We are very delighted that you have shown interestin our enterprise. Data protection is of a particularly high priority for themanagement of the Razor HQ GmbH & Co. KG. The use of the Internet pages ofthe Razor HQ GmbH & Co. KG is possible without any indication of personaldata; however, if a data subject wants to use special enterprise services viaour website, processing of personal data could become necessary. If theprocessing of personal data is necessary and there is no statutory basis forsuch processing, we generally obtain consent from the data subject.
The processing of personal data, such as thename, address, e-mail address, or telephone number of a data subject shallalways be in line with the General Data Protection Regulation (GDPR), and inaccordance with the country-specific data protection regulations applicable tothe Razor HQ GmbH & Co. KG. By means of this data protection declaration,our enterprise would like to inform the general public of the nature, scope,and purpose of the personal data we collect, use and process. Furthermore, datasubjects are informed, by means of this data protection declaration, of therights to which they are entitled.
As the controller, the Razor HQ GmbH & Co.KG has implemented numerous technical and organizational measures to ensure themost complete protection of personal data processed through this website.However, Internet-based data transmissions may in principle have security gaps,so absolute protection may not be guaranteed. For this reason, every datasubject is free to transfer personal data to us via alternative means, e.g. bytelephone.
1. Definitions
The data protection declaration of the Razor HQGmbH & Co. KG is based on the terms used by the European legislator for theadoption of the General Data Protection Regulation (GDPR). Our data protectiondeclaration should be legible and understandable for the general public, aswell as our customers and business partners. To ensure this, we would like tofirst explain the terminology used. In this data protection declaration, weuse, inter alia, the following terms:
a) Personal data
Personal data means any information relating to anidentified or identifiable natural person ("data subject"). Anidentifiable natural person is one who can be identified, directly orindirectly, in particular by reference to an identifier such as a name, anidentification number, location data, an online identifier or to one or morefactors specific to the physical, physiological, genetic, mental, economic,cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiablenatural person, whose personal data is processed by the controller responsiblefor the processing.
c) Processing
Processing is any operation or set of operationswhich is performed on personal data or on sets of personal data, whether or notby automated means, such as collection, recording, organisation, structuring,storage, adaptation or alteration, retrieval, consultation, use, disclosure bytransmission, dissemination or otherwise making available, alignment orcombination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of storedpersonal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing ofpersonal data consisting of the use of personal data to evaluate certainpersonal aspects relating to a natural person, in particular to analyse orpredict aspects concerning that natural person's performance at work, economicsituation, health, personal preferences, interests, reliability, behaviour,location or movements.
f) Pseudonymisation
Pseudonymisation is the processing of personal datain such a manner that the personal data can no longer be attributed to aspecific data subject without the use of additional information, provided thatsuch additional information is kept separately and is subject to technical andorganisational measures to ensure that the personal data are not attributed toan identified or identifiable natural person.
g) Controller or controller responsible for theprocessing
Controller or controller responsible for theprocessing is the natural or legal person, public authority, agency or otherbody which, alone or jointly with others, determines the purposes and means ofthe processing of personal data; where the purposes and means of suchprocessing are determined by Union or Member State law, the controller or thespecific criteria for its nomination may be provided for by Union or MemberState law.
h) Processor
Processor is a natural or legal person, publicauthority, agency or other body which processes personal data on behalf of thecontroller.
i) Recipient
Recipient is a natural or legal person, publicauthority, agency or another body, to which the personal data are disclosed,whether a third party or not. However, public authorities which may receivepersonal data in the framework of a particular inquiry in accordance with Unionor Member State law shall not be regarded as recipients; the processing ofthose data by those public authorities shall be in compliance with theapplicable data protection rules according to the purposes of the processing.
j) Third party
Third party is a natural or legal person, publicauthority, agency or body other than the data subject, controller, processorand persons who, under the direct authority of the controller or processor, areauthorised to process personal data.
k) Consent
Consent of the data subject is any freely given,specific, informed and unambiguous indication of the data subject's wishes bywhich he or she, by a statement or by a clear affirmative action, signifiesagreement to the processing of personal data relating to him or her.
2. Name and Address of the controller
Controller for the purposes of the General DataProtection Regulation (GDPR), other data protection laws applicable in Memberstates of the European Union and other provisions related to data protectionis:
Razor HQ GmbH & Co. KGc/o RazorGroup GmbHRitterstraße16-1810969 Berlin
Email: privacy@razor-group.com
Website:
www.razor-group.com3. Cookies
TheInternet pages of the Razor HQ GmbH & Co. KG use cookies. Cookies are textfiles that are stored in a computer system via an Internet browser.
Many Internet sites and servers use cookies.Many cookies contain a so-called cookie ID. A cookie ID is a unique identifierof the cookie. It consists of a character string through which Internet pagesand servers can be assigned to the specific Internet browser in which thecookie was stored. This allows visited Internet sites and servers todifferentiate the individual browser of the dats subject from other Internetbrowsers that contain other cookies. A specific Internet browser can berecognized and identified using the unique cookie ID. Through the use ofcookies, the Razor HQ GmbH & Co. KG can provide the users of this websitewith more user-friendly services that would not be possible without the cookiesetting. By means of a cookie, the information and offers on our website can beoptimized with the user in mind. Cookies allow us, as previously mentioned, torecognize our website users. The purpose of this recognition is to make iteasier for users to utilize our website. The website user that uses cookies,e.g. does not have to enter access data each time the website is accessed,because this is taken over by the website, and the cookie is thus stored on theuser's computer system. Another example is the cookie of a shopping cart in anonline shop. The online store remembers the articles that a customer has placedin the virtual shopping cart via a cookie. The data subject may, at any time,prevent the setting of cookies through our website by means of a correspondingsetting of the Internet browser used, and may thus permanently deny the settingof cookies. Furthermore, already set cookies may be deleted at any time via anInternet browser or other software programs. This is possible in all popularInternet browsers. If the data subject deactivates the setting of cookies inthe Internet browser used, not all functions of our website may be entirelyusable.
4. Collection of general data and information
The website of the Razor HQ GmbH & Co. KGcollects a series of general data and information when a data subject orautomated system calls up the website. This general data and information arestored in the server log files. Collected may be (1) the browser types andversions used, (2) the operating system used by the accessing system, (3) thewebsite from which an accessing system reaches our website (so-calledreferrers), (4) the sub-websites, (5) the date and time of access to theInternet site, (6) an Internet protocol address (IP address), (7) the Internetservice provider of the accessing system, and (8) any other similar data andinformation that may be used in the event of attacks on our informationtechnology systems.
When using these general data and information,the Razor HQ GmbH & Co. KG does not draw any conclusions about the datasubject. Rather, this information is needed to (1) deliver the content of ourwebsite correctly, (2) optimize the content of our website as well as itsadvertisement, (3) ensure the long-term viability of our information technologysystems and website technology, and (4) provide law enforcement authoritieswith the information necessary for criminal prosecution in case of a cyber-attack.Therefore, the Razor HQ GmbH & Co. KG analyses anonymously collected dataand information statistically, with the aim of increasing the data protectionand data security of our enterprise, and to ensure an optimal level ofprotection for the personal data we process. The anonymous data of the serverlog files are stored separately from all personal data provided by a datasubject.
This website uses Google Analytics, a webanalytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway,Mountain View, CA 94043, USA. Google Analytics uses so-called"cookies". These are text files that are stored on your computer andthat allow an analysis of the use of the website by you. The informationgenerated by the cookie about your use of this website is usually transmittedto a Google server in the USA and stored there.
Google Analytics cookies are stored based onArt. 6 (1) (f) DSGVO. The website operator has a legitimate interest inanalysing user behaviour to optimize both its website and its advertising.
IP anonymization
We have activated the IP anonymization feature onthis website. Your IP address will be shortened by Google within the EuropeanUnion or other parties to the Agreement on the European Economic Area prior totransmission to the United States. Only in exceptional cases is the full IPaddress sent to a Google server in the US and shortened there. Google will use thisinformation on behalf of the operator of this website to evaluate your use ofthe website, to compile reports on website activity, and to provide otherservices regarding website activity and Internet usage for the websiteoperator. The IP address transmitted by your browser as part of GoogleAnalytics will not be merged with any other data held by Google.
Browser plugin
You can prevent these cookies being stored byselecting the appropriate settings in your browser. However, we wish to pointout that doing so may mean you will not be able to enjoy the full functionalityof this website. You can also prevent the data generated by cookies about youruse of the website (incl. your IP address) from being passed to Google, and theprocessing of these data by Google, by downloading and installing the browserplugin available at the following link: tools.google.com/dlpage/gaoptout.
Objecting to the collection of data
You can prevent the collection of your data byGoogle Analytics by clicking on the following link. An opt-out cookie will beset to prevent your data from being collected on future visits to this site:Disable Google Analytics.
For more information about how Google Analyticshandles user data, see Google's privacy policy:support.google.com/analytics/answer/6004245.
Outsourced data processing
We have entered into an agreement with Google forthe outsourcing of our data processing and fully implement the strictrequirements of the German data protection
authorities when using GoogleAnalytics.
Demographic data collection by Google Analytics
This website uses Google Analytics' demographicfeatures. This allows reports to be generated containing statements about theage, gender, and interests of site visitors. This data comes frominterest-based advertising from Google and third-party visitor data. Thiscollected data cannot be attributed to any specific individual person. You candisable this feature at any time by adjusting the ads settings in your Googleaccount or you can forbid the collection of your data by Google Analytics asdescribed in the section "Refusal of data collection".
Google Tag Manager
This website uses Google Tag Manager. This serviceallows website tags to be managed via an interface. Google Tag Manager onlyimplements tags. This means that no cookies are set and no personal data isrecorded. Google Tag Manager triggers other tags which, in turn, may recorddata. However, Google Tag Manager does not access this data. If tags have beendisabled at the domain or cookie level, this remains in place for all trackingtags if these are implemented with Google Tag Manager. You can find out moreabout Google Tag Manager by clicking the following link: http://www.google.de/tagmanager/use-policy.html
5. Subscription to our newsletters
On the website of the Razor HQ GmbH & Co.KG, users are given the opportunity to subscribe to our enterprise'snewsletter. The input mask used for this purpose determines what personal dataare transmitted, as well as when the newsletter is ordered from the controller.
The Razor HQ GmbH & Co. KG informs itscustomers and business partners regularly by means of a newsletter aboutenterprise offers. The enterprise's newsletter may only be received by the datasubject if (1) the data subject has a valid e-mail address and (2) the datasubject registers for the newsletter shipping. A confirmation e-mail will besent to the e-mail address registered by a data subject for the first time fornewsletter shipping, for legal reasons, in the double opt-in procedure. Thisconfirmation e-mail is used to prove whether the owner of the e-mail address asthe data subject is authorized to receive the newsletter.
During the registration for the newsletter, wealso store the IP address of the computer system assigned by the Internetservice provider (ISP) and used by the data subject at the time of theregistration, as well as the date and time of the registration. The collectionof this data is necessary in order to understand the (possible) misuse of thee-mail address of a data subject at a later date, and it therefore serves theaim of the legal protection of the controller.
The personal data collected as part of aregistration for the newsletter will only be used to send our newsletter. Inaddition, subscribers to the newsletter may be informed by e-mail, as long asthis is necessary for the operation of the newsletter service or a registrationin question, as this could be the case in the event of modifications to thenewsletter offer, or in the event of a change in technical circumstances. Therewill be no transfer of personal data collected by the newsletter service to thirdparties. The subscription to our newsletter may be terminated by the datasubject at any time. The consent to the storage of personal data, which thedata subject has given for shipping the newsletter, may be revoked at any time.For the purpose of revocation of consent, a corresponding link is found in eachnewsletter. It is also possible to unsubscribe from the newsletter at any timedirectly on the website of the controller, or to communicate this to thecontroller in a different way.
6. Newsletter-Tracking
The newsletter of the Razor HQ GmbH & Co. KGcontains so-called tracking pixels. A tracking pixel is a miniature graphicembedded in such e-mails, which are sent in HTML format to enable log filerecording and analysis. This allows a statistical analysis of the success orfailure of online marketing campaigns. Based on the embedded tracking pixel,the Razor HQ GmbH & Co. KG may see if and when an e-mail was opened by adata subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the trackingpixels contained in the newsletters are stored and analysed by the controllerin order to optimize the shipping of the newsletter, as well as to adapt thecontent of future newsletters even better to the interests of the data subject.These personal data will not be passed on to third parties. Data subjects areat any time entitled to revoke the respective separate declaration of consentissued by means of the double-opt-in procedure. After a revocation, these personaldata will be deleted by the controller. The Razor HQ GmbH & Co. KGautomatically regards a withdrawal from the receipt of the newsletter as arevocation.
7. Contact possibility via the website
The website of the Razor HQ GmbH & Co. KGcontains information that enables a quick electronic contact to our enterprise,as well as direct communication with us, which also includes a general addressof the so-called electronic mail (e-mail address). If a data subject contactsthe controller by e-mail or via a contact form, the personal data transmittedby the data subject are automatically stored. Such personal data transmitted ona voluntary basis by a data subject to the data controller are stored for thepurpose of processing or contacting the data subject. There is no transfer ofthis personal data to third parties.
8. Comments function in the blog on the website
The Razor HQ GmbH & Co. KG offers users thepossibility to leave individual comments on individual blog contributions on ablog, which is on the website of the controller. A blog is a web-based,publicly-accessible portal, through which one or more people called bloggers orweb-bloggers may post articles or write down thoughts in so-called blogposts.Blogposts may usually be commented by third parties. If a data subject leaves acomment on the blog published on this website, the comments made by the datasubject are also stored and published, as well as information on the date ofthe commentary and on the user's (pseudonym) chosen by the data subject. Inaddition, the IP address assigned by the Internet service provider (ISP) to thedata subject is also logged. This storage of the IP address takes place forsecurity reasons, and in case the data subject violates the rights of thirdparties, or posts illegal content through a given comment. The storage of thesepersonal data is, therefore, in the own interest of the data controller, sothat he can exculpate in the event of an infringement. This collected personaldata will not be passed to third parties, unless such a transfer is required bylaw or serves the aim of the defense of the data controller.
9. Subscription to comments in the blog on the website
The comments made in the blog of the Razor HQGmbH & Co. KG may be subscribed to by third parties. In particular, thereis the possibility that a commenter subscribes to the comments following hiscomments on a particular blog post.
If a data subject decides to subscribe to theoption, the controller will send an automatic confirmation e-mail to check thedouble opt-in procedure as to whether the owner of the specified e-mail addressdecided in favour of this option. The option to subscribe to comments may beterminated at any time.
10. Routine erasure and blocking of personal data
The data controller shall process and store thepersonal data of the data subject only for the period necessary to achieve thepurpose of storage, or as far as this is granted by the European legislator orother legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or ifa storage period prescribed by the European legislator or another competentlegislator expires, the personal data are routinely blocked or erased inaccordance with legal requirements.
11. Rights of the data subject
a) Right of confirmationEach data subject shall have the right granted bythe European legislator to obtain from the controller the confirmation as towhether or not personal data concerning him or her are being processed. If adata subject wishes to avail himself of this right of confirmation, he or shemay, at any time, contact any employee of the controller.
b) Right of accessEach data subject shall have the right granted bythe European legislator to obtain from the controller free information abouthis or her personal data stored at any time and a copy of this information.Furthermore, the European directives and regulations grant the data subjectaccess to the following information: the purposes of the processing; thecategories of personal data concerned; the recipients or categories ofrecipients to whom the personal data have been or will be disclosed, inparticular recipients in third countries or international organisations; wherepossible, the envisaged period for which the personal data will be stored, or,if not possible, the criteria used to determine that period; the existence ofthe right to request from the controller rectification or erasure of personaldata, or restriction of processing of personal data concerning the datasubject, or to object to such processing; the existence of the right to lodge acomplaint with a supervisory authority; where the personal data are notcollected from the data subject, any available information as to their source;the existence of automated decision-making, including profiling, referred to inArticle 22(1) and (4) of the GDPR and, at least in those cases, meaningfulinformation about the logic involved, as well as the significance and envisagedconsequences of such processing for the data subject. Furthermore, the datasubject shall have a right to obtain information as to whether personal dataare transferred to a third country or to an international organisation. Wherethis is the case, the data subject shall have the right to be informed of theappropriate safeguards relating to the transfer. If a data subject wishes toavail himself of this right of access, he or she may, at any time, contact anyemployee of the controller.
c) Right to rectificationEach data subject shall have the right granted bythe European legislator to obtain from the controller without undue delay therectification of inaccurate personal data concerning him or her. Taking intoaccount the purposes of the processing, the data subject shall have the rightto have incomplete personal data completed, including by means of providing asupplementary statement. If a data subject wishes to exercise this right torectification, he or she may, at any time, contact any employee of the controller.
d) Right to erasure (Right to be forgotten)Each data subject shall have the right granted bythe European legislator to obtain from the controller the erasure of personaldata concerning him or her without undue delay, and the controller shall havethe obligation to erase personal data without undue delay where one of thefollowing grounds applies, as long as the processing is not necessary: Thepersonal data are no longer necessary in relation to the purposes for whichthey were collected or otherwise processed. The data subject withdraws consentto which the processing is based according to point (a) of Article 6(1) of theGDPR, or point (a) of Article 9(2) of the GDPR, and where there is no otherlegal ground for the processing. The data subject objects to the processingpursuant to Article 21(1) of the GDPR and there are no overriding legitimategrounds for the processing, or the data subject objects to the processingpursuant to Article 21(2) of the GDPR. The personal data have been unlawfullyprocessed. The personal data must be erased for compliance with a legalobligation in Union or Member State law to which the controller is subject. Thepersonal data have been collected in relation to the offer of informationsociety services referred to in Article 8(1) of the GDPR. If one of theaforementioned reasons applies, and a data subject wishes to request theerasure of personal data stored by the Razor HQ GmbH & Co. KG, he or shemay, at any time, contact any employee of the controller. An employee of RazorHQ GmbH & Co. KG shall promptly ensure that the erasure request is compliedwith immediately. Where the controller has made personal data public and isobliged pursuant to Article 17(1) to erase the personal data, the controller,taking account of available technology and the cost of implementation, shalltake reasonable steps, including technical measures, to inform othercontrollers processing the personal data that the data subject has requestederasure by such controllers of any links to, or copy or replication of, thosepersonal data, as far as processing is not required. An employees of the RazorHQ GmbH & Co. KG will arrange the necessary measures in individual cases.
e) Right of restriction of processingEach data subject shall have the right granted bythe European legislator to obtain from the controller restriction of processingwhere one of the following applies: The accuracy of the personal data iscontested by the data subject, for a period enabling the controller to verifythe accuracy of the personal data. The processing is unlawful and the datasubject opposes the erasure of the personal data and requests instead therestriction of their use instead. The controller no longer needs the personal datafor the purposes of the processing, but they are required by the data subjectfor the establishment, exercise or defence of legal claims. The data subjecthas objected to processing pursuant to Article 21(1) of the GDPR pending theverification whether the legitimate grounds of the controller override those ofthe data subject. If one of the aforementioned conditions is met, and a datasubject wishes to request the restriction of the processing of personal datastored by the Razor HQ GmbH & Co. KG, he or she may at any time contact anyemployee of the controller. The employee of the Razor HQ GmbH & Co. KG willarrange the restriction of the processing.
f) Right to data portabilityEach data subject shall have the right granted bythe European legislator, to receive the personal data concerning him or her,which was provided to a controller, in a structured, commonly used andmachine-readable format. He or she shall have the right to transmit those datato another controller without hindrance from the controller to which thepersonal data have been provided, as long as the processing is based on consentpursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2)of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of theGDPR, and the processing is carried out by automated means, as long as theprocessing is not necessary for the performance of a task carried out in thepublic interest or in the exercise of official authority vested in thecontroller.
Furthermore, in exercising his or her right todata portability pursuant to Article 20(1) of the GDPR, the data subject shallhave the right to have personal data transmitted directly from one controllerto another, where technically feasible and when doing so does not adverselyaffect the rights and freedoms of others. In order to assert the right to dataportability, the data subject may at any time contact any employee of the RazorHQ GmbH & Co. KG.
g) Right to objectEach data subject shall have the right granted bythe European legislator to object, on grounds relating to his or her particularsituation, at any time, to processing of personal data concerning him or her,which is based on point (e) or (f) of Article 6(1) of the GDPR. This alsoapplies to profiling based on these provisions. The Razor HQ GmbH & Co. KGshall no longer process the personal data in the event of the objection, unlesswe can demonstrate compelling legitimate grounds for the processing which overridethe interests, rights and freedoms of the data subject, or for theestablishment, exercise or defence of legal claims. If the Razor HQ GmbH &Co. KG processes personal data for direct marketing purposes, the data subjectshall have the right to object at any time to processing of personal dataconcerning him or her for such marketing. This applies to profiling to theextent that it is related to such direct marketing. If the data subject objectsto the Razor HQ GmbH & Co. KG to the processing for direct marketingpurposes, the Razor HQ GmbH & Co. KG will no longer process the personaldata for these purposes. In addition, the data subject has the right, ongrounds relating to his or her particular situation, to object to processing ofpersonal data concerning him or her by the Razor HQ GmbH & Co. KG forscientific or historical research purposes, or for statistical purposespursuant to Article 89(1) of the GDPR, unless the processing is necessary forthe performance of a task carried out for reasons of public interest. In orderto exercise the right to object, the data subject may contact any employee ofthe Razor HQ GmbH & Co. KG. In addition, the data subject is free in thecontext of the use of information society services, and notwithstandingDirective 2002/58/EC, to use his or her right to object by automated meansusing technical specifications.
h) Automated individual decision-making,including profilingEach data subject shall have the right granted bythe European legislator not to be subject to a decision based solely onautomated processing, including profiling, which produces legal effectsconcerning him or her, or similarly significantly affects him or her, as longas the decision (1) is not is necessary for entering into, or the performanceof, a contract between the data subject and a data controller, or (2) is notauthorised by Union or Member State law to which the controller is subject andwhich also lays down suitable measures to safeguard the data subject's rightsand freedoms and legitimate interests, or (3) is not based on the datasubject's explicit consent. If the decision (1) is necessary for entering into,or the performance of, a contract between the data subject and a datacontroller, or (2) it is based on the data subject's explicit consent, theRazor HQ GmbH & Co. KG shall implement suitable measures to safeguard thedata subject's rights and freedoms and legitimate interests, at least the rightto obtain human intervention on the part of the controller, to express his orher point of view and contest the decision.If the data subject wishes toexercise the rights concerning automated individual decision-making, he or shemay, at any time, contact any employee of the Razor HQ GmbH & Co. KG.
i) Right to withdraw data protection consent
Each data subject shall have the right grantedby the European legislator to withdraw his or her consent to processing of hisor her personal data at any time. If the data subject wishes to exercise theright to withdraw the consent, he or she may, at any time, contact any employeeof the Razor HQ GmbH & Co. KG.
12. Data protection for applications and the application procedures
The data controller shall collect and process thepersonal data of applicants for the purpose of the processing of the applicationprocedure. The processing may also be carried out electronically. This is thecase, in particular, if an applicant submits corresponding applicationdocuments by e-mail or by means of a web form on the website to the controller.If the data controller concludes an employment contract with an applicant, thesubmitted data will be stored for the purpose of processing the employmentrelationship in compliance with legal requirements. If no employment contractis concluded with the applicant by the controller, the application documentsshall be automatically erased two months after notification of the refusaldecision, provided that no other legitimate interests of the controller areopposed to the erasure. Other legitimate interest in this relation is, e.g. aburden of proof in a procedure under the General Equal Treatment Act (AGG).
13. Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basisfor processing operations for which we obtain consent for a specific processingpurpose. If the processing of personal data is necessary for the performance ofa contract to which the data subject is party, as is the case, for example,when processing operations are necessary for the supply of goods or to provideany other service, the processing is based on Article 6(1) lit. b GDPR. Thesame applies to such processing operations which are necessary for carrying outpre-contractual measures, for example in the case of inquiries concerning ourproducts or services. Is our company subject to a legal obligation by whichprocessing of personal data is required, such as for the fulfilment of taxobligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases,the processing of personal data may be necessary to protect the vital interestsof the data subject or of another natural person. This would be the case, forexample, if a visitor were injured in our company and his name, age, healthinsurance data or other vital information would have to be passed on to adoctor, hospital or other third party. Then the processing would be based onArt. 6(1) lit. d GDPR. Finally, processing operations could be based on Article6(1) lit. f GDPR. This legal basis is used for processing operations which arenot covered by any of the abovementioned legal grounds, if processing isnecessary for the purposes of the legitimate interests pursued by our companyor by a third party, except where such interests are overridden by theinterests or fundamental rights and freedoms of the data subject which requireprotection of personal data. Such processing operations are particularlypermissible because they have been specifically mentioned by the Europeanlegislator. He considered that a legitimate interest could be assumed if thedata subject is a client of the controller (Recital 47 Sentence 2 GDPR).
14. The legitimate interests pursued by the controller or by a third party
Where the processing of personal data is basedon Article 6(1) lit. f GDPR our legitimate interest is to carry out ourbusiness in favour of the well-being of all our employees and the shareholders.
15. Period for which the personal data will be stored
The criteria used to determine the period ofstorage of personal data is the respective statutory retention period. Afterexpiration of that period, the corresponding data is routinely deleted, as longas it is no longer necessary for the fulfilment of the contract or theinitiation of a contract.
Provision of personal data as statutory orcontractual requirement;
Requirement necessary to enter into a contract;Obligation of the data subject to provide the personal data; possibleconsequences of failure to provide such data
We clarify that the provision of personal datais partly required by law (e.g. tax regulations) or can also result fromcontractual provisions (e.g. information on the contractual partner). Sometimesit may be necessary to conclude a contract that the data subject provides uswith personal data, which must subsequently be processed by us. The datasubject is, for example, obliged to provide us with personal data when ourcompany signs a contract with him or her. The non-provision of the personaldata would have the consequence that the contract with the data subject couldnot be concluded. Before personal data is provided by the data subject, thedata subject must contact any employee. The employee clarifies to the datasubject whether the provision of the personal data is required by law orcontract or is necessary for the conclusion of the contract, whether there isan obligation to provide the personal data and the consequences ofnon-provision of the personal data.
17. Existence of automated decision-makingAs a responsible company, we do not useautomatic decision-making or profiling.