The protection of personal data is important to us. University of Applied Management- Ghana has international university partners and therefore processing of personal data takes place in accordance with the applicable Data Protection Commission (DPC) of Ghana, under the Data Protection Act, 2012 (Act 843) of 1992 Constitution of Ghana, European and national legal provisions to protect the privacy of the individual and personal data by regulating the processing of personal information.

You can of course revoke your declaration of consent (s) at any time with effect for the future. For this, please contact the person responsible in accordance with § 1.

The following declaration gives an overview of what type of data is collected, how this data is used and passed on, what security measures we take to protect your data and how you can obtain information about the information given to us.

Legal basis for the processing of personal data
The Data Protection Act requires that a person shall not process personal data without the prior consent of the data subject unless the purpose for which the personal data is processed is (Section 20(2) of the Data Protection Act):

1. necessary for the purpose of a contract to which the data subject is a party;
2. authorised or required by law;
3. to protect a legitimate interest of the data subject;
4. necessary for the proper performance of a statutory duty; or
5. necessary to pursue the legitimate interest of the data controller or a third party to whom the data is supplied

A data subject may object to the processing of personal data, unless otherwise provided by law (Section 20(2) of the Data Protection Act). Where the data subject has objected to the processing of personal data, the person processing the personal data shall stop the processing (Section 20(3) of the Data Protection Act).

Section 21(1) of the Data Protection Act states that personal data should be collected directly from the data subject. However, data may be collected indirectly where (Section 21(2) of the Data Protection Act):

(a) the data is contained in a public record;

(b) the data subject has deliberately made the data public;

(c) the data subject has consented to the collection of the information from another source

The Data Protection Act notes that a data controller who records personal data shall not retain the personal data for a period longer than is necessary to achieve the purpose for which the data was collected and processed, except under certain exceptions including that the data subject has consented to the retention of the record, except where the personal data has been retained for historical, statistical, or research purposes (Section 24 of the Data Protection Act).

In addition, where a data controller holds personal data collected in connection with a specific purpose, further processing of the personal data shall be for that specific purpose.

The further processing of data is considered to be compatible with the purpose of collection where, among other things, the data subject consents to the further processing of the information (Section 25 of the Data Protection Act).

The Minister may through consultation with the DPC make supplementary regulations to specify further conditions for consent to be given (Section 94 of the Data Protection Act).

Data deletion and storage duration
The Data Protection Act establishes that a data controller who records personal data shall not retain the personal data for a period longer than is necessary to achieve the purpose for which the data was collected and processed, except under certain exceptions including that the retention of the record is required or authorised by law or that the retention of the record is reasonably necessary for a lawful purpose related to a function or activity (Section 24 of the Data Protection Act).

§ 1 Local Institution responsible and the data protection officer

(a) Name and address
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

University of Applied Management Ghana Campus
University Junction, Kwabenya Hills,
Off Pokuase ACP- Kwabenya Highway
Ga North Municipality, Accra
P.O. Box KN 2560, Accra-Ghana.

Tel: +233 24 8080961/+233 27 2007121
E-Mail: info@ghana.my-university.com
Website: www.ghana.my-university.com

 

(b) Name and address of the data protection officer
The data protection officer of the person responsible is:

The Commissioner
Data Protection Commission
East Legon, Paw Paw Street,
GPS: GA-414-1469,
P.O. Box CT7195, Accra
Tel.: +233-(0)30 2222 929
E-Mail: info@dataprotection.org.gh
Website: www.dataprotection.org.gh/

 

International Protection Officers

(c) Name and address of the person responsible

University of Applied Management GmbH
Steinheilstrasse 4
85737 Ismaning
Germany

Tel: +49 (0) 89 45354570
E-Mail: info@fham.de
Website: www.fham.de

 

(d) Name and address of the data protection officer
The data protection officer of the person responsible is:

Mr. Dieter Grohmann
akwiso
East Legon, Paw Paw Street,
Beethovenstraße 23
87435 Kempten, Germany
Tel.: +49 (0) 831 51247030
E-Mail: info@akwiso.de
Website: www.akwiso.de

 

§ 2 Definitions of Terms of Ghana data protection Commission

The data protection declaration should be easy to read and understand. To ensure this, the most important terms are explained below:

1. a) Data controller: Article 96 of the Data Protection Act defines a data controller to mean ‘a person who either alone, jointly with other persons or in common with other persons or as a statutory duty determines the purposes for and the manner in which personal data is processed or is to be processed.
2. b) Data processor: Section 96 of the Data Protection Act defines a data processor in relation to personal data to mean ‘any person other than an employee of the data controller who processes the data on behalf of the data controller.’ From the meaning of data processor under the Data Protection Act, a clear distinction is made between an employee of the data controller whose activities constitute the activities of the data controller and that of a data processor. In addition, the definition of the data processor subordinates the data processor to the data controller in the hierarchy of command in matters relating to personal data processing.

 

1. c) Personal data: Personal data is defined under the Data Protection Act to mean data about an individual who can be identified from the data or other information in the possession of or likely to come into the possession of the controller.

 

1. d) Sensitive data: Sensitive data is defined as information that relates to (Article 37 of the Data Protection Act):

• personal data relating to children;
• the race, colour, or ethnic or tribal origin of the data subject;
• the political opinion of the data subject;
• the religious beliefs or other beliefs of a similar nature, of the data subject;
• the physical, medical, mental health or mental condition, or DNA of the data subject;
• the sexual orientation of the data subject;
• the commission or alleged commission of an offence by the individual; and

proceedings for an offence committed or alleged to have been committed by the individual, the disposal of such proceedings or the sentence of any court in the proceedings.

1. e) Health data: Section 96 definition of ‘medical purposes’ includes the purposes of preventive medicine, medical diagnosis, medical research, provision of care and treatment, and the management of healthcare services by a medical or dental practitioner or a legally recognised traditional healer.
2. f) Biometric data: Under the Interpretation Act, 2009, Act 792, technical words are to be interpreted using their technical definition accorded to them. This approach means that the definition of biometric data in different legislation in Ghana would be the defining scope of this technical word. Where biometric is used in any legislation which is to be construed by an international industry term of art, then the meaning of such term of art would be given the same meaning for purposes of biometric data of a data subject under the Act.

 

1. Pseudonymisation: Under the Data Protection Act, personal data which is processed only for research purposes is exempt from its provisions if (a) the data is processed in compliance with the relevant conditions, and (b) the results of the research or resulting statistics are not made available in a form which identifies the data subject or any of them. The technical process of pseudonymisation where it achieves compliance with the provisions of the Data Protection Act therefore would be permissible as consistent with research purposes.
   h) Processoris a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.
   i) recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation under Union law or the law of the member states are not considered recipients.
   j) A third party  is a natural or legal person, public authority, agency or body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.
   k) Consent is any declaration of intent voluntarily given by the data subject in an informed manner and unambiguously in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that he or she agrees to the processing of the personal data concerning him or her .

 

European and National legal provisions

§ 3 Provision of the website and creation of log files

(1) If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we automatically collect the following data and information from the computer system of the calling computer every time the website is accessed:

1. The IP address of the user
2. Information about the browser type and the version used
3. The user’s operating system
4. The user’s internet service provider
5. Date and time of access
6. Websites from which the user’s system accessed the website
7. Websites that are accessed by the user’s system via our website
8. Content of the calls (specific pages)
9. Amount of data transferred in each case
10. Language and version of the browser software

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

(2) The legal basis for the temporary storage of log files is Art. 6 Para. 1 S. lit.f) GDPR.

(3) The temporary storage of the IP address by the system is necessary in order to

1. enable the website to be delivered to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.
2. to optimize the content of our website and the advertising for it
3. to ensure the functionality of our information technology systems and the technology of our website
4. To provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack

The storage in log files takes place in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, there is also our legitimate interest in data processing in accordance with Art. 6 Para. 1 S. 1 lit.f) GDPR.

(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected – in this case at the end of the usage process. If the data is stored in log files, this is the case after seven days at the latest. Any further storage is possible. In this case, the IP addresses are deleted or anonymized so that they can no longer be assigned to the calling client.

(5) The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website, which is why there is no possibility of objection.

§ 4 use of cookies

(1) This website uses so-called cookies.
Below you will find a list of cookies with a description of which are used.
Cookies are small text files that, as soon as you visit a website, are sent from a web server to your browser and stored locally on your device (PC, notebook, tablet, smartphone, etc.) and are stored on your computer and the user (i.e. us) send certain information. Cookies are used to make the website more customer-friendly and safer, in particular to collect usage-related information, such as the frequency of use and number of users of the pages and the behavior of the page usage. Cookies do not cause any damage to the computer and do not contain viruses. This cookie contains a characteristic string of characters (so-called cookie ID), which enables the browser to be clearly identified when the website is called up again.

Cookies used: Google Tag Manager

(2) Cookies are also saved when the browser session is ended and can be called up again when you visit the page again. However, cookies are stored on your computer and transmitted to our site from there. You therefore have full control over the use of cookies. If you do not want data to be collected via cookies, you can set your browser via the menu under “Settings” so that you are informed about the setting of cookies or that you can generally exclude the setting of cookies or delete cookies individually. However, it should be noted that deactivating cookies may restrict the functionality of this website. As far as session cookies are concerned, they will be automatically deleted after you leave the website.

§ 5 registration

(1) We offer you the option of registering on our website by providing personal data. The data is entered in an input mask and transmitted to us and stored. A transfer of this data to third parties does not take place unless there is a legal obligation to transfer or the transfer is used for criminal or legal prosecution.

The following data is collected during the registration process:

• Login name
• E-mail address
• IP address
• Date and time of registration

You can manage and change all information in the protected customer area. As part of
the registration process, the user’s consent to the processing of this
data is obtained.

(2) We use the so-called double opt-in procedure for registration. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to register. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. In addition, we save the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

(3) The legal basis for the processing of the data is Art. 6 Para. 1 S. 1 lit. a) GDPR with the consent of the user.
If the registration serves to fulfill a contract to which you are a party or to carry out pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 Para. 1 S. 1 lit. b) GDPR.

(4) Registration is required to have certain content and services available on our website as well as to prevent misuse and, if necessary, to investigate criminal offenses. (further description of the content and services)

Registration is required to fulfill the contract or to carry out pre-contractual measures. (further description of the contract; standards according to EGBGB and BGB)

(5) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
This is the case for the data collected during the registration process as soon as you delete your access. We also save the voluntarily provided data for the time until the account is deleted, unless you delete it yourself beforehand. This is the case for those during the registration process to fulfill a contract or to carry out pre-contractual measures when the data is no longer required for the execution of the contract. Even after the contract has been concluded, it may be necessary to store personal data of the contractual partner in order to meet contractual or legal obligations. Continuing obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and the storage of data for tax purposes. Which storage periods have to be adhered to cannot be specified in general terms, but must be determined in each individual case for the respective concluded contracts and contracting parties.

(6) If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations to prevent deletion.
Otherwise, you are free to have the personal data provided during registration completely deleted from the database of the person responsible for processing. The person responsible for processing will provide you with information on request at any time about which personal data is stored about the person concerned. Furthermore, the person responsible for processing corrects or deletes personal data at the request or advice of the person concerned, provided that there are no statutory retention requirements to the contrary. You can write to the person responsible or the data protection officer in accordance with § 1 at any time via email or post and request that the data be deleted / changed.

§ 6 e-commerce

(1) If you would like to register for one of our products, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your registration. Mandatory information required for processing the contracts is marked separately; further information is voluntary. The data is entered in an input mask and transmitted to us and stored.

The following data is collected during the registration process:

• Surname
• Address (possibly different billing address)
• E-mail address
• Phone number
• Bank details
• IP address
• Date and time of data entry

The data will only be passed on to third parties if the transfer is necessary for the purpose of processing the contract or for billing purposes or to collect the fee, or if you have given your express consent. In this regard, we only pass on the data required in each case.

The data recipients are:

• Collection agencies, insofar as the payment has to be collected (disclosure of name, address, contract details)
• The bank to collect the payment if the payment is made by direct debit
• accounting

(2) The legal basis is Art. 6 Para. 1 S. 1 lit. b) GDPR. With regard to the voluntary data, the legal basis for the processing of the data is Art. 6 Para. 1 S. 1 lit. a) GDPR.

(3) The compulsory information collected is required to fulfill the contract with the user (for the purpose of sending the goods and confirming the content of the contract). We therefore use the data to answer your inquiries, to process your order, if necessary to check the creditworthiness or to collect a claim and for the purpose of technical administration of the website. The voluntary information was provided to prevent abuse and, if necessary, to investigate criminal offenses. We can also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.

(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Due to commercial and tax law requirements, we are obliged to save your address, payment and order data for a period of ten years after the contract has been carried out. However, after two years we will restrict the processing, i. H. Your data will only be used to comply with legal obligations. If there is a continuing obligation between us and the user, we will store the data for the entire term of the contract and for a period of ten years thereafter (see above). With regard to the voluntarily provided data, we will delete the data two years after the execution of the contract, if no further contract is concluded with the user during this period; in this case, the data will be deleted two years after the last contract has been carried out. Statutory retention periods remain unaffected and take precedence.

(5) If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations to prevent deletion.
Otherwise, you are free to have the personal data provided during registration completely deleted from the database of the person responsible for processing. The person responsible for processing will give you information about which personal data is stored about you at any time upon request. Furthermore, the person responsible for processing corrects or deletes personal data at the request or advice of the person concerned, provided that there are no statutory retention requirements to the contrary. You can write to the person responsible or the data protection officer in accordance with § 1 at any time via email or post and request that the data be deleted / changed.

§7 transfer of personal data to third parties

Links to external websites
This website contains links to external websites. We are responsible for our own content. We have no influence on the content of external links and are therefore not responsible for them; in particular, we do not adopt their content as our own. If you are directed to an external page, the data protection declaration provided there applies. If you notice any illegal activities or content on this page, you are welcome to inform us. In this case we will check the content and react accordingly (notice and take down procedure).

Google Tag Manager
This website uses the Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags. This means: no cookies are used and no personal data is recorded. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been carried out at the domain or cookie level, it will remain in effect for all tracking tags, insofar as they are implemented with the Google Tag Manager.

§ 8 contact form and email contact

(1) There is a contact form on our website that can be used to contact us electronically. If you take advantage of this option, the data entered in the input mask will be transmitted to us and saved.

These data are:
• Title, first name, last name, telephone number, e-mail

When the message is sent, the following data is also stored:
• IP address of the user
• Date and time of registration

For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration.
Alternatively, you can contact us using the email address provided. In this case, the personal data transmitted with the email will be saved.
As far as this concerns information on communication channels (e.g. e-mail address, telephone number), you also consent that we may contact you via this communication channel in order to answer your request.
In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

(2) The legal basis for the processing of the data is Art. 6 Para. 1 S. lit. a) GDPR with the consent of the user. The legal basis for the processing of the data that is transmitted in the course of sending an email is Article 6 (1) sentence 1 lit.f) GDPR. If the aim of the email contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1S. 1 lit.b) GDPR.

(3) We only process the personal data from the input mask to process the contact. We will of course only use the data from your e-mail inquiries for the purpose for which you made them available to us when contacting us. If you contact us by e-mail, you have a legitimate interest in processing the data to answer it. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

(5) You have the option to withdraw your consent to the processing of your personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. Regarding the revocation of the consent / objection to the storage, we ask you to contact the person responsible or the data protection officer according to § 1 via email or post. In this case, all personal data stored in the course of contacting us will be deleted.

§ 9 Data protection provisions when using online lectures

In the case of online lectures, there is the possibility of image and sound recordings. At the start of the online lecture, the students will be informed about this in order to ensure their consent to the admission. Every student is informed about this when they log in to their course and their consent is formulated. All the basics about the scope of the consent, as well as the revocation, can be found here. Students who later join an online lecture must make themselves known to ensure their consent.

§ 10 data protection information for an empirical study

Participation in the study is voluntary. You have the option at any time to cancel your participation, refuse a follow-up participation, withdraw your given consent to participate and request the deletion of your data without incurring any disadvantages.

By participating in the study, you confirm that you have read the following data protection information and that you agree to the described data collection, analysis and storage.

For complaints within the meaning of the GDPR, please contact the authors of the study or the body responsible for them. You can find an overview of this at the end of this information.

 

 

1.	Implementing	Participant data protection notice
2.	Will the study be carried out with the participation of third parties?	Participant data protection notice
3.	Purpose of the study	Participant data protection notice
4th	Does the study involve scientific research in the public interest?	Participant data protection notice
5.	Estimated duration of the project in which the data will be collected and processed	Participant data protection notice
6th	Form of the data collected	Participant data protection notice
7th	What types of personal data are processed?	Participant data protection notice
8th.	Will the study data be used for any kind of profiling?	No (automatic decision-making with the resulting consequences) Example: Empirical study is carried out for an insurance company, who uses this data to create risk profiles.

 

9.	Shape of Data processing and storage	Describe exactly in which programs, software solutions and Online portals that collect and / or process data. In which countries is the data processed?   Word processing program MaxQDA (software for qualitative evaluation of interviews Germany)
10.	What happens to the data after analysis and evaluation?	Describe in detail here: Are the results published in a work, is the work under lock and key (blocking notice), with whom do copies of the raw data remain, will the data be deleted from the online platforms, will the data be passed on for other studies, etc.? Thesis Course instructor (data will be deleted from the online platform in accordance with legal requirements)
11.	Passing on the data to third parties	no Students and university only Type of data: interview guides, transcripts and audio files of the interviews
12th	Contact details in case of interest / revocation	Participant data protection notice
13.	Deletion of data	The deletion of personal data takes place within the legal deadlines. All legal requirements for archiving serve as a basis. After this period has expired, the data will be deleted in accordance with the provisions of the GDPR.
14th	Data security	All technical tools are subject to the assessment of data protection. The persons involved are trained and obliged to handle personal data.
15th	Contact the data protection officer for complaints	Data protection officer and auditor of the university Dieter Grohmann CEO    Phone: +49 (0) 831 / 5124-7030 Fax: +49 (0) 831 / 5124-7031 Beethovenstrasse 23 87435 Kempten – Berlin – Hamburg – Cologne / Bochum www.akwiso.de dg@akwiso.de     competent authority: Bavarian State Office for Data Protection Supervision Telephone: 0981 / 180093-0 Fax: 0981 / 180093-800 Email: poststelle@lda.bayern.de

 

§ 11 Unipark / questback surveys

Our service provider’s server park is reliably protected from external access. The extensively certified data center is subject to extremely high data protection and security requirements. according to ISO 27001 (“Information Security Management System Standard”) and SOC II (“Service Organization Control”). These certificates correspond to internationally recognized standards for IT security management and guarantee consistently high quality and security in the provision of services.
The legal requirements for order data processing are fully ensured on the basis of Art 28.

Audits
The data protection measures meet the highest standards. This high standard is checked regularly through audits by data protection officers and auditors. We and our service provider meet the legal requirements of the BDSG and the GDPR.

Encryption State-of-the-
art technologies and industry-proven methods are used to encrypt data during transmission.

Availability and data security
We guarantee the continuous availability of stored data. The production environment has extensive redundancy, which ensures availability in the event of an error.

Quality assurance
An experienced in-house IT and audit team for quality assurance and data protection checks procedures and processes in clearly defined time windows.

Measures for data protection and data security
Only those persons who are authorized to use a data processing system can only access this data. Personal data cannot be read, copied, changed or removed without authorization.
Personal data cannot be read, copied, changed or removed without authorization during electronic transmission or while it is being saved on a data carrier.
It can subsequently be checked and determined whether and by whom personal data has been entered, changed or removed in data processing systems.
Personal data that are processed in the order can only be processed in accordance with the instructions of the client.
Personal data are protected against accidental destruction or loss.

 

§ 12 rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
1. Right to information,
2. Right to correction,
3. Right to restriction of processing,
4. Right to erasure,
5. Right to information
6. Right to data portability.
7. Right to object to processing.
8. Right to withdraw consent under data protection
law. 9. Right not to apply an automated decision.
10. Right to lodge a complaint with a supervisory authority

1. Right to information
   (1) You can request confirmation from the person responsible as to whether we are processing personal data relating to you. If such processing is available, you can request information from the person responsible at any time free of charge about the personal data stored about you as well as about the following information:
   a) the purposes for which the personal data are processed;
   b) the categories of personal data that are processed;
   c) the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
   d) the planned duration of the storage of your personal data or, if specific information on this is not possible, criteria for determining the storage duration;
   e) the existence of a right to correction or deletion of your personal data, a right to restrict processing by the person responsible or a right to object to this processing;
   f) the right to lodge a complaint with a supervisory authority;
   g) all available information about the origin of the data if the personal data are not collected from the data subject;
   h) the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
   (2) You have the right to request information about whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
2. Right to correction
   You have the right to immediate correction and / or completion vis-à-vis the person responsible if the processed personal data concerning you is incorrect or incomplete.
3. Right to restrict the processing of
   (1) under the following conditions, you can demand the immediate restriction of the processing of personal data concerning by the person responsible:
   a) if you relevant personal challenge the accuracy of a duration that allows the person in charge, to check the correctness of the personal data;
   b) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
   c) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
   d) if you have objected to the processing in accordance with Art. 21 (1) GDPR and still do It is not certain whether the legitimate reasons of the person responsible outweigh your reasons.
   (2) If the processing of your personal data has been restricted, this data – apart from its storage – may only be permitted with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of a important public interest of the Union or a member state. If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
4. Right to deletion
   (1) You can request the person responsible to delete the personal data relating to you immediately if one of the following reasons applies:
   a) The personal data relating to you are for the purposes for which they were collected or otherwise processed were no longer necessary.
   b) You revoke your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.
   c) You object to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 Paragraph 2 GDPR.
   d) The personal data concerning you have been processed unlawfully.
   e) The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.
   f) The personal data relating to you were collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
   (2) If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 Paragraph 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs to inform the data processing officers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
   (3) The right to deletion does not exist if processing is necessary
   a) to exercise the right to freedom of expression and information;
   b) to fulfill a legal obligation that requires processing under the law of the Union or of the member states to which the person responsible is subject, or to carry out a task that is in the public interest or in the exercise of official authority vested in the person responsible ;
   c) for reasons of public interest in the area of ​​public health in accordance with Art. 9 Paragraph 2 lit. h and i and Art. 9 Paragraph 3 GDPR;
   d) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it, or
   e) for the establishment, exercise or defense of legal claims.
5. Right to information
   If you have asserted the right to correction, deletion or restriction of processing against the person responsible, the person responsible is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction / deletion / restriction of processing, unless , this proves to be impossible or involves a disproportionate effort. You have the right vis-à-vis the person responsible to be informed about these recipients.
6. Right to data portability
   (1) You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that
   a) the processing is based on consent in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract in accordance with Art. 6 Para. 1 lit. b GDPR and
   b) the processing is carried out using automated procedures.
   (2) In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible. This must not impair the freedoms and rights of other people.
   (3) The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible.
   (4) To assert the right to data portability, the person concerned can contact the person responsible for processing at any time.
7. Right of objection (1) You have the right to object at any time to the processing of your personal data based on Article 6 (1) (e) or (f) GDPR for reasons that arise from your particular situation; this also applies to profiling based on these provisions.
   (2) The person responsible will no longer process the personal data concerning you unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
   (3) If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
   (4) In connection with the use of information society services – regardless of Directive 2002/58 / EC – you have the option of exercising your right of objection by means of automated procedures that use technical specifications.
   (5) To exercise the right to object, the data subject can contact the person responsible for processing directly.
8. Right to withdraw
   your declaration of consent under data protection law You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal. You can contact the person responsible for this.
9. Automated decision in individual
   cases including profiling (1) You have the right not to be subject to a decision based solely on automated processing – including profiling – that has legal effects on you or similarly significantly affects you. This does not apply if the decision
   a) is necessary for the conclusion or performance of a contract between you and the person responsible,
   b) is permissible on the basis of Union or Member State legislation to which the person responsible is subject, and appropriate measures are taken to ensure compliance with this legislation Contain your rights and freedoms as well as your legitimate interests or
   c) is made with your express consent.
   (2) However, these decisions may not be based on special categories of personal data according to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g GDPR applies and appropriate measures to protect the rights and freedoms as well as your legitimate ones Interests were met.
   (3) With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to explain the own point of view and to contest the decision heard.
   (4) If the data subject wishes to assert rights with regard to automated decisions, they can contact the person responsible for processing at any time.
10. Right to lodge a complaint with a supervisory authority
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing is taking place the personal data concerning you violates the GDPR. The supervisory authority to which the complaint was submitted informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

§ 13 SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

§ 14 Changes to the privacy policy

We reserve the right to change our data protection practices and this policy in order to adapt them to changes in relevant laws or regulations or to better meet your needs. Any changes to our data protection practices will be announced here accordingly. Please note the current version date of the data protection declaration.
just. Please note the current version date of the data protection declaration.