or in a contract pursuant to article 6 (1) (b) GDPR and the processing is carried out using automated procedures and provided that processing is not necessary for the performance of a task which is in the public interest or in exercise of public authority, which has been delegated to the responsible.
Furthermore, in exercising their right to the transfer of data in accordance with article 20 (1) GDPR, the concerned person has the right to have the personal data transmitted directly from a responsible to another responsible, to the extent that this is technically feasible and does not affect the rights and freedoms of other persons.
In order to assert the right to the transfer of data, the concerned person may at any time contact our externally appointed data protection officer or any employee of the inside Business Group.
12.7. Right to Object
Any person concerned by the processing of personal data shall have the right granted by the European directive and regulation giver to appeal, for reasons arising from their particular situation, at any time against the processing of any personal information relating to them, data which is made based on article 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.
The inside Business Group no longer processes the personal data in the event of an objection unless we can prove compelling reasons for the processing that outweigh the interests, rights and freedoms of the concerned person, or the processing is for the assertion, exercise or defense of legal claims.
If the inside Business Group processes personal data for marketing purposes, the concerned person shall have the right at any time to object to the processing of personal data such marketing purposes. This also applies to profiling if related to such direct marketing. If the concerned person objects to the inside Business Group's processing for direct marketing purposes, the inside Business group will no longer process the personal data for these purposes.
In addition, the concerned person has the right, for reasons arising from his/her situation, to object to the processing of personal data relating to him/her in the inside Business group for scientific or historical research purposes or to Statistical purposes in accordance with article 89 (1) of the GDPR to appeal, unless such processing is necessary to fulfil a task in the public interest.
In order to exercise the right of objection, the concerned person should contact the data protection officer externally appointed by inside Business Group or another employee of inside Business Group directly. The concerned person is also free to exercise his/her right of objection in connection with the use of information society services, irrespective of Directive 2002/58/EC, by means of automated procedures in which technical specifications are used.
12.8. Right to Revoke Consent to Processing Personal Data
Any person concerned by the processing of personal data has the right granted by the European directive and regulation provider to revoke consent to the processing of personal data at any time.
If the concerned person wishes to assert their right to revoke consent, she may at any time contact our externally appointed Data protection officer or another employee of the responsible for processing.
13. Data Privacy for Applications and Application Procedures
The responsible collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing can also be done electronically. This is particularly the case if an applicant has submitted corresponding application documents by electronic means, for example by email or web form on the website, to the responsible for processing. If the responsible enters into an employment contract with an applicant, the submitted personal data will be stored for the purpose of processing the information required for the job, in compliance with the legal regulations. If no employment contract is entered into between the applicant and the responsible, the application documents are automatically deleted two months after the notification of the rejection, provided that there are no other legitimate interests for the responsible. One legitimate interest in this sense is, for example, a duty of proof in procedures under the General Equal Treatment Act (AGG).
The responsible has integrated the Google Analytics component (with anonymization function) into this website. Google Analytics is a web analysis service. Web analysis is the gathering and evaluation of data on the behavior of visitors of websites. A web analysis service collects, among other things, data on which website (so-called referrers) a concerned person has come from in order to arrive at another website as well as which sub-pages of the website are accessed and for how long. A web analysis is mainly used to optimize an internet site and to analyze the cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is the Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The responsible uses the addition "_gat. _anonymizeIp " for the web analysis via Google Analytics. By means of this article, the IP address of the concerned person's internet connection will be shortened and made anonymous by Google if access to our webpage is from a member state of the European Union or from another contracting state of the agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic flows on our website. Google uses the collected data and information to, among other things, evaluate the use of our website in order to compile online reports for us, which show the activities on our website, and to help provide services related to this website.
Google Analytics sets a cookie on the IT system of the concerned person. What cookies are, has already been explained above. With the setting of the cookie, Google enables the analysis of the use of our website. Upon visiting individual pages of this website, which is operated by the responsible for processing and on which a Google Analytics component has been integrated, the internet browser on the IT system of the concerned person is automatically prompted by the respective Google Analytics component to submit data to Google for the purpose of online analysis. As part of this technical process, Google is given knowledge of personal data, such as the IP address of the concerned person, which is used by Google, among other things, to trace the origin of visitors and to understand the clicks to aid in the subsequent commissions and billing processes.
Using the cookie, personal information, such as the access time, the location from which the website was accessed and the frequency of visits to our website by the concerned person are stored. Each time you visit our website this personal information, including the IP address of the internet connection used by the concerned person, is transferred to and is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.
The concerned person can prevent the saving of cookies by our website, as already shown above, at any time by adjusting the browser settings and thus permanently prevent the saving of cookies. Such a browser setting would also prevent Google from saving a cookie on the IT system of the concerned person. In addition, a cookie already set by Google Analytics can be deleted at any time through the internet browser or other software programs.
The responsible has integrated Google AdWords into this website. Google AdWords is an internet advertising service that allows advertisers to view both Google search engine results and the Google network. Google AdWords allows an advertiser to define keywords that will display an ad in Google's search engine results only if the user uses the search engine to find a search result related to those keywords. On the Google network, the ads are distributed on topic-relevant web pages using an automatic algorithm and in compliance with the previously defined keywords.
The company which operates Google AdWords is the Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Google AdWords is used to improve both the advertising of our website by having interest-relevant ads integrated into the websites of third party companies and Google search engine results, and well as third-party advertising on our website.
If a concerned person reaches our internet site via a Google advertisement, a so-called conversion cookie is stored on the IT system of the concerned person by Google. What cookies are, has already been explained above. Conversion cookies expire after thirty days and are not used to identify the concerned person. The conversion cookie, if the cookie has not expired, is used to determine whether certain sub-pages, such as the shopping cart from an online shop, have been visited on our website. The conversion cookie allows both us and Google to understand whether a concerned person who has reached our website via an AdWords ad has generated a sale, i.e. a purchase of goods, or has not followed through with the purchase.
The data and information collected using the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who have been redirected to us via AdWords ads, i.e. to determine the success or failure of each AdWords ad and thus enable us to review our AdWords ads for the Future. Neither our company nor any other advertisers of Google AdWords will receive information from Google that could be used to identify the concerned person.
The conversion cookie is used to store personal data, such as the websites visited by the concerned person. Each time you visit our website personal data, including the IP address of the internet connection used by the concerned person, is transferred to and is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.
The concerned person can prevent the saving of cookies by our website, as already shown above, at any time by adjusting the browser settings and thus permanently prevent the saving of cookies. Such a browser setting would also prevent Google from saving a cookie on the IT system of the concerned person. In addition, a cookie already set by Google AdWords can be deleted at any time through the internet browser or other software programs.
Furthermore, the concerned person can object to Google's interest-based advertising. To do this, the concerned person must visit www.google.de/settings/ads from each of the internet browsers they wish to use and adjust the corresponding settings there.
The responsible for data processing has integrated components of YouTube into this website. YouTube is an internet video portal that allows video publishers to freely upload video clips and other users view, rate and comment on them freely. YouTube allows the publication of all kinds of videos, which is why both complete films and TV programs, as well as music videos, trailers and user-produced videos can be accessed via the internet portal.
YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Upon visiting the individual pages of this website, which is operated by the responsible for processing and on which a YouTube component (YouTube video) has been integrated, the internet browser on the IT system of the concerned person is automatically prompted by the respective YouTube component to download a representation of this YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google are informed of the individual webpage which was visited by the concerned person.
If the concerned person is logged on to YouTube at the same time, YouTube recognizes this using the webpage that contains the YouTube video and knows which specific webpage on our website the concerned person is visiting. This information is collected by YouTube and Google and is associated with the respective YouTube account of the concerned person.
YouTube and Google receive information via the YouTube component that the concerned person has visited our website, whether the concerned person is logged on to YouTube at the time as accessing our website; This takes place regardless of whether the concerned person clicks on a YouTube video or not. If such information is not intended to be transmitted to YouTube and Google by the concerned person, the concerned person may prevent the transfer of this information by logging out of their YouTube account prior to visiting our website.
The privacy policies published by YouTube, which are available at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
17. Legal Basis for Processing
Article 6 I lit. (a) of the GDPR serves our company as a legal basis for processing operations in which we obtain consent for a particular processing purpose. Where the processing of personal data is necessary to fulfill a contract to which the concerned person is party, such as the processing necessary for the supply of goods or the provision of other services, the processing shall be based on article 6 I lit. (b) of the GDPR. The same applies to processing operations which are necessary for the fulfillment of pre-contractual measures, such as in cases of enquiries concerning our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on article 6 I lit. (c) of the GDPR. In rare cases, the processing of personal data could be necessary to protect vital interests of the concerned person or another natural person. This would be the case, for example, if a visitor would be injured on our premises and his/her name, age, health insurance data and other vital information would then be passed on to a doctor, hospital or other third party. This processing would then be based on article 6 I lit. (d) of the GDPR. Lastly, processing operations could be based on article 6 I lit. (f) of the GDPR. This legal basis applies when processing operations are not covered by any of the aforementioned legal bases and are necessary to maintain the legitimate interests of our company or a third party, providing that the interests, fundamental rights and freedoms of the person concerned are not breached. We are permitted in particular to do such processing as they have been specifically mentioned by the European legislator. In this respect, legitimate interests could be justified if the concerned person is a responsible customer (recital 47, sentence 2, GDPR).
18. Legitimate Interests in Processing Pursued by the Responsible or a Third Party
Should the processing of personal data be based on article 6 I lit. (f) of the GDPR, our legitimate interests are to carry out business activities in favor of the well-being of our employees and shareholders.
19. Duration for which the Personal Data can be Stored
The criteria for the duration of the storage of personal data is the respective legal retention period. At the end of the period, the corresponding data are routinely deleted, so long they are no longer necessary for the fulfillment of the contract or the initiation of the contract.
20. Legal or Contractual Provisions for the Providing of Personal Data; Requirement for Entering into a Contract; Concerned Person’s Obligation to Provide the Personal Data; Possible Consequences of Not Providing the Personal Data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information about the contract partner). Sometimes it may be necessary to provide us with personal data which will subsequently have to be processed by us in order to enter a contract with a concerned person. The concerned person is, for example, obligated to provide us with personal data when our company enters into a contract with him/her. Failure to provide personal data would lead to the failure to enter into the contract with the person concerned. Prior to providing personal data by the person concerned, he/she must contact our externally appointed data protection officer. Our externally appointed data protection officer then clarifies the individual case in question as to whether the provision of personal data is required by law or is necessary for entering into the contract, and consequences would result from not providing personal data.
21. Existence of Automated Decision Making
Being a responsible and aware company, we abstain from the use any automated decision making or profiling.