Data protection declaration of SAXOPRINT Limited

The scope of personal data processing

We collect and use your personal data only to the extent necessary to provide a functional website as well as functional content and services. Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes your name, email address or telephone number. This data refers only to a natural person, not to a legal (company). The collection and use of your personal data takes place regularly only after your consent. An exception applies in those cases where prior consent cannot be obtained for valid reasons and the processing of the data is permitted by law. The term "you/user/your" refers to all customers and visitors to our website. The terms used, such as "user", are to be understood as gender-neutral. If "we" or "us" is mentioned in the text, this refers to SAXOPRINT Limited.

Basic information on data processing and legal bases

We process personal data only in compliance with the relevant data protection regulations. This means that your data will only be processed if permission has been given or if statutory regulations are processed. I.e. in detail that:

• the processing of data for the provision of our contractual services (e.g. processing of orders) and online services is required or prescribed by law;
• your consent has been given;
• is based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and security of our website), in particular range measurement; creation of anonymous profiles for advertising and marketing purposes (by collecting access data and using the services of third-party providers).

With regard to the processing of personal data on the basis of the GDPR, we make reference to:

• the legal basis of consent in Article 6, section 1, subsection a and Article 7 of the GDPR;
• the legal basis for processing the fulfilment of our services and the implementation of contractual measures in Article 6, section 1, subsection b of the GDPR;
• the legal basis for processing to fulfil our legal obligations in Article 6, section 1, subsection c of the GDPR;
• the legal basis for processing to protect our legitimate interests in Article 6, section 1, subsection f of the GDPR.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6, section 1, subsection d serves as the legal basis.

Registration with third-party authentication services

Some of our campaigns require you to register and log in using third-party authentication services, as far as they are available (hereinafter referred to as "third-party authentication"). Authentication services can be e.g. Facebook, Twitter or Google (hereinafter referred to as "authentication provider").

The prerequisite for third-party authentication is that you are registered with the respective authentication provider and enter the required access data on the web form provided for this purpose. The actual registration takes place directly with the respective authentication provider.

During registration we will receive a user ID with the information that you are logged in under this user ID. Furthermore, we will receive a temporary ID ("User Handle") that we will not be able to use indefinitely. Whether we receive additional information depends solely on the third-party authentication you use, the data sharing settings you choose for authentication, and also what information you have shared in the privacy or other settings of your user account with the authentication provider. Depending on the authentication provider and your selections, the data we receive will vary, but it is usually your email address and user name. In the case of Facebook, this is known as" public information" that everyone can see. These include the name, profile and cover picture, gender, networks (e.g. school or workplace), user name (Facebook URL) and user ID (Facebook ID).

The password entered as part of third-party authentication is neither visible to us nor is it stored by us.

Please note that your data stored with us can be automatically compared with your user account with the authentication provider, but this is not always possible or actually happens. For example, if your email address changes, you will have to change it manually in your user account with us.

If you decide that you no longer want to use the user account link with the authentication provider for third-party authentication, you must cancel this connection within your user account with the authentication provider. If you wish to delete your data with us, you must have your account deleted with us.

You should note that when using third-party authentication, both the terms of use and data usage policies, as well as revocation and objection options of the authentication providers, apply.

These are in particular:

Twitter (https://twitter.com/en/tos, https://twitter.com/en/privacy),

Facebook (https://www.facebook.com/legal/terms, https://www.facebook.com/policy.php).

Collection of access data

On the basis of our legitimate interests, we collect data about every access to the server on which this service is located (so-called "server log files"). The access data includes:

• Name of the retrieved website/file
• Date and time of retrieval
• transferred data volume
• Notification of successful retrieval
• browser type and version, the operating system of the calling device
• Referrer URL (the previously visited page)
• IP address and the requesting provider

Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data which requires further storage for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.

Data deletion and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Use of analysis services

Use of Google Analytics

Our website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; "Google"). Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable us to analyse your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Browser plugin and objection against data collection

You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. However, the disabling of add-ons for browsers from Google Analytics does not prevent information from being transmitted to us or to other web analytics services that we may use.

Anonymised collection of IP addresses

We use the "IP Anonymization Activation" function on our website. This will reduce your IP address within Member States of the European Union or other countries party to the Agreement on the European Economic Area prior to transmission to Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and saved there. On our behalf, Google will use this information to evaluate your use of the website in order to compile reports on website activity. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is Article 6, Section 1, subsection f of the GDPR. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/us.html or https://policies.google.com/?hl=en.

Use of Hotjar

We use Hotjar, a web analysis tool from Hotjar Ltd (Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta). Hotjar records the interactions of randomly selected individual visitors to our website in anonymised form. This creates a log of mouse movements and clicks, for example, with the aim of identifying possible improvements to our website. In addition, information about the operating system, browser, incoming and outgoing links, geographical origin as well as resolution and type of the calling up terminal device are evaluated by means of Hotjar for statistical purposes. In addition, we offer the possibility to leave anonymous user feedback via "feedback pools" via Hotjar. The information collected is not personal, is stored by Hotjar Ltd. and is not passed on to any other third parties. Additional information on functions and data usage using Hotjar can be found at: https://www.hotjar.com/legal/policies/privacy. If you do not want a website analysis using Hotjar, you can deactivate it on all websites using Hotjar by setting a "DoNotTrack header" in your browser (opt-out): https://www.hotjar.com/policies/do-not-track/.

Use of Visual Website Optimizer

We use Visual Website Optimizer, a web analysis service from Wingify (14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India). Visual Website Optimizer is used to test the usability of certain pages. Measured data on user behaviour are collected anonymously. We have no way of assigning these anonymous measured values to you personally, for example by assigning your IP address or by other means. Cookies are used to obtain meaningful test results, i.e. the program uses the function provided by your browser to temporarily store information and access it later. Unless the cookies expire at the end of the session, they are available for a maximum of 100 days (further details can be found here: https://vwo.com/knowledge/cookies-used-by-vwo/). You can delete the cookies in your browser at any time. Tracking (i.e. the collection of data generated by the cookie and related to the use of the website) can be deactivated at any time. Please follow the instructions at: https://vwo.com/opt-out/. Further information on data protection can be found at: https://vwo.com/terms-conditions/.

Google Tag Manager

On out Website, we use "Google Tag Manager", a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereafter referred to as "Google"). This service allows website tags to be managed through an interface. Google Tag Manager only implements tags. No cookies are used and no personal information is collected. Google Tag Manager also triggers other tags, which in turn may collect data. However, it does not access this data itself. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented by Google Tag Manager. You can find more information at https://policies.google.com/privacy?hl=en-GB&%3Bgl=en.

Newsletter Tracking (Emarsys Web Extend)

We use the user tracking script "Web Extend" from Emarsys Interactive Services GmbH, Stralauer Allee 6, 10245 Berlin. Web Extend uses cookies and JavaScript to enable individualised content. With the help of Web Extend, we can investigate user behaviour of visitors to our website in pseudonymised and anonymised form. We use the information generated to make our e-mail communication as interesting as possible for you. You can deactivate data processing by Web Extend at any time by changing the cookie settings.

LinkedIn Insight-Tag and LinkedIn Ads

We use the LinkedIn Insight tag on our website (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). This analysis and tracking tool allows us to create reports on the use of our website, optimise our ads with LinkedIn Conversion Tracking and create retargeting lists to target our website visitors to LinkedIn. This enables us to provide targeted, relevant information to our LinkedIn visitors.

The LinkedIn Insight tag uses cookies and collects anonymous information about visitors to our site, such as the URL, device and browser characteristics, and more. LinkedIn does not share any personally identifiable information with this site, and all reports about visitors and ads are anonymous summaries only. If you do not wish to participate in tracking with the LinkedIn Insight tag and do not wish to receive interest-based advertising, you may opt-out of receiving interest-based advertising by clicking on the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. For more information about LinkedIn's privacy policy, please visit https://www.linkedin.com/legal/privacy-policy.

Google Web Fonts

This site uses web fonts provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) ("Google") for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache to display text and fonts correctly. To do this, the browser you are using must connect to Google's servers. This may also involve the transmission of personal data to the servers of Google LLC. in the USA. In this way, Google obtains knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest in the sense of article 6, section 1, subsection f of the GDPR. If your browser does not support Web Fonts, a standard font from your computer will be used.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in the Google data protection declaration: https://www.google.com/policies/privacy/.

reCAPTCHA

Within the scope of our services, we use reCAPTCHA from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) ("Google"). This function is mainly used to differentiate whether an entry is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and, if applicable, other data required by Google for the service to Google and is carried out in accordance with article 6, section 1, subsection f of the GDPR based on our legitimate interest in establishing individual responsibility on the Internet and avoiding misuse and spam. While using Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC. in the USA.

Further information about Google reCAPTCHA and Google's privacy policy can be found at https://www.google.com/policies/privacy/.

Site Search 360

We use Site Search 360, a search service of SEMKNOX GmbH, Webergasse 1, 01067 Dresden, Germany, in the context of the product search on our website. With this service, suitable search results can be displayed on our website by means of a search query. Within the scope of the search query, the search term as well as your IP address and any session ID assigned will be transmitted. SEMKNOX also uses cookies, which enable the search function to be carried out successfully. On our behalf SEMKNOX will use this information to answer your search query. For further information please visit https://www.sitesearch360.com/privacy-policy/.

Usercentrics

We use the Usercentrics Consent Management Platform to fulfill the legal obligation according to article 7, section 1 of the GDPR. The operator is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany. Usercentrics Consent Management Platform collects log file data, user agent (device, browser type, browser language, browser version, resolution) and consent data (consent yes/no, time stamp, data scope, data attributes, ControllerID, ProcessorID, ConsentID) via a Javascript. This JavaScript enables Usercentrics GmbH to inform the user about certain tags and web technologies on our website and to obtain, manage and document his or her consent. You can permanently prevent the execution of JavaScript at any time by making appropriate settings in your browser, which would also prevent Usercentrics from executing the JavaScript. Further information on data protection at Usercentrics can be found at: https://usercentrics.com/privacy-policy/.

Use of social plugins

Facebook

We use so-called social plugins ("plugins") of the social network Facebook, which is operated by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). The plugins are marked with a Facebook logo or the addition "Facebook Social Plug-in" or "Facebook Social Plugin". An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins?locale=en_EN.

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website.

By integrating the plugins, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook account or are not currently logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly associate your next visit to our website with your Facebook account. If you interact with the plugins, for example by clicking the "like" button or making a comment, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook may use this information for the purposes of advertising, market research and demand-oriented design of Facebook pages. To this end, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to link the data collected via our website with your Facebook account, you must log out of Facebook before visiting our website and delete all stored data (cookies) from Facebook from your browser if necessary.

To find out more about the reasons and range of data collection, the further processing and use of the data by Facebook as well as your respective rights and setting options for the protection of your privacy, please refer to the data protection information of Facebook: www.facebook.com/about/privacy

Google+

We use the "+1″ button of the social network Google Plus, which is operated by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) ("Google"). This button can be recognized by the lettering "+1″ on a white or coloured background. If you open any content on our website that contains such a button, the browser establishes a direct connection to the Google servers. Google transmits the content of the "+1" button directly to the user's browser, which in turn integrates the content into the website. We therefore have no influence on the data that Google collects with the button and, according to Google, no personal data is collected as long as the button is not clicked. If you are logged in to Google, your IP address, among other things, will be collected and processed. To what extent and for what purpose Google collects data, in what form the data is processed and used, and what rights and settings are available to protect privacy in this respect, you can find Google's data protection information on the "+1" button: https://policies.google.com/privacy.

If you are a Google Plus member or have logged in to Google and do not want Google to collect data about you when you visit our website and link it to your membership data stored by Google, you must log out of Google Plus or Google before visiting our website and delete all stored data (cookies) from Google from your browser if necessary.

Twitter („Tweet Button“)

We use functions of the Twitter service. These features are provided by Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA). By using Twitter and the "Re-Tweet" function, Twitter links the user's Twitter account with the websites you visit. This is communicated primarily to the user's followers on Twitter. Data is also transmitted to Twitter servers. We would like to point out that we are not aware of the content of the data transmitted or how it is used by Twitter. Further information is available under the following link: https://twitter.com/privacy?lang=en.

Privacy settings on Twitter can be changed in the account settings at: https://twitter.com/settings/account.

If you are a Twitter member and have logged in to Twitter and do not want Twitter to collect data about you when you visit our website and link to your membership data stored on Twitter, you must log out of Twitter before visiting our website and delete all stored data (cookies) from Twitter from your browser if necessary.

Pinterest

We services of pinterest.com. Pinterest.com is a service of Pinterest Inc. (808 Brannan St, San Francisco, CA 94103, USA). The integrated "Pin it" button on our site informs Pinterest that you have accessed the corresponding page of our website. If you are logged in to Pinterest, Pinterest can link this visit to our site to your Pinterest account. The data transmitted by clicking the "Pin it" button is saved by Pinterest. To find out more about the reasons and range of data collection, the further processing and use of the data by Pinterest as well as your relevant rights and setting options for the protection of your privacy, please refer to the data protection information at: https://pinterest.com/about/privacy/.

To prevent Pinterest from linking your next visit to our site with your Pinterest account, you must log out of your Pinterest account before visiting our site and delete all stored Pinterest data (cookies) from your browser if necessary.

Instagram

We use the Instagram service. Instagram is a service of Instagram Inc (1601 Willow Road, Menlo Park, CA, 94025, USA). The integrated "Insta" button on our site informs Instagram that you have visited the corresponding page of our website. If you are logged in to Instagram, Instagram can link this visit to our site to your Instagram account. Instagram saves the data transmitted by clicking the "Insta" button. For information about the purpose and scope of data collection, processing and use, and your rights and privacy choices, please refer to Instagram's Privacy Policy, which is available at: https://help.instagram.com/155833707900388.

To prevent Instagram from linking your next visit to our site with your Instagram account, you must log out of your Instagram account and delete all Instagram data (cookies) from your browser before visiting our site.

LinkedIn

Our website uses the functions of the LinkedIn network (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA). Every time you visit one of our pages that contains any LinkedIn functions, a connection to LinkedIn's servers is established. LinkedIn is informed that you are visiting our website. In addition, your IP address will be transmitted to LinkedIn. If you click the "Recommend button" of LinkedIn and are logged in to LinkedIn, it is possible for LinkedIn to attribute the visit to our website to you and your LinkedIn user account. We point out that we have no knowledge of the content of the transmitted data and their use by LinkedIn. Further information can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

To prevent LinkedIn from associating your next visit to our site with your LinkedIn account, you must log out of your LinkedIn account before visiting our site and delete all stored LinkedIn data (cookies) from your browser if necessary.

XING

We use the functions of the Xing network (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany). Every time you visit one of our pages that contains functions of Xing, a connection to Xing servers is established. To our knowledge, personal data will not be stored. In particular, no IP addresses are stored, or the usage behaviour is evaluated. Further information on data protection and the Xing Share button can be found in Xing's data protection declaration at: https://www.xing.com/app/share?op=data_protection.

YouTube

We use the plugins from YouTube (YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA). If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The Youtube server is informed which of our pages you are visiting. If you are logged in to your YouTube account, YouTube is able to map your surfing behavior to your YouTube user profile. This can be prevented by logging out of your YouTube account and deleting all stored data (cookies) from YouTube from your browser if necessary. Further information can be found in YouTube's privacy policy at: https://www.google.com/intl/en/policies/privacy. 

Comments & Contact

Comments and discussions in the blog

If you use the comment function in the SAXOPRINT blog area (www.saxoprint.co.uk/blog), your IP address is saved. This is for our security in the event that someone writes illegal content in comments and contributions (insults, forbidden political propaganda, etc.). We as the provider can be prosecuted for any comments or contributions and are therefore interested in the identity of the author.

To write a comment, you must provide a valid email address, a (nick)name and, if applicable, a valid website link. Your email address and personal data will not be published or passed on to third parties.

We reserve the right to delete comments with threats or insults, advertising or illegal content, obvious backlink comments (especially SPAM) with irrelevant context or invalid email addresses and if necessary to bar the user from further use. The utilisation of our comment function for commercial purposes is prohibited. By submitting a comment, you grant SAXOPRINT Limited the unrestricted right of use for publication on our blog. It is possible to subscribe to additional comments. In this case, you will receive a confirmation email (double opt-in procedure) to check whether you are the owner of the email address you entered. Current comment subscriptions can be removed at any time. Please read the confirmation email for more information.

Contact opportunities

On our website we offer you the possibility to contact us via e-mail and/or via contact form. In this case, the information provided by the user will be stored for the purpose of answering enquiries. The data will not be passed on to third parties. Cross-referencing the data collected in this way with data that may be collected by other elements of our site does not take place either.

Newsletter

Description and scope of data processing

With the following information we will inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receiving newsletters and the procedures described.

Content of the newsletter

We will only send newsletters, emails and other electronic notifications containing advertising information (hereinafter "newsletters") with the consent of the user or with legal permission. Insofar as a registration to the newsletter and its content has been outlined in concrete terms, this information is binding for the user's consent.

In addition, our newsletters contain information about new offers, current promotions and news concerning SAXOPRINT Limited.

Double-Opt-In and documentation

The registration for our newsletter takes place in a so-called double opt-in procedure: This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can log in with another email address. Subscriptions to the newsletter are documented so that the registration process can be proven in accordance with legal requirements. This includes saving the date and time of registration and confirmation.

Email dispatch service provider ("dispatch service provider")

The newsletter is sent out on the basis of our legitimate interests as defined in article 6 section 1, sub-section f of the GDPR via Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin, Germany (hereinafter referred to as "dispatch service provider"). The data protection regulations of the dispatch service provider can be viewed here: https://www.emarsys.com/en/privacy-policy/.

Furthermore, the dispatch service provider can use this data in an anonymous form, i.e. without assignment to a user, to optimise or improve its own services, e.g. for technical optimisation of the dispatch and presentation of the newsletter or for statistical purposes in order to determine which countries the recipients are from. However, the service does not use the data of our newsletter recipients to write them down or pass them on to third parties.

Registration details

To subscribe to the newsletter, all you need to do is enter your e-mail address, your name and customer type, in order to be contacted personally and to tailor the content of the newsletter.

Statistical surveys and analyses

The newsletters contain a so-called "web-beacon" or "web bug", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened. In the course of this retrieval, technical information such as information about the browser and your system as well as your IP address and the time of retrieval are initially collected. This information is used to improve the technical performance of the services based on the technical data or the target groups and their reading habits based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. This information can be assigned to individual newsletter recipients for technical reasons, but we are not interested in monitoring individual users. The evaluations serve us rather to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

The statistical surveys and analyses as well as the logging of the application procedure are carried out on the basis of our legitimate interests as defined in article 6, section 1, sub-section f of the GDPR. We are interested in providing a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the user.

Legal basis for data processing

The legal basis of the processing of data after registration to the Newsletter is, with the user's consent, article 6, section 1, sub-section a of the GDPR.

The purposes of data processing

The purpose of collecting the user's e-mail address is for sending the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address in question.

Duration of storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user's email address will therefore be stored for as long as the subscription to the newsletter is still active.

Other personal data collected during the registration process will generally be deleted after a period of seven days.

Possibility of objection and elimination

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. If you have subscribed to the newsletter and cancelled this subscription, your personal data will be deleted accordingly.

Competitions, campaigns and events

If you decide to participate in any of our promotions, we will ask you to provide us with your name, date of birth, email address, telephone number and/or postal address to ensure that each user participates only once and to inform you of the progress of the promotion. In connection with the organisation of competitions or other events, the necessary personal data of the participants will also be transmitted to the associated co-organisers, cooperation partners and sponsors as well as other media. For details on the partners, please consult the relevant promotional details. The use of the data is limited exclusively to the purpose of the respective action. The personal data collected will not be pooled with other data sources. After completion of the respective action, the collected data will be deleted. Any other stipulations require your explicit consent.

Online advertising and targeting

Google Dynamic Remarketing

We use the dynamic remarketing function of "Google AdWords", a service of Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The technology enables us to place automatically generated, target group-oriented advertising following your next visit to our website. The ads are based on the products and services you clicked on the last time you visited our website.

Google uses cookies to create interest-based ads. Google usually saves information such as your web request, IP address, browser type, browser language, date and time of your request. This information is only used to assign the web browser to a specific computer. They cannot be used to identify a person.
If users do not wish to receive user-based advertising from Google, advertisements may be turned off using Google's ad preferences (https://www.google.com/settings/u/0/ads/authenticated?hl=en).

DoubleClick, Google-Anzeigen and Google Conversion Tracking (Google Ads)

To draw your attention to our products, we place advertisements relevant to you and use the "Google Conversion Tracking", a service of Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These ads appear after searches on Google Network web pages. We have the possibility to combine our ads with certain search terms.

When you click on an ad, DoubleClick (DoubleClick is a trademark of the US company Google LLC) sets a cookie on your computer. Cookies enable us to serve ads based on a user's previous visits.

The use of DoubleClick cookies ("floodlights") only allows Google and its partner websites to place ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or within the scope of order data processing. Under no circumstances will Google combine your data with other data collected by Google.

DoubleClick cookies help Google and we as a customer receive information that a user clicked on an ad and was redirected to our website. The information obtained in this way is used exclusively for statistical evaluation to optimize our advertisements. We do not receive any information that personally identifies you. The statistics provided to us by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were redirected to a page of our website with a conversion tag (identifier for a page on the e.g. a purchase transaction is completed). On the basis of these statistics, we can trace which search terms were clicked on our ad most frequently and which ads led to an action by the user.

Further information can be found in Google's privacy policy:: http://www.google.de/policies/technologies/ads/.

If you don't want this to happen, you can prevent the storage of the cookies required for these technologies, e.g. via the settings of your browser. In this case, your next visit will not be included in the user statistics. You can change this using Google's ad settings (https://www.google.com/settings/u/0/ads/authenticated?hl=en) and disable interest-based ads.

Use of Facebook Retargeting (Facebook Pixel)

We use the retargeting technology "Website Custom Audience" of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94394, USA ("Facebook") and enables us to display relevant advertising and offers to web site users who are already interested in our Internet presence and are Facebook members, on Facebook via the Facebook Ad Network.
To display these advertisements, we have embedded a Facebook retargeting pixel on our website that enables Facebook to record our users as visitors to our website using a pseudonym and to use this data for our ad placements on Facebook. Personal data is not collected or stored. Users cannot be identified on Facebook. Facebook does not link the data collected via the retargeting pixel to the user data stored about a person on Facebook. Further information on data protection and setting options can be found at: https://www.facebook.com/settings/?tab=ads and at https://www.facebook.com/about/privacy. Users may object to the use of Facebook Website Custom Audiences at: https://www.facebook.com/settings/?tab=ads.

Microsoft Bing Ads

Our website uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads will place a cookie on your computer if you access our website via a Microsoft Bing ad. This allows us and Microsoft Bing to recognize that someone has clicked on an ad, been redirected to our site, and has reached a predetermined conversion page. We only see the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user will be disclosed. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this - for example using a browser setting that will deactivate the automatic setting of cookies in general. For more information on data protection and the cookies used at Microsoft Bing, please visit the Microsoft website: https://privacy.microsoft.com/en-gb/privacystatement. 

Deactivation tool provided to third parties for online advertising

You can deactivate the use of cookies with the assistance of the Network Advertising Initiative (NAI - http://www.networkadvertising.org/choices/) and the EDAA (European Interactive Digital Advertising Alliance - http://www.youronlinechoices.com/uk/your-ad-choices/). However, we advise that we cannot guarantee the integrity of the third-party cookies for these free services.

Integration of third-party services and content

It is possible that contents of third parties, e.g. in the form of YouTube videos, Google Maps mapping material, RSS feeds or graphics from other platforms may be integrated within the SAXOPRINT online services. There is the chance that the suppliers of this content may be able to see the IP address of the user, as they cannot send the content to the browser of the individual user if the IP address is not known. In such a case, the IP address is required to display the contents of third parties. SAXOPRINT takes care to only use content for which IP addresses are solely used for the purpose of distribution. However, SAXOPRINT has no influence on if the IP address is stored for the information of third parties by the respective provider, e.g. for statistical purposes. In so far as SAXOPRINT has information on this, the users will be informed.

Data integrity

We protect our website and other systems by technical and organisational measures against data loss, destruction, unauthorised access, modification or distribution. Access is only possible after entering your personal password. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others (https://www.saxoprint.co.uk/data-security). 

Links (hyperlinks) to third-party websites

Our Internet services contain links to external third-party websites, the contents of which are beyond our control. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is unreasonable without concrete evidence of a violation of the law. If we become aware of any infringements, we will remove such links immediately.

Our website may contain partnerships with various service providers. Our website enables our users to access the offers and services of partner companies in individual cases. Users of the website may enter into a contractual relationship with the respective service provider by using the services of the latter, for which the corresponding contractual conditions of the service provider then apply. The legal and content responsibility of SAXOPRINT for the services offered on the websites of the partner companies lies solely with the respective partner companies whose contents are accessed via our homepage. When using the services of a third-party service provider, contractual relationships are established exclusively with the respective partner company and the user in accordance with the conditions applicable to this contractual relationship. This should be stated on the relevant website or in the Terms of Use or Privacy Policies. SAXOPRINT has no control over the content or operation of third-party websites and is not responsible for the information contained on these websites.

Similarly, SAXOPRINT is neither responsible for the fulfilment of orders or services ordered via such a website, nor is SAXOPRINT responsible for the data protection guidelines ("Privacy Policies") of such websites and the data that are expressly or automatically collected there.

In the event of difficulties or other problems in connection with third-party websites, we would ask you to contact these third parties directly and not SAXOPRINT.

Website in general

Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

(1) Information about the browser type and version used;

(2) The user's operating system;

(3) The IP address of the user;

(4) Date and time of access;

(5) Websites from which the user's system reaches our website;

(6) Websites accessed by the user's system via our website.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for data processing and temporary storage of data and log files is article 6, section 1 subsection f of the GDPR

Purpose of data processing

The temporary storage of IP addresses by our system is necessary to enable the website to be transmitted to the user's computer. For this, the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the operation of the website. In addition, the data serves us to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing is in accordance with article 6, section 1, subsection f of the GDPR.

Duration of storage

The data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected.

In the case of the collection of data for the provision of the website, this will occur when the respective session has ended.

If the data is stored in log files, this will happen after seven days at the latest. Any further storage is done only by deleting or altering the IP addresses of the users, so that an assignment of the calling browser is no longer possible.

Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

Use of cookies on the website

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored in the cookies and transmitted to us every time a page is accessed:

(1) Language settings;

(2) Session information, e.g. items in the shopping cart;

(3) Log-in information.

We also use cookies on our website which enable an analysis of the user's browsing behaviour.

In this way, the following data can be determined:

(1) Entered search terms;

(2) Frequency of page views;

(3) Use of website functions;

(4) Type of use (device type, screen resolution, speed, language).

The user data collected in this way is made anonymous by technical safeguards. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.

When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this data protection statement. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings.

Legal basis for data processing

The legal basis for the processing of personal data using cookies is article 6, section 1, sub-section f of the GDPR.

Purpose of data processing

The purpose of using cookies, which are technologically necessary, is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

(1) Language settings;

(2) Session information, e.g. items in the shopping cart;

(3) Log-in information.

The user data collected by cookies, which are technically necessary, are not used to create user profiles.

The cookies are used to improve the quality of our website and its content. Through the cookies we learn how the website is used and can thus continuously optimise our services.

Further information can also be found in the chapter " The use of analysis services ". For these purposes, our legitimate interest also lies in the processing of personal data in accordance with article 6, section 1, subsection f of the GDPR.

Duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted to our website. Therefore, as a user, you also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

Integration of third-party services and content

Within our online offer, we use content or service offers of third parties based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services in accordance with article 6, section 1, sub-section f of the GDPR) in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as "content"). In all cases, the third-party providers of this content must be able to see the IP address of the user, as they would not be able to send the content to the user's browser without the IP address. The IP address is therefore required for the display of this content. We strive to only use content for which the respective providers use the IP address to deliver content.

Third-party providers may also use so-called "pixel tags" (invisible graphics, also known as "web beacons", "web bugs") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The anonymous information may be stored in cookies on the user's device and may contain technical information about the browser and operating system, linking websites, visiting time and other information about the use of our online services, and may also be linked to such information from other external sources.

Further information can also be found in the chapters "Use of analysis services" and "Online advertising and targeting".

Electronic payment providers ("ePayment")

During the ordering process, we offer you a number of payment methods. Depending on the selected payment method, we will forward you to the related payment provider. The data required for payment is processed directly by the payment provider. In this respect, the privacy policy of the selected payment provider applies.

Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by installment" via PayPal, we pass your payment data on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), in the context of payment processing. The transfer takes place in accordance with article 6, section 1, sub-section b of the GDPR and only insofar as necessary for payment processing.

PayPal reserves the right to carry out credit checks for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal. For this purpose, your payment data may be passed on to credit agencies on the basis of PayPal's legitimate interest in determining your solvency according to article 6, section 1, sub-section f of the GDPR. PayPal uses the result of the credit assessment in relation to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

Klarna Pay now. Online Bank Transfer

If you select the payment method "Klarna Online Bank Transfer", payment will be processed by the payment service provider Klarna GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "Klarna Online Bank Transfer"), to whom we will pass on your information provided during the order process together with the information about your order in accordance with article 6, section 1, subsection b of the GDPR. Klarna GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with the payment service provider "Klarna Online Bank Transfer" and only insofar as it is necessary for this. For more information about the privacy policy of Klarna, visit: https://www.klarna.com/pay-now-with-direct-banking/privacy-statement/

Credit card

Credit card payments are processed by the payment provider, Ingenico Payment Services GmbH (hereinafter "Ingenico"), one of the leading European payment service providers. Your payment data is transmitted to the Ingenico server via a secure https connection. Ingenico is certified according to the Payment Card Industry Data Security Standard (PCI DSS), the international security standard for credit card payments on the Internet. You can obtain the detailed data protection statement during the payment process by clicking on the data protection statement on Ingenico's website.

Trusted Shops Seal of Quality

The Trusted Shops Trustbadge is integrated on our website to display our Trusted Shops seal of approval and any collected evaluations as well as to offer Trusted Shops products to buyers after an order.

This serves the protection of our legitimate interests in an optimised Marketing of our product range. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.

When triggering the trustbadge, the web server of Trusted Shops automatically stores a so-called server log file, which contains e.g. your IP address, date and time of the request, transferred data volume and the requesting provider (access data) and documents the request. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your page visit.

Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for use. In this case the contractual agreement between you and Trusted Shops applies.

Automated individual decision-making, including profiling

Our company checks the creditworthiness of existing customers regularly when contracts are concluded and in certain cases where there is a legitimate interest. For this purpose, we work together with Creditreform Boniversum GmbH, from whom we receive the necessary data.

Creditreform

The information according to article 14 GDPR of Creditreform Boniversum GmbH can be found here: https://www.boniversum.de/wp-content/uploads/2020/11/Creditreform_Boniversum_Textbaustein_Informationspflicht-Art.-14-EU-DSGVO.pdf

Request for proposal

Description and scope of data processing

On our website we offer you the opportunity to request a quotation for our products by providing personal data. The data is entered into an input mask and transmitted to us and saved. The data will not be passed on to third parties.

The following data is collected during the quotation process:

(1) Title;

(2) Address;

(3) Telephone numbers/email addresses;

(4) First name/last name;

(5) Assignment to customer categories (business customer/private customer, etc.).

At the time of registration, the following data is also stored:

(1) Date and time of preparation of the offer;

(2) Unique designation of the offer.

Within the framework of the offer process, consent to the processing of this data is obtained.

Purpose of data processing

Personal data is collected for the purpose of making contact (by e-mail, telephone or post) with regard to the requested offer.

Furthermore, the corresponding offer can be accessed directly by means of a specific link.

Duration of storage

The data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected.

This is the case when the data is no longer needed to create a quote for pre-contractual measures. Even after conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.

Possibility of objection and elimination

If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

Registration

Description and scope of data processing

On our website we offer you the opportunity to register by providing personal data. The data is entered into an input field and transmitted to us and saved. The data will not be passed on to third parties. The following data is collected during the registration process:

(1) Title;

(2) Address;

(3) Username/Login name;

(4) Consent to advertising measures;

(5) Date of birth;

(6) Telephone numbers/email addresses;

(7) First name/last name;

(8) Allocation to customer categories (business customer/private customer, etc.).

At the time of registration, the following data is also stored:

(1) Date and time of registration,

(2) Customer number.

In the course of the registration process, consent to the processing of this data is obtained.

Purpose of data processing

Registration is required to fulfill a contract with you or to carry out pre-contractual measures.

The personal data is collected for the purpose of contract fulfilment (sale/manufacturing/shipment) of printed (related) products.

Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

This is the case for the data collected during the registration process to fulfil a contract or to carry out pre-contractual measures when the data is no longer required to carry out the contract. Even after conclusion of the contract or the pre-contractual measures, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

Possibility of objection and elimination

You can cancel your registration at any time. You can change the data stored about you at any time

If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary

Ordering and payment

Description and scope of data processing

The following data is collected in the course of the order, in addition to registration:

(1) Delivery addresses;

(2) Payment data, if required (e.g. SEPA direct debit mandate);

(3) Customer-specific/input data (print data uploads).

At the time of ordering, the following data is also stored:

(1) Date and time of order;

(2) Product order number/Order number/Stock basket number;

Within the scope of the order process, the user's consent to the processing of this data is obtained.

Purpose of data processing

The personal data is collected for the purpose of fulfilling the contract.

Duration of storage

The data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected.

This is the case for the data collected during the order process to fulfill a contract when the data is no longer required for the execution. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

Possibility of objection and cancellation

If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

Refund procedure

Description and scope of data processing

The following data is collected:

(1) Payment data

Legal basis for data processing

The legal basis for the processing of data is article 6, section 1, sub-section b of the GDPR.

Purpose of data processing

The personal data is collected for the purpose of fulfilling the contract concerning the refund of payments received.

Duration of storage

The data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected. This is usually the time when the refund procedure has been completed.

Possibility of objection and cancellation

You can cancel your registration at any time. If the data is required to fulfil a contract, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

Shipment of goods - Integration of DPD Predict

Description and scope of data processing

If an order is shipped via DPD Deutschland GmbH (exception: reseller shipments), we will send the following information to DPD Deutschland GmbH in addition to the data required for shipment (name, address):

(1) E-mail address

Legal basis for data processing

The legal basis for data processing is Article 6, section 1, subsection f of the GDPR.

Purpose of data processing

The data is shared both to avoid problems during delivery and to make the delivery process itself customer-friendly.

Duration of storage

The data is collected for each individual shipment, archived for each shipment in accordance with legal requirements, stored (e.g. for complaints and billing purposes) and then deleted.

Possibility of objection and elimination

You can object to the transmission of the data to DPD Deutschland GmbH at any time by e-mail, letter or telephone.

You can also object directly to DPD Deutschland GmbH by sending an e-mail to widerspruch_predictbenachrichtigung@dpd.de or, in the case of all parcel notifications, via a link.

Contact form and e-mail contact

Description and scope of data processing

There is a contact form on our website which can be used for electronic contact. If you take advantage of this option, the data entered in the input mask will be transmitted to us and saved. This data is:

(1) Title,

(2) Telephone numbers/email addresses,

(3) First name/last name,

(4) Order/customer number (optional, if available).

At the time the message is sent, the following data is also stored:

(1) Date and time.

Your consent is obtained for the processing of the data within the scope of the submission process and reference is made to this data protection declaration.

Alternatively, you can contact us via the email address provided by us. In this case, the user's personal data transmitted by email will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

Legal basis for data processing

The legal basis for the processing of data is article 6, section 1, sub-section a of the GDPR if the user has given his or her consent.

The legal basis for the processing of data transmitted in the course of sending an email is article 6, section 1, sub-section f of the GDPR. If the email contact seeks the closure of a contract, additional legal basis for the processing is article 6, section 1, sub-section b of the GDPR.

Purpose of data processing

The processing of the personal data from the input mask is used solely to enable us to contact you. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

Duration of storage

The data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the particular conversation with the user is finished. The conversation is terminated when it can be deduced from the circumstances that the issue in question has been finally clarified.

Possibility of objection and elimination

You can revoke this consent at any time by e-mail, letter or telephone.

In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted.

Contact information you provide voluntarily (e.g. business cards at trade fairs)

Description and scope of data processing

Business cards may be exchanged in the course of business. These contain personal data. The following data may be collected after receipt of a business card:

(1) Title,

(2) Address,

(3) Telephone numbers/email addresses,

(4) First name/last name,

(5) Position.

Legal basis for data processing

In line with the position of the Data Protection Authority of Bavaria for the Private Sector, the use of said data for the purpose of business relations is permissible (Article 6, sections 1, clause 1, points b and f of the GDPR).

Purpose of data processing

Personal data is collected for the purpose of making future contact (by e-mail, telephone or post).

Duration of storage

The data will be deleted as soon as it is no longer needed to achieve the purposes for which it was collected. For pre-contractual measures, this is the case if no contract is finally concluded. Even after entering into a contract, there may be a need to store the personal data of the other party in order to fulfil any contractual or legal obligations.

Possibility of objection and elimination

In all circumstances, you have the option of objecting to the processing of your data. However, if the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

If we handle your personal data, you are covered by the GDPR and you have the following rights with regard to the responsible persons:

Right of access by the data subject

You can ask the responsible person to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you can request the following information from the person responsible:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the origin of the data if the personal data is not collected from the individual concerned;

(8) the existence of automated decision-making including profiling in accordance with article 22, sections 1 and 4 GDPR and - in such cases at least - relevant information on the reasoning behind such proceedings and the scope and intended effects of such proceedings for the person concerned.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with article 46 of the GDPR in connection with the data transfer.

Right to rectification

You have a right of rectification and/or completion with respect to the responsible persons if the personal data processed concerning you is incorrect or incomplete. The person responsible shall make the correction without delay.

Right to restriction of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted if:

(1) you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

(3) the responsible persons no longer requires the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or

(4) you have filed an objection to the processing pursuant to article 21, section 1 of the GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may only be processed - apart from storage - with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If processing has been restricted according to the above conditions, you will be informed by the responsible persons before the restriction is lifted.

Right to erasure

Deletion duty

You may request that the responsible persons to delete the personal data concerning you without delay and the responsible person is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you is no longer needed for the purposes for which it was collected or otherwise processed.

(2) You revoke your consent, on which the processing was based in accordance with article 6, section 1, sub-section a or article 9, section 2, sub-section a of the GDPR, and there is no other legal basis for the processing.

(3) You file an objection against the processing pursuant to article 21, section 1 of the GDPR and there are no legitimate grounds for the processing, or you file an objection against the processing in accordance with article 21, section 2 of the GDPAR.

(4) The personal data concerning you has been processed unlawfully.

(5) The deletion of personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the responsible persons are subject.

(6) The personal data concerning you was collected in relation to provided services of the IT society in accordance with article 8, section 1 of the GDPR.

Information to third parties

If we have made the personal data concerning you public and we are obliged to delete it in accordance with article 17, section 1 of the GDPR, we will take the appropriate measures, including technical measures. We will take the necessary measures to inform those responsible for data processing, taking into account the available technology and the implementation costs, that you as the concerned party have requested the deletion of all links to this personal data or of copies or replications of this personal data.

Exemptions

The right to cancellation does not exist insofar as the processing is necessary

(1) to exercise freedom of expression and information;

(2) for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the person responsible is subject, or for the performance of a task in the public interest or in the exercise of official authority conferred on the person responsible;

(3) for reasons of public interest in the field of public health pursuant to article 9, section 2, sub-sections h and i and article 9, section 3 of the GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to article 89, section 1 of the GDPR, insofar as the right mentioned in article 89, section 1 of the GDPR is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or

(5) to assert, exercise or defend legal claims.

Right to information

If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

The person responsible has the right to be informed about these recipients.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and computer-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that

(1) processing is based on consent pursuant to article 6, section 1, sub-section a of the GDPR or article 9, section 2, sub-section a of the GDPR or on a contract under article 6, sub-section 1, sub-section b of the GDPR, and

(2) processing is carried out by means of automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is based on article 6, section 1, sub-section e or f of the GDPR; this also applies to profiling based on these conditions.

The data controller no longer processes the personal data concerning you, unless he or she can provide conclusive evidence worthy of the protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in connection with the use of ISS services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the person responsible,

(2) the legislation of the Union or of the Member States to which the person responsible is subject is admissible and that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or

(3) with your express consent.

However, these decisions may not be based on special categories of personal data in accordance with article 9, section 1 of the GDPR, unless article 9, section 2, sub-section a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Up-to-date status and changes to this data protection declaration

This data protection declaration is currently valid and up-to-date as of April 2021.

As we continue to develop our website and offers or as a result of changes in legal or official requirements, it may become necessary to amend the data protection policy in the future.