Who we are

Privacy Policy

We, the Hertie School, Friedrichstraße 180, 10117 Berlin, Germany herewith inform you about the processing of personal data for which we are responsible in the sense of the EU General Data Protection Regulation (GDPR).

You can reach our data protection officer by sending an email to hertie-school@daspro.de or by sending a letter to DPO Hertie School, daspro GmbH, Kurfürstendamm 21, 10719 Berlin

Below we have compiled the most important information on typical data processing for you, broken down by groups of data subjects. For certain data processing operations, which only concern specific groups, the information requirements are fulfilled separately. Where the term "data" is used, only personal data within the meaning of the GDPR are meant.

  1. Website visitors of the Hertie School
  2. Students and participants in research and further education programmes
  3. Interested parties as well as applicants for study courses, and for research and further education programmes
  4. Hertie School Alumni
  5. Newsletter recipients
  6. Event participants
  7. Business partners and their employees
  8. Interested parties and communication partners
  9. Rights of data subjects and further information

 

1. Website visitors of the Hertie School

1.1 Server log data

When using the website, certain information is sent to the server of our website by the browser used on your device for technical reasons. This data is stored and processed on our server.

We process the following data for the purpose of providing the contents of the website that you have visited, to ensure the security of the IT infrastructure used, to correct errors, to enable and simplify searches on the website and to manage cookies.

The data processed is HTTP data: HTTP data is protocol data that is generated when the Website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third-party content).

The legal basis for the processing is our legitimate interest in the operation of an Internet presence and the communication with communication partners in accordance with Article 6 (1) (f) GDPR.

The data is automatically transmitted by the browser of the user.

Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

The data will be anonymised and deleted after 7 days at the latest.

Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

1.2 Technically required cookies

We use cookies on our website. Cookies are small text files containing information that can be stored on the user's end device via the browser when visiting a website. The information stored in cookies can be read and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.

In the structure of our Privacy Policy, we differentiate between Technically Required Cookies, Statistics Cookies and Social Media Content from Third Party Providers. For the function of the website, Technically Required Cookies cannot be deactivated via the cookie management function of this website. However, you can deactivate cookies generally in your browser at any time. Different browsers offer different ways to configure the cookie settings in the browser. We would like to point out, however, that some functions of the website may not function or may no longer function properly if you deactivate cookies in your browser in general.

a) Google Tag Manager

We use the Google Tag Manager on our website. The Google Tag Manager enables us to manage cookies and control their placement. This enables us to implement, for example, your consent, a revocation of consent or an opt-out. The Google Tag Manager does not set its own cookies and does not process data stored in cookies.

The purpose of the data processing is to control the placement of cookies on our website and to ensure the security of the application.

The data processed is HTTP data: HTTP data is protocol data that is generated when the Website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third-party content). Your IP address is automatically anonymized during processing.

The legal basis for the processing is our legitimate interest in the simple and reliable control of cookies in accordance with Article 6 (1) (f) GDPR.

The data is automatically transmitted by the browser of the user.

The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, which we use as processor within the framework of a data processing agreement.

The data will be deleted after six months.

Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

b) Consent Cookies

We use so-called Consent Cookies to store your consent, possible revocation of consent and opt-out of the use of cookies on our website.

The purpose of data processing is the storage of the user decisions on cookies (consent, revocation, opt-out).

The processed data are:

  • HTTP data: HTTP data is protocol data that is technically generated when the website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.
  • User decision on cookies: User's decision on individual cookies or groups of cookies. Time of the decision and of the last visit.

The legal basis for the processing is our legitimate interest in the easy and reliable control of cookies settings in accordance with the respective user decisions in accordance with Article 6 (1) (f) GDPR.

The data is actively provided by the user (decision on cookies) or automatically transmitted by the user's browser (protocol data, time stamp).

Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

A negative user decision with regard to cookies is deleted at the end of the session. The other data will be deleted after one year.

Without disclosure of personal data, the use of the website is not possible. Communication via the website without the disclosure of data is technically not possible.

1.3 Statistics Cookies

We use cookies on our website. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.

In the structure of our Privacy Policy, we differentiate between Technically Required Cookies, Statistics Cookies and Social Media Content from Third Party Providers.

Depending on their function and purpose, the use of certain cookies may require the user's consent. Your consent is given through a so-called "cookie banner": When you visit our website, we display our cookie banner. In our cookie banner you can declare your consent to the use of all cookies requiring consent on this website by clicking on the "Accept" button. Without such consent, the cookies requiring consent are not activated. By clicking the "Close" button, you can also completely reject the use of cookies requiring consent. Your decision will be saved in a cookie. Alternatively, you have the possibility to access our "cookie board" by clicking on the "More information" button. In the cookie board, you can make an individual selection of cookies and customize them at a later time. We store your cookie settings in the form of a cookie on your device in order to determine whether you have already made cookie settings the next time you visit the website.

a) Google Analytics

If you have given your consent, we use the web analysis tool Google Analytics on our website. With the help of Google Analytics, we can analyze the user behaviour of visitors to our website in pseudonymized and anonymised form.

You can deactivate the data processing by Google Analytics at any time in our "cookie board". Alternatively, you can install a browser plug-in from Google which prevents data collection by Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en

The purpose of data processing is to analyze user behaviour and to measure the reach of our website and advertisements to optimize our website.

The processed data are:

  • Google Analytics HTTP data: This is protocol data that is generated for technical reasons when using the web analysis tool Google Analytics via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.
  • Google Analytics device data: Data generated by the web analysis tool Google Analytics and assigned to your device: This includes a unique ID for the (re-)recognition of returning visitors (so-called "client ID") as well as certain technical parameters for controlling data collection for web analysis.
  • Google Analytics measurement data: Device-related raw data (so-called "dimensions" and " measurement results"), which are collected and analysed by the web analysis tool Google Analytics when using our website: This includes, above all, information about the sources through which visitors reach our website, information about the location, the browser and the device used, information about the use of the website (in particular page views, frequency of visits and length of stay on accessed pages) as well as information about the fulfilment of certain purposes (in particular transactions in the online shop). The data is assigned to the client ID assigned to your device. As a result, device-related usage profiles are created in which all device-related raw data is combined into a client ID. The data that we collect using Google Analytics does not enable us to identify you personally (i.e. by your civil name). We also do not merge the device-related raw data and the resulting device-related usage profiles with data that directly identifies you personally without your consent.
  • Google Analytics report data: Data contained in aggregated segment and device-related reports generated by the Google Analytics web analysis tool based on the analysis of device-related raw data.

The legal basis for the processing is Article 6 (1) (a) GDPR (consent).

Data is automatically transmitted by the browser of the user.

The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, which we use as processor within the framework of a data processing agreement. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider. The basis for data processing in the USA is your consent granted through the cookie banner (Art. 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future through the Cookie Board.

The data will be deleted after 14 months.

The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot make web analysis using Google Analytics.

1.4 Social Media Content from Third Party Providers

a) Soundcloud Embedding

By activating the checkbox in the cookie banner or cookie board for "Soundcloud" in the category "Social Media Content from Third Party Providers" to play the content, you agree that we allow Soundcloud to collect data for its own purposes. The collection and processing of this data is the sole responsibility of Soundcloud Limited, 20 Old Bailey, London, EC4M 7 AN, United Kingdom.

On our website there are links to audio files that are stored and retrievable at Soundcloud. As soon as you activate the checkbox in the cookie banner or cookie board, the file is loaded by Soundcloud. Technically, the same thing happens then as would happen if you clicked a link to go to the Soundcloud website: Soundcloud receives all information that your browser automatically transmits (including your IP address). Soundcloud also sets its own cookies on your device. This also happens if you do not have a Soundcloud user account. If you are logged in to Soundcloud, your data is directly associated with your account. If you do not want your profile to be associated with your Soundcloud account, you must log out of Soundcloud before activating the checkbox.

We have no knowledge of further details on the processing of personal data or a possible data processing in the USA in the area of data controllership of Soundcloud. Hertie School has no influence on the data processing of Soundcloud.

Information on the processing of personal data by Soundcloud can be found in the Soundcloud Privacy Policy: https://soundcloud.com/pages/privacy

b) YouTube Embedding (Privacy Enhanced Mode)

By activating the checkboxes in the cookie banner or cookie board for "YouTube" in the category " “Social Media Content from Third Party Providers" to play the content, you agree that we allow Google, as provider of the YouTube service, to collect data for its own purposes. The collection and processing of this data is the sole responsibility of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

We then integrate videos stored at Youtube on our website. During this integration, the contents of the YouTube website are displayed in parts of a browser window. However, the YouTube videos are only accessed by clicking on the video separately. The integration of Youtube content is carried out in the so-called "extended data protection mode". This is provided by Google as the provider of YouTube, thus ensuring that no data is transmitted to Google and no cookies are stored on your device before you click in the cookie banner or cookie board to play the video.

As soon as you activate the corresponding checkbox in the cookie banner or cookie board, the video is loaded from Youtube. Technically, the same thing happens then as if would happen if you clicked a link to go to the Youtube website: Youtube receives all information that your browser automatically transmits (including your IP address). Furthermore, Youtube sets its own cookies on your device. This also happens if you do not have a Youtube user account. If you are logged in at Youtube or Google, your data will be assigned directly to your account. If you do not want the assignment to your user account at Youtube or Google, you have to log out at Youtube and Google before activation the corresponding checkboxes in the cookie banner or cookie board.

The collection and processing of this data is the sole responsibility of responsibility of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as service provider.

We have no knowledge of further details on the processing of personal data or a possible data processing in the USA in the area of data controllership of Google. Hertie School has no influence on the data processing of Google.

Information on the processing of personal data by Google can be found in the Google Privacy Policy: https://policies.google.com/privacy

c) Twitter Content

By activating the checkboxes in the cookie banner or in the cookie board to display “Twitter Content”, in the category "Social Media Content from Third Party Providers" to display Twitter content, you agree that we allow Twitter to collect data for its own purposes. We do this by including content stored on Twitter in our website. During this integration, content from the Twitter website is displayed in parts of a browser window. Before activating the corresponding checkboxes in the cookie banner or cookie board to display Twitter content, no data will be transmitted to Twitter and no cookies will be stored on your device.

As soon as you activate the corresponding checkboxes in the cookie banner or in the cookie board for displaying Twitter content, the content will be loaded from Twitter. Technically, the same thing happens then as would happen if you clicked a link to go to the Twitter website: Twitter receives all information that your browser automatically transmits (including your IP address). Twitter also sets its own cookies on your device. This also happens if you do not have a Twitter user account. If you are logged in to Twitter, your data will be assigned directly to your account. If you do not want your account to be assigned to your Twitter user account, you must log out of Twitter before you activate the checkboxes in the cookie banner or cookie board.

The collection and processing of this data is the sole responsibility of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

We have no knowledge of further details of the processing of personal data or data processing in the USA in the area of data controllership of Twitter. Hertie School has no influence on the data processing of Twitter.

Information on the processing of personal data by Twitter can be found in the Twitter Privacy Policy: twitter.com/de/privacy

2. Students and participants in research and further education programmes

(i) The purpose of the processing is the implementation and organization of study programmes, research and further education programmes.

(ii) The processed data are:

Name, e-mail address, title/gender (if indicated), date of birth, address, other telecommunication data, professional knowledge, previous certificates, professional and school career according to curriculum vitae, information about financing of studies, optionally hobbies and photos;

Information about the chosen study programme and status at the Hertie School (enrolled, on leave of absence, graduated or dropped out) as well as current grades in the study program, if applicable final grade.

(iii) The legal basis for data processing is the Study Agreement or the contract for the research and further education program (Article 6 (1)(b) GDPR) and Article 6 (1)(c) GDPR (legal obligations, in particular tax and commercial law regulations).

(iv) The data is provided by the data subject.

(v) The personal data is passed on internally to the responsible employees. The data is also passed on to lecturers, instructors, the State Office for Statistics, to scholarship and study lenders and external speakers. We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.

(vi) All data relevant to the contract and accounting are stored in accordance with tax and commercial law retention periods for a period of ten calendar years after the end of the contract.

(vii) Without the data, it is not possible to participate in the study courses, research and further education programmes of Hertie School.

3. Interested parties as well as applicants for study programmes, and for research and further education programmes

(i) The purpose of data processing is to carry out the application process and to select students and participants for research and further education programmes at the Hertie School. A change of these purposes is not planned.

(ii) The processed data are:

  • Name, e-mail address, title/gender (if indicated), date of birth, address, other telecommunication data, professional knowledge, previous certificates, professional and school career according to curriculum vitae, information about financing of studies, optionally hobbies and photos;
  • Optional information to optimize the recruitment process by surveying the source of attention for interest in the Hertie School

(iii) The legal basis for data processing is the initiation of a Study Agreement or a contract for the research and further education program (Article 6 (1)(b) GDPR). If you do not apply directly yourself, but are proposed, for example, the legal basis is the legitimate interest of the Hertie School in knowing the persons proposed for the relevant study programmes or research and further education program and their professional qualifications (Article 6(1)(f) GDPR).

(iv) The data is provided by the data subject or by the person or institution which has proposed the data subject.

(v) The personal data is passed on internally to the responsible employees. In addition, during the application process some of the data will be passed on to an evaluation committee, to partner universities and to project partners in connection with scholarship programmes and the Integrated Professional Year. In addition, we use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.

(vi) The applicant data for study programmes, research and further education programmes are deleted 6 months after the end of the application procedure. All data relevant to contracts and bookings will be stored in accordance with tax and commercial law retention periods for a period of ten calendar years after the end of the contract.

(vii) Without the data, participation in the application processes for study programmes, research and further education programmes at Hertie School is not possible.

4. Hertie School Alumni

(i) The purpose of the processing is the organization, implementation and documentation of the Hertie School's Alumni Programme, which is intended to serve the networking and international interaction of former students. In addition, research is conducted on the former students' further professional career development in order to further improve the Hertie School's services and to be able to make concrete offers regarding events or collaborations after graduation.

(ii) The data processed are name, email, date of birth and nationality, data on the study programme and exmatriculation, information on the professional career after graduation (sector, institution and position, country) and other personal interests, for example, hobbies, languages or job interests, which you yourself voluntarily provide within the Alumni Programme in the course of your participation.

(iii) The legal basis for the processing of data of Participants of the Hertie School Alumni Programme from July 2020 onwards is the contract for participation in the Hertie School Alumni Programme in accordance with Article 6 (1) (b) GDPR. The legal basis for the processing of data of Participants of the Hertie School Alumni Programme until July 2020 is our legitimate interest in the organization of the Hertie School Alumni Programme and in research on the further professional development of our Alumni in accordance with Article 6 (1) (f) GDPR.

(iv) The data is provided by the Alumni or selected via publicly available business-related social media networks (such as Xing and LinkedIn) or official company websites by our Hertie School Alumni team.

(v) We use service providers as processors within the framework of a data processing agreement, in particular for the provision, maintenance and servicing of IT systems.

(vi) The data will only be deleted when you unsubscribe from the Hertie School Alumni Programme. If you decide that you no longer wish to participate in the Hertie School Alumni Programme, you can terminate your Hertie School Alumni Programme contract at any time without providing any reasons. To do so, you can send your declaration of termination to alumnirelations@hertie-school.org. If you do not want any research on your professional career, you can object to this research at any time alumnirelations@hertie-school.org.

(vii) Without the processing of personal data, participation in the Hertie School Alumni Programme is not possible.

5. Newsletter recipients

If you subscribe to our newsletter, you will receive information about the Hertie School, our events and our offers.

(i) If you subscribe to our newsletter, we process your data for the purpose of sending the newsletter.

(ii) The data processed are:

  • Name, email address, salutation/gender (optional, only if specified)
  • HTTP data

This is protocol data that is generated for technical reasons when opening the newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.

(iii) The legal basis for the processing of data for newsletters is Article 6 (1)(a) GDPR (consent).

(iv) Your contact details are provided by yourself when subscribing to the newsletter, the further data are automatically provided by your browser.

(v) We use service providers as processors within the framework of a data processing agreement, in particular for the provision, maintenance and servicing of IT systems. For the sending of the newsletter, we use, among others, the Pardot service of the provider Salesforce.com Germany GmbH as a processor. Salesforce.com Germany GmbH uses Salesforce.com Inc. in the USA (Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA) as service provider. The basis for data processing in the USA is your consent (Art. 49 (1) (a) GDPR). There is no level of data protection in the USA comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. It is unlikely that it will be possible to enforce your rights in the USA. You can revoke your consent at any time with effect for the future. We have concluded standard EU contractual clauses with Salesforce.com Inc. so that Salesforce.com Inc. may process your data only for our purposes. Furthermore, Salesforce.com Inc. has implemented Binding Corporate Rules.

(vi) Data relation to newsletters will be deleted when you unsubscribe. A revocation of the consent is possible at any time. Please use the unsubscribe function in the newsletters for this purpose.

(vii) Personal data is required to receive newsletters. Without providing personal data, the newsletters cannot be sent.

6. Event participants

We process your data for the purpose of holding the event and for the documentation of the event by means of film and sound recordings and the use of the resulting recordings for the purpose of press and public relations work and for the creation of a participant brochure. A change of these purposes is not planned.

The processed data are:

  • surname, first name, e-mail address, study programme, final year, current institution and position
  • overview of the selected event points
  • Bank and payment data for events involving costs
  • information whether or not the person agrees with the two options (brochure/photos) mentioned above
  • film and sound recordings (if you have given your consent)

The legal basis for the processing of data of Participants in events is Article 6 (1) (b) GDPR (contract to hold the event) and Article 6 (1) (c) GDPR (legal obligations, in particular tax and commercial law regulations). The legal basis for the production of image and sound recordings and its publication and the participants' brochure is your consent in accordance with Article 6 (1) (a) GDPR. Your consent is given voluntarily, participation in the event is also possible without the provision of your consent for recordings and participant brochures.

The data is provided by the Event Participants. The film and sound recordings are made by the Hertie School if you have given your consent.

For the purpose of press and public relations work, the recipient of the image and sound recordings can be anyone, in particular journalists, media companies, press and photo agencies, members, employees, website visitors, users of social media. Banks and payment providers may be recipients of data for the processing of payments. We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.

When publishing film and sound recordings on the Internet (Hertie School website, social media platforms of the Hertie School, film recordings in videos (e.g. YouTube)), data is regularly transferred to so-called third countries outside the European Union, which are to be regarded as unsafe third countries in terms of data protection. Hertie School has no influence on how the social media providers handle the data. Hertie School has no knowledge of whether and for what purposes the data is further processed in the third country.

Archived film and sound recordings of the events as well as publications are generally not deleted. All data relevant to the contract and bookings will be stored in accordance with tax and commercial law retention periods for a period of ten calendar years after the end of the contract. Further data collected in the course of the event will be deleted six months after the event has taken place.

The provision of personal data is contractually binding for participation in events. It is not possible to participate in events without providing personal data. The production of film and sound recordings and the participants' brochure is not obligatory for participation in the event.

7. Business partners and their employees

(i) The purpose of processing is the preparation and execution of contracts and communication with employees of business partners. A change of this purpose is not planned.

(ii) The legal basis for processing is Article 6(1)(b) GDPR (preparation and execution of the contract) in the case of contracts with natural persons, Article 6(1)(f) GDPR our legitimate interest, namely communication with contractually relevant contact persons and always Article 6(1)(c) GDPR (legal obligations, in particular tax and commercial law provisions).

(iii) The data is actively provided by the data subject.

(iv) Recipients of data can be banks for the processing of payments. Authorities and administrative bodies can be recipients within the scope of their tasks, insofar as we are obliged or entitled to transfer data. We also use service providers as processors within the framework of a data processing agreement, in particular for the provision, maintenance and servicing of IT systems.

(v) All data relevant to the contract and accounting are stored in accordance with tax and commercial law retention periods for a period of ten calendar years after the end of the contract.

(vi) The provision of data is obligatory for business partners and employees of business partners both legally and contractually. The business relationship cannot be established and carried out without providing data.

8. Interested parties and communication partners

(i) The purpose of processing is the preparation and execution of a contractual relationship or other communication.

(ii) The data processed are name, contact details, communication content, communication time stamp and technical metadata of the communication.

(iii) The legal basis for processing is Article 6(1)(b) GDPR (contract or contract initiation) in the case of contracts with natural persons, Article 6(1)(f) GDPR (legitimate interest, namely communication with contractually relevant contact persons) in the case of contracts with legal persons, and always Article 6(1)(c) GDPR (legal obligations, in particular tax and commercial law provisions). For communication only, the legal basis is Article 6 (1) (f) GDPR (legitimate interest, namely documentation of communication processes).

(iv) The contact details are actively provided by the data subject. The communication metadata, telephone data and communication data are collected automatically.

(v) Contact and contract data may be transmitted to other service providers, business partners as well as administrative bodies and authorities if this is necessary for the execution of the contract or order. We also use service providers as processors within the framework of a data processing agreement, in particular for the provision, maintenance and servicing of IT systems.

(vi) Data of contractual partners and service providers will be deleted 10 calendar years after termination of the contract or order.

(vii) The processing of contact data by service providers and business partners is necessary to execute the contract or order. If the data is not provided, communication can be disturbed.

9. Rights of data subjects and further information

We do not use any methods of automated individual decision-making.

You have the right to request information at any time about all your personal data which we are processing.

If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.

You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your data.

If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.

You have the right to object to the processing, insofar as the data processing is based on profiling or direct marketing purposes.

If the processing is carried out on the basis of the balancing of interests, you may object to the processing by stating reasons arising from your particular situation.

If the data processing takes place on the basis of your consent or a contract, you have the right to a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not impaired.

If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with future effect. The processing carried out prior to a revocation remains unaffected by the revocation.

Moreover, you have the right to file a complaint at any time with a data protection supervisory authority, if you believe that data processing has been carried out in violation of the applicable law.

Version: September 2020