1. Scope

1.1 These Terms of Use apply to the online presentation platform for employee offers (hereinafter referred to as the "Platform").

1.2   The offers shown on the platform are exclusively designed for users who order the offers or the voucher or discount codes as consumers within the meaning of Article 2(1) of Law no. 24/96, of 31 July (Consumer Protection Law). Using the offers for commercial purposes is prohibited. This shall include but not be limited to commercially purchasing and/or commercially selling goods and services which is strictly prohibited.

1.3 CBPPE - corporate benefits Portugal, Unipessoal Lda,NIPC 516655760, com sede na Avenida do Brasil, 15, 1.º, 1749-112 Lisboa (hereinafter referred to as "corporate benefits") is the operator of the Platform.

1.4 Soley these Terms of Use shall apply. Conflicting or deviating terms and conditions of the users will not be accepted unless corporate benefits has given its prior written approval.

2. Content of the Platform and Role of corporate benefits

2.1 On the Platform, various third-party companies (hereinafter referred to as "Vendors") present goods and services, voucher codes, discount codes, benefits, etc. which can be purchased or redeemed outside the Platform on the Vendors' websites. Those offers are aimed for employees of companies or members of associations or clubs (hereinafter referred to as "Users"). corporate benefits is only running the platform for the presentation of goods and services by the Vendors. corporate benefits does NOT sell any of the goods and services presented.

2.2 Based on the information given to corporate benefits, the Vendors are companies within the meaning of within the meaning of Article 13 of the Portuguese Commercial Code. They can be identified by the logos displayed; In addition, every website of the Vendor accessible via the platform provides of an imprint including the contact information of the Vendor. Intellectual property rights to the Vendor’s content displayed on the Platform remain with the respective Vendor.

2.3 Contracts for the purchase of goods or other services are concluded outside the Platform between the User and the Vendors.

2.4 All Vendors are solely responsible for the content and presentation of the advertised goods and services on the platform. Each Vendor also decides at his own discretion whether to limit the time and/or quantity of his discounts, goods and services. corporate benefits does not check the Vendor’s content. Hence, corporate benefits cannot be held liable for the correctness of the information by the Vendors or their performance. Errors and changes may occur and are reserved.

3. Registration, conclusion of contract, storage of the contract text and contract language

3.1 For using the Platform, the User needs to subscribe with corporate benefits and create a User Account. The Platform is provided free of charge to the user acting as a consumer.

3.2 Registration can only take place with a permanently used e-mail address. Using a so-called "thrash mail address", which is only temporarily valid, is expressly prohibited. Such addresses are given to new users after being "thrown away", which could allow unauthorized persons to gain access to the User' account.

3.3 After the User has submitted the online registration form, corporate benefits will provide the User with an activation code sent to the email address listed within the subscription process. This message constitutes an offer of corporate benefits to the User to conclude a contract via the Platform on the basis of these terms of use. The acceptance of this offer by the User and thus the conclusion of the contract takes place by entering the activation code on the Platform.

3.4 The contract, i.e. the User's registration, is stored by corporate benefits, but is not accessible to the User. The User can check the data stored for his user account via the menu item "My data" in his user profile on the Platform. In addition, the User can access, print, download or save the Terms of Use at any time via the "Terms of Use" link provided on the Platform, but only in the current version. Older versions are not available on the Platform.

3.5 The contract may be concluded in German or English.

3.6 In order to use the Platform, Users must be at least 16 years old or provide the consent of their parents or guardians.

4. Access and use of the Platform; consequences for breach of these Terms of Use; Penalty

4.1 The offers on the Platform are designed exclusively for employees of companies that have been provided with a Platform of corporate benefits, Users who do not meet these requirements are not permitted to use the Platform. If the use of the offers takes place without the aforementioned conditions being met, corporate benefits may take the sanctions specified in sections 4.4 and 6.2 of these Terms of Use against the users concerned (contractual penalty, damages, termination, blocking).

4.2 The offers are exclusively designed for users who use the offers or the voucher or discount codes as consumers within the meaning of Article 2(1) of the Consumer Defence Law. The use of the offers or the voucher or discount codes for commercial purposes, including but not limited to the commercial purchase, commercial offering or commercial resale of goods purchased at a discount, is prohibited. corporate benefits outlines that violations of these provisions may lead to claims for damages, including but not limited to claims of the Verndors against the users. In the event of a repeat offense, corporate benefits reserves the right to file a criminal complaint.

4.3 Proof of entitlement to use the Platform in accordance with No. 4.1 is done by entering an e-mail address under the respective company domain or by entering a code that has been provided to the company for confidential disclosure exclusively to its employees. corporate benefits reserves the right to report unauthorized use by unauthorized persons or public disclosure by users.

4.4 In the event of a culpable violation of the provisions in

- Section 1.2 (use of the Platform and its offerings for commercial purposes),

- Section. 4.1 (use of the Platform without being an employee of a company to which corporate benefits has provided a Platform),

- Section 4.2, sentence 2 (commercial purchase, commercial offering or commercial resale of goods purchased at a discount) OR

- Section 4.3., sentence 2 (public disclosure of access codes)

of these Terms of Use obliges to pay corporate benefits a contractual penalty of at least € 500, in the event of a claim for damages more than this amount, compensation shall be added.

corporate benefits expressly reserves the right to assert further claims for damages. These can significantly exceed the amount of the above-mentioned lump sum. In case of repeat offense, the minimum fine is € 2,000. The contractual penalty will be offset against further claims for damages by corporate benefits.

4.5 The User is obliged to notify corporate benefits immediately if he/she leaves the company assigned to the Platform as an employee. Upon leaving the Company, the User's entitlement to access and use the Platform also expires.

4.6 Users may not pass on their access data to other persons. They must keep their credentials confidential. In the event that a user notices third parties becoming aware of his access data, he is obliged to change his access data immediately. The User is also obliged to inform corporate benefits immediately if there are indications that his user account has been misused by third parties.

5. Confidentiality of offers and contractual penalty for passing on voucher and discount codes

5.1 The offers and conditions on the Platform are based on corporate customer and corporate conditions, which the respective Vendors only grant to authorized users of the Platform. The offers and conditions may therefore only be made available to the authorized group of users of the Platform.

5.2 The offers and conditions as well as the voucher or discount codes are strictly confidential and may not be communicated to third parties. They represent a trade secret of corporate benefits. The User is expressly prohibited from passing on voucher or discount codes obtained through the Platform to third parties. In particular, the publication of such coupon or discount codes on the Internet or the sale of such coupon or discount codes offline or online is prohibited. This prohibition includes the public communication and dissemination by the User of screenshots of the coupon or discount codes of corporate benefits.

5.3 In the event of a culpable violation of the provisions of Section 5.2 (Prohibition of public communication and distribution of voucher or discount codes), the User is obliged to pay corporate benefits a contractual penalty of at least € 500.00 per violation. In the event of a claim for damages more than this amount, compensation shall be added. corporate benefits expressly reserve the right to assert further claims for damages. These can significantly exceed the amount of the above-mentioned lump sum. In case of repeat offense, the minimum fine is € 2,000. The contractual penalty will be offset against other civil claims for compensation for the damages deducted by CBPPE.

5.4 corporate benefits reserve the right to indemnify the User in the event of violations of the provisions of this Section. 5 from further use of the Platform.

5.5 corporate benefits points out that violations of the provisions in this Section 5 are also violations of the Act for the Protection of Trade Secrets and may be punishable.

6. Termination of the User Agreement, Discontinuation, Restriction or Modification of the Offer and Deletion of the User Account

6.1 The User may terminate the User Agreement at any time without giving reasons by deleting his User Account via the menu item "Delete Access" in his User Profile or terminate the User Agreement by notifying corporate benefits in text form (e-mail, fax or letter) without notice.

6.2 corporate benefits is entitled to terminate the User Agreement at any time by notifying the User in text form with a notice period of two working days and to block the User's access to the Platform upon effective termination.

6.3 In the event of violations of Section 1.2, 4.1, 4.2, 4.3 or 5.2 of these Terms of Use, corporate benefits is entitled to block or restrict the User's User Account with immediate effect without notice and to terminate the User Agreement. Further claims of corporate benefits shall remain unaffected.

6.4. Moreover, each contractual party’s right to terminate the agreement for cause shall remain unaffected.

6.5 Upon termination or expiration, the User's account and his access to the Platform will be deleted.

7. Limitation of Liability

7.1 corporate benefits is liable in the event of intent (including malice) and gross negligence in accordance with the statutory provisions. In the case of slight negligence, corporate benefits is only liable if a material contractual obligation is breached. Essential contractual obligations are to be understood as those obligations which the contract has to grant to the user according to its meaning and purpose or the fulfilment of which enables the proper execution of the contract at all and on the observance of which the user may regularly rely.

7.2 In the event of liability due to slight negligence, this liability shall be limited to such damages as are foreseeable or typical at the time of conclusion of the contract. Liability due to injury to life, limb or health remains unaffected, as does strict liability under law, e.g. according to the Product Liability Act.

7.3 Insofar as the liability of corporate benefits is excluded or limited, this also applies to the personal liability of the employees, legal representatives and vicarious agents of corporate benefits. All limitations of liability also apply to all statutory (including tortious) and contractual claims resulting from the use of the Platform or from the user relationship.

8. Participation in dispute resolution procedures and information on online dispute resolution

The European Commission's website for online dispute resolution (ODR website) can be accessed via the following link: https://webgate.ec.europa.eu/odr
However, corporate benefits does not participate in dispute resolution proceedings before a consumer arbitration board.

9. Final Provisions

9.1 corporate benefits is entitled to amend these Terms of Use at any time if this is necessary due to the legal situation, new or changed services and/or a disproportion between performance and consideration or if regulations are changed for the benefit of the User. The User will be informed of the changed terms and conditions with the explicit reference to the possibility of terminating the user relationship at any time. If the User accepts the new terms of use by confirming them at the next login, the amended terms and conditions become part of the agreement. corporate benefits will draw the user's attention to this legal consequence. Refusal of consent shall be regarded as termination of the account by the User.

9.2 Portuguese law shall apply with the UN Convention on Contracts for the International Sale of Goods be excluded, even if the User has his residence or registered office abroad. This choice of law applies to consumers but shall leave the protection afforded to consumers by those mandatory provisions, i.e. provisions of the country in which the consumer has his habitual residence, i.e. unaffected.

last updated: 07.2024

I.      Name and address of the Data Controller

The Data Controller within the meaning of the General Data Protection Regulation and other national data protection laws of member states as well as other data protection provisions is:

corporate benefits GmbH

Schiffbauerdamm 40

10117 Berlin

Germany

Tel. +49 30 - 206 21 66 0

Fax +49 30 - 206 21 66 20

E-mail: info@cb-gmbh.com

Web: https://www.corporate-benefits.de

II.     Contact details of the Data Protection Officer

Please be aware that the data protection officer for corporate benefits GmbH is named here in connection with the use of the portal https://bravantic.benefitsatwork.pt . For information on the  Bravantic privacy officer please visit the corresponding company website.

The Data Protection Officer of corporate benefits GmbH can be reached at:

TÜV Informationstechnik GmbH

Unternehmensgruppe TÜV NORD

IT Security, Business Security & Privacy

Langemarckstrasse 20

45141 Essen

Tel. 0201 - 8999-461

Fax 0201 - 8999-666

e-mail: privacyguard@tuvit.de

III.   General Information concerning data processing

2.     Extent of processing of personal data

In principle, we collect and use the personal data of our users only to the extent necessary to provide a functional website and to provide our content and services. The collection and use of personal data of our users is carried out on a regular basis only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for practical reasons and the data processing is permitted by law.

3.     Legal basis for the processing of personal data

Whenever we obtain the consent of the Data Subject to the processing of his or her personal data, Article 6(1) point a of the European General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

Where the processing of personal data is necessary to perform a contract to which the Data Subject is a party, Article 6(1) point b GDPR serves as the requisite legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6(1) point c GDPR serves as the requisite legal basis.

If processing is necessary to safeguard the legitimate interests of our company or of a third party, and if the interests, fundamental rights and freedoms of the Data Subject do not prevail over the interests previously mentioned, Article 6(1) point f GDPR serves as the legal basis for processing.

4.     Data deletion and length of storage

The personal data of the Data Subject will be deleted or blocked as soon as the purpose for its storage ceases to exist. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the Data Controller is subject. Blocking or deletion of data is also carried out whenever a storage period stipulated by the rules mentioned expires, unless there is a need for further storage of the data in order to conclude or perform a contract.

IV.   Provision of the website and creation of log files

1.     Type and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the visiting computer.

During this process, the following information is collected:

●      Information about the type of browser and version used

●      The user’s operating system

●      The IP address of the user

●      Date and time of access

●      Other websites accessed by the user's system via our website

Data is also stored in our system's log files. None of this data is stored together with any other personal data of the user.

When a coupon code is generated, we store the following personal data for one year as a safeguard against abuse of the services (such as commercial re-sales):

●      Coupon code

●      Offer

●      The company portal through which coupon code is offered

●      First name

●      Last name

●      E-mail address

●      The time the coupon code was generated (date & time)

●      The user’s IP address

2.     Legal basis for data processing

The legal basis for the temporary storage of data and log files is constituted by Article 6(1) point f GDPR.

3.     Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable the website to be served to the computer of the user. To do this, the user's IP address must be stored for the duration of the session.

Storage in log files takes place, so as to ensure the functionality of the website. In addition, data is used to optimize the website and to ensure the security of our information technology systems. No evaluation of data for marketing purposes is carried out in this context.

For these purposes, our legitimate interest in the processing of data exists pursuant to Article 6(1) point f GDPR.

4.     Storage period

Data will be deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data collected for the purpose of provision of the website, this will be the case once the respective session has ended.

Storage is possible. In this case, the IP addresses of users are either deleted or anonymised, so that it is no longer possible to associate them with the visiting client.

In order to prevent abuse, logfiles relating to the creation of coupon codes will be deleted after one year at the latest.

5.     Objection and removal options

The collection of data for provision of the website and the storage of data in log files is essential for the website to be operated correctly. For this reason, no objection option is available to the user.

V.    Use of cookies

a) Type and scope of data processing

Our website uses "cookies". Cookies are text files that are either stored in the Internet browser itself or are stored on the user's computer system by the Internet browser. Whenever a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be identified uniquely whenever the website is revisited.

We use cookies in order to make our website more user-friendly. Some elements of our website require the calling browser to be re-identified even when a new page is visited.

The following data is stored and transmitted in cookies:

●      An ID that enables identification of the user

In addition, on our website we use the services and cookies of Webtrekk GmbH to collect statistical data on website use and to improve our offering accordingly. Webtrekk numbers are used to identify the "Top 5 Offers from Colleagues" on a corporate platform. Webtrekk GmbH is certified for data protection, in the area of ​​Web Controlling Software, by TÜV Saarland.

With each access to the Internet content provided by our portal, some information is collected and evaluated for web controlling purposes; and this will have been transmitted by the user's browser during the registration process. Such collection is carried out by a pixel embedded on each page. The following data is collected:

●      Request (file name of the requested file)

●      Browser type and version (e.g. Internet Explorer 6.0)

●      Browser language (e.g. German)

●      Operating system used (e.g. Windows XP)

●      internal resolution of browser window

●      Screen resolution

●      Javascript activation

●      Java on/off

●      Cookies on/off

●      Colour depth

●      Referrer URL (the previously visited website)

●      shortened IP address for geographical recognition

●      Time of access

●      Clicks

Webtrekk stores the IP address only in an abbreviated (anonymized) form and uses it only for session detection, for geolocation and to defend against cyber attacks. The IP address is then deleted immediately, so that the data collected becomes anonymous.

Webtrekk uses the following cookies:

●      Session cookie (for session detection, lifetime: one session)

Further information can be found on the website of Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, http://www.webtrekk.com .

b) Legal basis for data processing                       

The legal basis for the processing of personal data using cookies is Article 6(1) point f GDPR.

c) Purpose of Data Processing

The purpose of the use of technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be provided without the use of cookies. For these, it is necessary for the browser to be recognized anew each time a new page is consulted. In detail, the following objectives apply:

e) Period of storage, objection and removal options

Cookies are stored on the user's computer and then transmitted by it to us. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full. 

VI.   Newsletter

1.     Type and scope of data processing

On our website you can subscribe to free newsletters. Registration for the monthly newsletter can be done simultaneously with registration. In addition, subscribing to the newsletter is possible at any time in the "My Data" area. During the newsletter registration process, data from the input form will be sent to us:

●      Salutation and title

●      First name and last name

●      Date of birth

●      Company postcode

●      Company e-mail address

●      Password

●      Date and time of registration

●      Distributor affiliation (company platform)

In addition to monthly newsletters, once registration and login have been completed successfully, you can also subscribe to a special newsletter, which will be sent out at irregular intervals.

For data processing purposes, your consent is obtained during the registration process and reference is made to this privacy declaration.

As regards data processing for the purpose of sending out newsletters, data is passed on to Mapp Digital Germany GmbH, Dachauer Strasse 63, 80335 Munich. Such data is used exclusively to send out newsletters.

To send out newsletters, we supply a data package to mapp with the following personal content:

●      E-mail address

●      Salutation

●      Last name

●      Distributor affiliation (company platform & newsletter type)

2.     Legal basis for data processing

The legal basis for data processing after the user has registered for the newsletter is in the case of consent of the user Article 6(1) point a GDPR.

3.     Purpose of data processing

The user's e-mail address is collected in order to deliver the newsletter.

The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the e-mail address used.

4.     Storage period

Data will be deleted as soon as it is no longer needed for the purpose for which it was collected. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active.

5.     Objection and removal options

Subscription to the newsletter may be terminated at any time by the user concerned. For this purpose, a corresponding link to the employee's "My Data" section can be found in each newsletter. Using this link, the employee can unsubscribe from the newsletters.

The "My data" section shows transparently when a monthly newsletter or a special newsletter was ordered or cancelled.

VII.  Registration

1.     Type and scope of data processing

On our website, we offer users the opportunity to register for our portal by providing personal data. This data is entered into an input form and transmitted to us and stored. No data is transferred to third parties. The following data is collected during the registration process:

●      Salutation and title

●      First name and last name

●      Date of birth

●      Postcode

●      E-mail address

●      Date of birth and newsletter

●      Date and time of registration

As part of the registration process, the consent of the user to process this data is obtained. We also save:

●      Language preference for multilingual platforms

●      Location (web browser if shared by user. The user can also specify location manually)

●      Date of registration

●      Time stamp registration code

●      Registration for the monthly e-mail newsletter with timestamp

●      Registration for the special newsletter with timestamp

●      Acceptance of the Terms of Use and Privacy Policy

●      Linked enterprise platform

●      Login with timestamp

●      APP Use iOS / Android Yes / No

●      Offers saved in watchlist

●      Generation of coupon codes

●      Storage of coupons

●      Content of contact forms

●      Content of callback form

●      User ratings of offers with timestamp

iOS/Android app

●      Access to location (Automatic detection of location / new - send push message, if branch in watch list is nearby)

●      Access to camera (scan QR code)

●      Receive push messages - New offers Yes / No

●      Receive push messages - Expiring offers Yes / No

●      Receive push messages - Branch in watch list nearby Yes / No

If this has been activated for your portal, the user has the option of placing classified ads there. In this case, the following data can be specified in order for the advertisement to be created:

●      Salutation and title

●      First name and last name

●      E-mail address

●      Phone number

●      Address

2.     Legal basis for data processing

The legal basis for the processing of the optional data is Art. 6 (1) lit. a GDPR if the user has given his consent. The legal basis for the processing of the data in other respects is Art. 6 para. 1 lit. b GDPR.

3.     Purpose of data processing

User registration is required for the provision of certain content and services on our website. Registration gives the user access to our Employee Offers Platform. The function of this platform is simply to present discount offers. If an employee accepts these offers, he / she will be forwarded directly and anonymously to the chosen provider and thus will enter that provider's area of responsibility. Data collected by external companies on implementation of contracts in relation to employees is processed either by these external companies or their contractual partners. Only on actual purchase of a product does an employee provide the personal data usual at the time of a purchase and in so doing enter into a legal transaction with the provider. At this point, no data is transmitted by us, nor is the provider able to draw any conclusions regarding which company the employee belongs to. None of an employee's activities and purchases will give rise to any personal data processed by our company. Collection of personal data during registration serves the purposes of user identification and contact, customer support, legal proof, marketing and target group analyses and display of user-selected offers.

4.     Storage period

Data will be deleted as soon as it is no longer needed for the purpose for which it was collected. This is the case for the data collected during the registration process if a registration on our website is either cancelled or modified.

5.     Objection and removal options

As a user, you have the option of cancelling your registration at any time. You can change the data stored about you at any time. You can remove your access account at any time in the "My data" section via the "Delete Access" link and make changes in this area.

VIII.   Contact form and e-mail contact

1.        Type and scope of data processing

Our website has a contact form available, which you can use to get in touch with us online. Once a user accepts this option, all the data entered into the input form will be transmitted to us and saved. This data consists of:

●      Salutation

●      First name and last name

●      Your e-mail address

●      Subject

●      and message content

●      Browser version

●      Operating system

At the time the message is sent, the following data is also stored:

●      The IP address of the user

●      Date and time of dispatch of e-mail

Alternatively, it is possible to get in touch using the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.

2.     Legal basis for data processing

The legal basis for data processing is in the case of consent of the user Article 6(1) point a GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6(1) point f GDPR. If the e-mail contact intends to conclude a contract, then an additional legal basis for the processing is Article 6(1) point b GDPR.

3.     Purpose of data processing

The processing of personal data from the input form is only used by us to process the contact event. In the case of contact via e-mail, this also includes a necessary legitimate interest in processing the data concerned.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4.     Storage period

Data will be deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data from the input form of the contact form and that sent by e-mail, this will be the case when the respective conversation with the user has ended. The conversation is ended once it can be inferred from the circumstances that the relevant facts have been conclusively clarified.

5.     Objection and removal options

The user has the option at any time to revoke his or her consent to the processing of his or her own personal data. If the user contacts us by e-mail, he or she may object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored during the contact event will be deleted in this case.

IX.   Disclosure of personal data to third parties

We use an external system from http://salesforce.com Germany GmbH (Registered office: München, Bavaria District court München HRB, 158525, Business address: Erika-Mann-Straße 31-37, 80636 Munich, Germany, Directors: Joachim Wettermark, José Luiz Moura Neto) to process service requests submitted by e-mail or via the Service Portal Forms. Data is stored only within the EU. We have entered into a contract processing agreement with Salesforce and also an additional EU standard contract. Please also note Salesfroce's data protection/privacy policy:  https://www.salesforce.com/de/company/privacy/

We store our portal data with our technical service provider: mpex GmbH (Hosting), Werner-Voss-Damm 62, 12101 Berlin.

To determine location, a query is submitted to HERE Germany GmbH. This query does not involve any personal data. Furthermore, the location is artificially “blurred” by intentionally rounding down decimal places in the GPS coordinates.

In addition, data is passed on internally to corporate benefits IT solutions GmbH, Schiffbauerdamm 40, 10117 Berlin (formerly corporate benefits ventures GmbH), for the purpose of providing our services.

X.    Rights of the Data Subject

If any personal data of yours is processed, you are the Data Subject within the meaning of the GDPR and you have the following rights in relation to the Data Controller:

1.     Right to information

You may ask the Data Controller to confirm if personal data concerning you is being processed by us.

If that is the case, you can request information from the Data Controller about the following data:

(1)      the purposes for which the personal data is being processed;

(2)      the categories of personal data that is being processed;

(3)      the recipients or categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;

(4)      the planned duration of any storage of personal data concerning you or, if specific information is not available, the criteria for determining the duration of such storage;

(5)      the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the Data Controller or a right to object to such processing;

(6)      Existence of a right of appeal to a supervisory authority

(7)      all available information on the source of the data if the personal data is not collected from the Data Subject;

(8)      the existence of automated decision-making, including profiling under Article 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the Data Subject.

You have the right to request information about whether your personal information is transferred to a third country or an international organisation. In this connection, you can request to be informed about the appropriate guarantees under Article 46 GDPR in connection with the transfer of such data.

2.     The right to correction of data

You have a right to correction and / or completion in relation to the Data Controller, if the personal data concerning you is being processed incorrectly or incompletely. The Data Controller must carry out this correction immediately.

3.     The right to restricted processing

You may request that the processing of your personal data is restricted, under the following conditions:

(1)      if you contest the accuracy of your personal information for a period of time that enables the Data Controller to verify the accuracy of your personal information;

(2)      the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data is restricted;

(3)      the     Data Controller no longer needs the personal data for processing purposes, but you need it in order to assert, exercise or defend legal claims; or

(4)      if you have objected to the processing pursuant to Article 21(1) GDPR and it is not yet certain whether the legitimate reasons of the Data Controller outweigh the grounds of your objection.

If the processing of personal data concerning you has been restricted, this data may – apart from their storage - only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of major public interest of the European Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, the Data Controller will inform you before the restriction is lifted.

4.     Right to deletion

a)     Duty to delete

You may require the Data Controller to delete your personal information without delay, and the Data Controller will be required to delete this information immediately, provided one of the following grounds applies:

(1)      The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2)      You withdraw your consent on which the processing pursuant to Article 6(1) point a or Article 9(2) point a GDPR was based, and there is no other legal basis for the processing.

(3)      You raise an objection to the processing pursuant to Article 21(1) GDPR and there are no prior justifiable reasons for the processing, or else you raise an objection to the processing pursuant to Article 21(2) GDPR.

(4)      The personal data concerning you has been processed unlawfully.

(5)      The personal data concerning you must be deleted in order to fulfil a legal obligation under European Union law or the law of the Member States to which the Data Controller is subject.

(6)      The personal data concerning you was collected in relation to information society services offered pursuant to Article 8(1) GDPR.

b)     Passing information to third parties

If the Data Controller has rendered the personal data concerning you public and  pursuant to Article 17(1) of the GDPR is subject to a duty to delete it, it shall, taking into account the available technology and implementation costs, take appropriate steps, including the relevant technical methods, to inform the data controllers who process the personal data that you have been identified as being the Data Subject who has requested deletion of all the links to such personal data or the deletion of all copies or replications of such personal data.

c)     Exceptions

The right to deletion does not exist if the processing is required

(1)      in order to exercise the right to freedom of expression and information;

(2)      in order to fulfil a legal obligation that requires processing under European Union or Member State law to which the Data Controller is subject or for the performance of a public-interest or public-authority task transferred to the Data Controller;

(3)      for reasons of public interest in the field of public health pursuant to Article 9(2) point h and i and Article 9(3) GDPR;

(4)      for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, insofar as the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or

(5)      in order to assert, exercise or defend legal claims.

5.     Right to information

If you have asserted the right to correction, deletion or restriction of data processing against the Data Controller, he / she is obliged to notify all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing: except where this proves to be impossible or involves a disproportionate amount of effort.

In relation to the Data Controller, you have the right to be informed about these recipients.

6.     Right to data portability

You have the right to receive personally identifiable information you provide to the Data Controller in a structured, commonly-used and machine-readable format. In addition, you have the right to transfer this data to another Data Controller without hindrance by the existing Data Controller, whereby the said data must be supplied to the former, provided that

(1)      the processing is based on consent pursuant to Article 6(1) point a GDPR or Article 9(2) point a GDPR or on a contract pursuant to Article 6(1) point b GDPR and

(2)      the processing is carried out using automated procedures.

In exercising this right, you also have the right to ensure that the personal data relating to you is transmitted directly from one Data Controller to another, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected thereby, however.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the Data Controller.

7.     Right to object

You have the right at any time, for reasons that arise from your particular situation, to raise an objection against the processing of your personal data, which takes place pursuant to Article 6(1) point e or f GDPR; this also applies to profiling based on these provisions.

The Data Controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, to exercise your right to object through automated procedures that follow certain technical specifications.

8.     Right to withdraw data protection declaration

You have the right to revoke your data protection declaration at any time. The withdrawal of consent should not affect the lawfulness of the processing based on consent prior to the withdrawal.

9.     Automated decision on an individual basis including profiling

You have the right not to be subjected to a decision based solely on automated processing - including profiling - that would have some legal effect or would significantly affect you in a similar manner. This does not apply if the decision

(1)      is necessary for the conclusion or performance of a contract between you and the Data Controller,

(2)      is permitted by European Union or Member State legislation to which the     Data Controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

(3)      is carried out with your express consent.

However, these decisions must not be based on special categories of personal data under Article 9(1) GDPR, unless Article 9(2) point a or g applies and reasonable measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the Data Controller shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the Data Controller, to express his / her own position and to challenge the decision.

10.  Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you believe that the processing of the personal data concerning you breaches the GDPR.

The supervisory authority to which the complaint has been submitted must inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

last updated: 01.2022